Acronyms

Question 1

3DES

Answer 1

Triple Data Encryption Standard

A symmetric-key block cipher that applies the Data Encryption Standard algorithm three times to each data block for increased security.

Question 2

AAA

Answer 2

Authentication, Authorization, and Accounting

Core principles in network security and access control, where Authentication verifies users, Authorization determines their permissions, and Accounting tracks their actions for auditing purposes.

Question 3

ABAC

Answer 3

Attribute-based Access Control

A security model where access rights are granted based on attributes associated with the user, resource, and environment, allowing for granular control over access permissions.

Question 4

ACL

Answer 4

Access Control List

A list of permissions attached to an object that specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. In the context of network security, ACLs are commonly used to control traffic entering or leaving a network based on criteria such as IP addresses, protocols, and ports.

Question 5

AD

Answer 5

Active Directory

A centralized database that stores and manages network resources, such as user accounts, computers, and devices, in a Windows domain network, facilitating authentication, authorization, and directory services.

Question 6

AES

Answer 6

Advanced Encryption Standard

A widely-used symmetric encryption algorithm for securing sensitive data, commonly employed in various security protocols and applications.

Question 7

AES256

Answer 7

Advanced Encryption Standards 256bit

Advanced Encryption Standard with a key size of 256 bits, which is a widely used symmetric encryption algorithm offering strong security for protecting sensitive data in various applications and systems.

Question 8

AH

Answer 8

Authentication Header

A protocol used in IPsec (Internet Protocol Security) that provides authentication and integrity protection for IP packets, ensuring data origin authentication and integrity verification.

Question 9

AI

Answer 9

Artificial Intelligence

The simulation of human intelligence processes by machines, typically computer systems, including learning, problem-solving, and decision-making.

Question 10

AIS

Answer 10

Automated Indicator Sharing

A system for exchanging cybersecurity threat indicators and defensive measures between organizations in real-time to enhance collective defense capabilities.

Question 11

ALE

Answer 11

Annualized Loss Expectancy

A calculation used to estimate the potential financial loss to a system or organization due to a security breach or incident over the course of a year.

Question 12

AP

Answer 12

Access Point

A device that allows wireless devices to connect to a wired network using Wi-Fi technology.

Question 13

API

Answer 13

Application Programming Interface

A set of protocols, tools, and definitions that allows different software applications to communicate and interact with each other.

Question 14

APT

Answer 14

Advanced Persistent Threat

A sophisticated, prolonged cyberattack launched by skilled adversaries with the intention of gaining unauthorized access to a network or system over an extended period while remaining undetected.

Question 15

ARO

Answer 15

Annualized Rate of Occurence

The estimated frequency at which a specific threat is expected to occur within a year, aiding in risk assessment and mitigation strategies in cybersecurity contexts

Question 16

ARP

Answer 16

Address Resolution Protocol

A networking protocol used to map IP addresses to MAC addresses within a local network, facilitating communication between devices on the same subnet.

Question 17

ASLR

Answer 17

Address Space Layout Randomization

A security technique that randomizes the memory addresses used by system processes, making it harder for attackers to predict the location of specific code or data.

Question 18

ASP

Answer 18

Active Server Pages

A legacy web technology used to create dynamic web pages by embedding server-side scripts within HTML to generate content dynamically based on user interactions or database queries.

Question 19

ATT&CK

Answer 19

Adversarial Tactics, Techniques,
and Common Knowledge

A framework used to understand and classify cyber threats and attacks, helping security professionals anticipate, prevent, and respond to various security incidents effectively.

Question 20

AUP

Answer 20

Acceptable Use Policy

A set of rules and guidelines outlining the proper and permitted uses of an organization’s technology resources by its employees or users, typically addressing security concerns and acceptable behaviors.

Question 21

AV

Answer 21

Antivirus

Software designed to detect, prevent, and remove malicious software, such as viruses, worms, and Trojan horses, from computer systems.

Question 22

BASH

Answer 22

Bourne Again Shell

A command-line interpreter used in Unix-like operating systems, offering enhanced functionality over the original Bourne Shell with features like command-line editing and job control, often utilized in cybersecurity for scripting and automation tasks.

