Security+ (SY0-601) Acronym List

Question 1

SOAR

Answer 1

Security Orchestration, Automation, Response
a collection of software solutions and tools that allow organizations to streamline security operations in three key areas: threat and vulnerability management, incident response, and security operations automation.

SOAR helps organisations to reduce mean time to detect (MTTD) and mean time to respond (MTTR) by enabling security alerts to be qualified and remediated in minutes, rather than days, weeks and months. SOAR also enables security teams to automate incident response procedures (known as playbooks).

Question 2

Code refactoring

Answer 2

In computer programming and software design, code refactoring is the process of restructuring existing computer code—changing the factoring—without changing its external behavior. Refactoring is intended to improve the design, structure, and/or implementation of the software, while preserving its functionality.

Question 3

PFS

Answer 3

Perfect Forward Secrecy
In cryptography, forward secrecy, also known as perfect forward secrecy, is a feature of specific key agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised.

Question 4

Regression testing

Answer 4

Regression testing is re-running functional and non-functional tests to ensure that previously developed and tested software still performs after a change. If not, that would be called a regression.

Question 5

RAS

Answer 5

Remote Access Server

Question 6

PUP

Answer 6

Potentially Unwanted ProgramPUPs is the acronym for Potentially Unwanted Programs. Also called bundleware, junkware, or PUAs (Potentially Unwanted Applications), PUPs are software programs that you likely didn’t want installed on your computer

Question 7

MTBF

Answer 7

Mean Time Between Failures

Question 8

PAP

Answer 8

Password Authentication Protocol

Question 9

SCAP

Answer 9

Security Content Automation Protocol(SCAP) is a multi-purpose framework of specifications that supports automated configuration, vulnerability and patch checking, technical control compliance activities, and security measurement.

Question 10

PoC

Answer 10

Proof of Concept

Question 11

IDEA

Answer 11

International Data Encryption AlgorithmInternational Data Encryption Algorithm (IDEA) is a once-proprietary free and open block cipher that was once intended to replace Data Encryption Standard (DES). Once called Improved Proposed Encryption Standard (IPES)I, DEA is a minor revision to the Proposed Encryption Standard (PES).

Question 12

3DES

Answer 12

Triple Data Encryption Standard
Triple Data Encryption Standard (DES) is a type of computerized cryptography where block cipher algorithms are applied three times to each data block. The key size is increased in Triple DES to ensure additional security through encryption capabilities. … Three keys are referred to as bundle keys with 56 bits per key.

Question 13

BIOS

Answer 13

Basic Input/Output System

Question 14

DBA

Answer 14

Database Administrator

Question 15

IAM

Answer 15

Identity and Access Management

Question 16

UTM

Answer 16

Unified Threat Management(UTM) is an approach to information security where a single hardware or software installation provides multiple security functions .

Question 17

staging server

Answer 17

A staging server is a type of server that is used to test a software, website or service in a production-similar environment before being set live. It is part of a staging environment or staging site, where it serves as a temporary hosting and testing server for any new software or websites.

Question 18

fuzz testing

Answer 18

Fuzz testing is used to identify coding
errors and security loopholes in an application.
By inputting a massive amount of random
data to the system in an attempt to make
it crash to identify if anything breaks
in the application

Question 19

symmetric encryption

Answer 19

Blowfish, AES, RC4, DES, RC5, and RC6 are examples of symmetric encryption. The most widely used symmetric algorithm is AES-128, AES-192, and AES-256. The main disadvantage of the symmetric key encryption is that all parties involved have to exchange the key used to encrypt the data before they can decrypt it.

Question 20

WAF

Answer 20

Web Application Firewall

Question 21

SQLi

Answer 21

SQL Injection

Question 22

asymmetric encryption

Answer 22

Asymmetric Key Encryption is based on public and private key encryption technique. It uses two different key to encrypt and decrypt the message.
Examples: Diffie-Hellman, ECC, El Gamal, DSA and RSA

Question 23

SDN

Answer 23

Software-defined Networking

Question 24

NGFW

Answer 24

Next-generation Firewall

Question 25

WIPS

Answer 25

Wireless Intrusion Prevention System

Question 26

UEM

Answer 26

Unified Endpoint Management

Question 27

RTOS

Answer 27

Real-time Operating System