Acronyms

Question 1

OSI Model

Answer 1

Open Systems Interconnection Model:
Physical
Data Link
Network
Transport
Session
Presentation
Application

Question 2

TLS

Answer 2

Transport Layer Security. Secure form of TCP

Question 3

RBAC

Answer 3

Role-based access control

Question 4

IP

Answer 4

Internet Protocol. Network layer

Question 5

AES

Answer 5

Advanced Encryption Standard. A symmetric block cipher chosen by the U.S. government to protect classified information.

Question 6

IT

Answer 6

Information Technology

Question 7

SAML

Answer 7

Security Assertion Markup Language
Open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider

Question 8

REST

Answer 8

REpresentational State Transfer. A type of software architecture that was designed to ensure interoperability between different Internet computer systems. REST works by putting in place very strict constraints for the development of web services.

Question 9

SOAP

Answer 9

Simple Object Access Protocol. A lightweight XML-based protocol that is used for the exchange of information in decentralized, distributed application environments. You can transmit SOAP messages in any way that the applications require, as long as both the client and the server use the same method.

Question 10

POSIX

Answer 10

Portable Operating System Interface
Standards for maintaining compatibility between operating systems

Question 11

ACID

Answer 11

Atomicity, Isolation, Durability. A set of properties of database transactions intended to guarantee data validity despite errors, power failures, and other mishaps.

Question 12

I/O

Answer 12

Input/Output. Describes any operation, program, or device that transfers data to or from a computer

Question 13

PNL

Answer 13

Profit and loss - talking about pre-sales

Question 14

PKI

Answer 14

Public Key Infrastructure

Question 15

API

Answer 15

Application Programming Interface -A mechanism whereby one software system asks another software system to perform a service.

Question 16

IIS Handler

Answer 16

Internet Information Services Handler. Components that are configured to process requests to specific content, typically to generate a response for the request resource. For example, an ASP.NET Web page is one type of handler.

Question 17

SSH

Answer 17

Secure Shell Protocol. A network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network

Question 18

GPUs

Answer 18

Graphic Processing Unit

Question 19

HTTP

Answer 19

Hypertext Transfer Protocol. Stateless Request Response Cycle. Application Layer.

Question 20

HTTPS

Answer 20

Hypertext Transfer Protocol Secure. Uses certificates. Application Layer

Question 21

TCP

Answer 21

Transmission Control Protocol. Alternative to UDP. Gives high importance to reliability over performance. Transport Layer

Question 22

UDP

Answer 22

User Datagram Protocol. Alternative to TCP/TLS. Prizes performance over reliability. Transport Layer

Question 23

SMTP

Answer 23

Simple Mail Transfer Protocol. Email Transfer Protocol. Application Layer.

Question 24

SAST

Answer 24

Static Application Security Testing. Testing methodology that analyzes source code to find security vulnerabilities that make your organization’s applications susceptible to attack. Scans before code is compiled.

Question 25

DAST

Answer 25

Dynamic Application Security Testing. Process of analyzing a web application through the front-end to find vulnerabilities through simulated attacks. Scans after code is compiled.

Question 26

SCA

Answer 26

Software composition analysis. Process that identifies the open source software in a codebase.

Question 27

RACI

Answer 27

Responsible, accountable, consulted, and informed

Question 28

CIA Triad

Answer 28

Security. Confidentiality, Integrity, and Availability

Question 29

DHCP

Answer 29

Dynamic Host Configuration Protocol. A network management protocol used on Internet Protocol networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client–server architecture.

Question 30

VLAN

Answer 30

A virtual local area network is any broadcast domain that is partitioned and isolated in a computer network at the data link layer. In this context, virtual refers to a physical object recreated and altered by additional logic, within the local area network.

Question 31

CDN

Answer 31

Content Delivery Network. A group of geographically distributed servers that speed up the delivery of web content by bringing it closer to where users are.

Question 32

DDoS

Answer 32

Distributed denial-of-service attack. Occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers.

Question 33

802.1Q

Answer 33

This is the most common trunking protocol. It’s a standard and supported by many vendors, used in VLAN trunking.

Question 34

SNI

Answer 34

Server Name Indication. An extension to TLS that allows multiple hostnames to be served over HTTPS from the same IP address

Question 35

CA

Answer 35

Certificate Authority. A trusted entity that issues Secure Sockets Layer (SSL) certificates

Question 36

UAT

Answer 36

User acceptance testing. Also called application testing or end-user testing. User acceptance testing validates the testing done at the end of the development cycle.

Question 37

IPS

Answer 37

Intrusion Prevention System. A network security tool (which can be a hardware device or software) that continuously monitors a network for malicious activity and takes action to prevent it, including reporting, blocking, or dropping it, when it does occur.

Question 38

IDS

Answer 38

Intrusion Detection System. A monitoring system that detects suspicious activities and generates alerts when they are detected. Based upon these alerts, a security operations center (SOC) analyst or incident responder can investigate the issue and take the appropriate actions to remediate the threat.

Question 39

MSP

Answer 39

Managed Service Provider

Question 40

SOC

Answer 40

Security Operations Center. The SOC is responsible for protecting enterprises against cyberattacks

Question 41

GRC

Answer 41

Governance, risk management, and compliance. A holistic framework that helps organizations protect their data while operating efficiently and within the bounds of the law. The three components are interrelated yet distinct:

Governance ensures that organizational activities align with business objectives and stakeholder expectations.

Risk management involves identifying, assessing, and mitigating risks that could hinder the organization’s operations.

Compliance ensures adherence to both external regulations and internal policies.

Question 42

CIDR

Answer 42

Classless Inter-Domain Routing is an IP address allocation method that improves data routing efficiency on the internet.

Question 43

SIEM

Answer 43

Security Information and Event Management. A system or solution that aggregates large amounts of data regarding threat investigations. Because of this, SIEM is crucial for any organization looking to analyze and mitigate threats.

Question 44

SLO

Answer 44

Service Level Objective is an agreement within an SLA about a specific metric like uptime or response time.

Question 45

SLA

Answer 45

Service Level Agreement. It refers to a document that outlines a commitment between a service provider and a client, including details of the service, the standards the provider must adhere to, and the metrics to measure the performance.

Question 46

DORA

Answer 46

DevOps Research and Assessment provides a standard set of DevOps metrics used for evaluating process performance and maturity. These metrics provide information about how quickly DevOps can respond to changes, the average time to deploy code, the frequency of iterations, and insight into failures.

Question 47

SSL

Answer 47

Secure Sockets Layer. It is a standard technology for securing an internet connection by encrypting data sent between a website and a browser (or between two servers).

Question 48

OWASP

Answer 48

Open Web Application Security Project. A non-profit group focused on security of software.