Question 23

BCP

Answer 23

Business Continuity Planning

The development of strategies and procedures to ensure an organization can continue operating during and after a disaster or disruption, aiming to minimize downtime and maintain critical functions.

Question 24

BGP

Answer 24

Border Gateway Protocol

A standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the internet.

Question 25

BIA

Answer 25

Business Impact Analysis

A process used to identify and prioritize potential impacts on business operations to ensure continuity and resilience in the face of disruptions or disasters.

Question 26

BIOS

Answer 26

Basic Input / Output System

Firmware used to perform hardware initialization during the booting process and provides runtime services for operating systems and programs.

Question 27

BPA

Answer 27

Business Partnership Agreement

A formal document outlining terms and conditions between business entities, often concerning collaboration, sharing resources, or joint ventures, relevant to security considerations within the business environment.

Question 28

BPDU

Answer 28

Bridge Protocol Data Unit

A message exchanged between switches in a spanning tree network to detect loops and select the best paths, ensuring network efficiency and preventing broadcast storms.

Question 29

BSSID

Answer 29

Basic Service Set Identifier

Question 30

BYOD

Answer 30

Bring Your Own Device

A policy allowing employees to use personal devices for work purposes, posing security challenges due to potential vulnerabilities and lack of control over these devices within an organizational network.

Question 31

CA

Answer 31

Certificate Authority

An entity responsible for issuing digital certificates that verify the identity of individuals, systems, or organizations in a public key infrastructure (PKI) environment.

Question 32

CAPTCHA

Answer 32

Completely Automated Public Turing
Test to Tell Computers and Humans Apart

A challenge-response test used to distinguish between humans and automated bots, typically implemented in online forms to prevent automated spam or abuse.

Question 33

CAR

Answer 33

Corrective Action Report

A document used to detail corrective measures taken to address security incidents or vulnerabilities identified during security assessments or audits, ensuring mitigation and improvement of security measures.

Question 34

CASB

Answer 34

Cloud Access Security Broker

A tool or service that helps organizations ensure security policies are enforced as data and applications move between on-premises environments and the cloud, offering visibility, compliance, and security controls.

Question 35

CBC

Answer 35

Cipher Block Chaining

A mode of operation for block ciphers in which each plaintext block is XORed with the previous ciphertext block before encryption, enhancing security through diffusion and preventing identical blocks of plaintext from producing the same ciphertext.

Question 36

CBT

Answer 36

Computer-based Training

A method of instruction delivery utilizing computer technology.

Question 37

CCMP

Answer 37

Counter-Mode/CBC-MAC Protocol

An encryption protocol used in Wi-Fi networks to provide confidentiality, integrity, and data origin authentication, particularly in the context of the WPA2 security standard.

Question 38

CCTV

Answer 38

Closed-Circuit Television

A system of video surveillance that uses cameras to monitor a specific area, typically for security purposes, with the footage being viewed on a limited set of monitors or devices within a closed system.

Question 39

CERT

Answer 39

Computer Emergency Response Team

A group responsible for coordinating responses to cybersecurity incidents within an organization or community, ensuring efficient and effective resolution of security threats and vulnerabilities.

Question 40

CFB

Answer 40

Cipher Feedback

A mode of operation for block ciphers where the output of the encryption of the previous block is XORed with the plaintext to generate the ciphertext for the current block, commonly used for stream ciphers and providing error propagation.

Question 41

CHAP

Answer 41

Challenge-Handshake Authentication Protocol

A network authentication protocol that validates the identity of a user by using a challenge-response mechanism, ensuring secure access to resources.

Question 42

CI/CD

Answer 42

Continuous Integration / Continuous Delivery

A software development practice where code changes are automatically integrated and delivered frequently, facilitating rapid and reliable software releases.

Question 43

CIO

Answer 43

Chief Information Officer

A senior executive responsible for overseeing the management and strategic implementation of an organization’s information technology infrastructure and policies.

Question 44

CIRT

Answer 44

Computer Incident Response Team

A group of experts responsible for managing and responding to cybersecurity incidents within an organization, aiming to minimize damage and restore normal operations swiftly.

Question 45

CIS

Answer 45

Center for Internet Security

A nonprofit organization that provides resources and guidance for cybersecurity best practices, often referenced in the context of security standards and benchmarks.

Question 46

CMDB

Answer 46

Configuration Management Database

A centralized database that stores information about the hardware and software components within an organization’s IT infrastructure, aiding in configuration management and tracking changes.

Question 47

CMS

Answer 47

Content Management System

A software application used to create, manage, and modify digital content, often used for websites, making content editing and publishing easier and more efficient.

Question 48

CN

Answer 48

Common Name

Refers to a component of X.509 certificates used to identify the entity associated with a public key, typically found in SSL/TLS certificates for web servers.

Question 49

COOP

Answer 49

Continuity of Operations Planning

Refers to the strategic process of ensuring essential functions can continue during and after a disaster, encompassing policies and procedures to maintain critical operations.

Question 50

COPE

Answer 50

Corporate-Owned Personally Enabled

Refers to a mobile device management strategy where organizations provide and manage the device while allowing users personal use within predefined parameters, often employed to balance security and user flexibility.

Question 51

CP

Answer 51

Contingency Planning

A proactive approach to identifying potential risks and creating strategies to mitigate and manage them effectively in the event of a disruption or disaster.

Question 52

CPU

Answer 52

Central Processing Unit

The primary component of a computer responsible for executing instructions and performing calculations, essentially acting as the brain of the system.

Question 53

CRC

Answer 53

Cyclic Redundancy Check

A method used to detect errors in data transmission by generating a unique checksum based on the data that can be recalculated at the receiving end to ensure data integrity.

Question 54

CRL

Answer 54

Certificate Revocation List

A record of digital certificates that have been revoked by the issuing certificate authority before their scheduled expiration date, typically due to security concerns or compromise.

Question 55

CSA

Answer 55

Cloud Security Alliance

A global organization focused on promoting best practices for securing cloud computing environments, providing guidance and resources for cloud security professionals.

Question 56

CSIRT

Answer 56

Computer Security Incident Response Team

A designated group responsible for coordinating and responding to cybersecurity incidents within an organization, ensuring effective incident management and mitigation strategies are in place.

Question 57

CSO

Answer 57

Chief Security Officer

The executive responsible for overseeing and implementing an organization’s security strategy, policies, and procedures to safeguard its assets and mitigate risks effectively.

Question 58

CSP

Answer 58

Cloud Service Provider

A company that offers cloud-based services, infrastructure, or platforms to businesses or individuals.

Question 59

CSR

Answer 59

Certificate Signing Request

A formal request sent to a Certificate Authority (CA) to apply a digital signature to a public key, typically used in SSL/TLS certificate issuance.

Question 60

CSRF

Answer 60

Cross-Site Request Forgery

An attack where an unauthorized command is executed on a user’s behalf without their consent, often exploiting the user’s active session on a trusted site.

Question 61

CSU

Answer 61

Channel Service Unit

A device that provides signal conversion and conditioning for data transmission over telecommunications lines, ensuring reliable communication between devices within a network.

Question 62

CTM

Answer 62

Counter-Mode

A cryptographic mode of operation that transforms a block cipher into a stream cipher, often used for encryption in wireless networks and VPNs, enhancing confidentiality and integrity.

Question 63

CTO

Answer 63

Chief Technology Officer

A senior executive responsible for overseeing the technological direction of a company, including strategies, innovations, and technical operations.

Question 64

CVE

Answer 64

Common Vulnerabilities and Exposure

A dictionary of publicly known information security vulnerabilities and exposures, providing standardized identifiers for tracking and sharing vulnerability information across different platforms and products, crucial for effective cybersecurity risk management and mitigation strategies.

Question 65

CVSS

Answer 65

Common Vulnerability Scoring System

A standardized method for assessing and scoring the severity of security vulnerabilities to help prioritize response efforts.

Question 66

CYOD

Answer 66

Choose Your Own Device

A policy that allows employees to select their preferred device from a list of approved options for work purposes, balancing user preference with organizational security and management considerations.

Question 67

DAC

Answer 67

Discretionary Access Control

A security model where access to resources is based on the discretion of the resource owner, allowing them to set access permissions for individual users or groups.