Acronyms

Question 1

PFI

Answer 1

payment card industry forensic investigators

Question 2

FISMA

Answer 2

federal information security modernization act, for federally employed/contracted infosec workers

Question 3

GLBA

Answer 3

Gramm Leach Bliley Act, US federal law for financial information

Question 4

GDPR

Answer 4

general data protection regulation, EU security and privacy requirements

Question 5

FERPA

Answer 5

family educational rights and privacy act, security/privacy requirements for US student records

Question 6

SOX

Answer 6

sarbanes oxley act, US federal law for corporate financial reporting

Question 7

STIX

Answer 7

structured threat information eXpression, XML language

Question 8

TAXII

Answer 8

trusted automated exchange of intelligence information protocol

Question 9

OASIS

Answer 9

organization for the advancement of structured information standards, manages STIX

Question 10

NPSA

Answer 10

national protective security agency, UK security agency

Question 11

SCAP

Answer 11

security content automation protocol, NIST standardized approach for communicating security related information i.e. CVE

Question 12

CCE

Answer 12

common configuration enumeration

Question 13

CPE

Answer 13

common platform enumeration i.e. hardware, software, OS

Question 14

CVE

Answer 14

common vulnerabilities and exposures

Question 15

CVSS

Answer 15

common vulnerability scoring system

Question 16

XCCDF

Answer 16

extensible configuration checklist description format, defines security checklists, benchmarks, and configuration rules

Question 17

OVAL

Answer 17

open vulnerability and assessment language, specifies low level testing procedures used by checklists

Question 18

COBIT

Answer 18

control objectives for information and related technologies

Question 19

ISACA

Answer 19

information systems audit and control association, organization that developed COBIT

Question 20

SSAE

Answer 20

statement on standards for attestation engagements, standards for audits

Question 21

ROT13

Answer 21

rotate 13 substitution cipher

Question 22

SHS

Answer 22

secure hash standard aka FIPS 180

Question 23

FIPS

Answer 23

federal information processing standards

Question 24

HMAC

Answer 24

hash based authentication code, algorithm for partial digital signature

Question 25

DER

Answer 25

distinguished encoding rules, binary format for certificates stored in .der .crt or .cer

Question 26

PEM

Answer 26

privacy enhanced mail, binary format for certificates stored in .pem or .crt

Question 27

PFX

Answer 27

personal information exchange, windows binary certificate format stored in .pfx or .p12

Question 28

P7B

Answer 28

windows certificates stored in ASCII

Question 29

EAP

Answer 29

extensible authentication protocol, commonly used for wireless networks

Question 30

802.1X

Answer 30

IEEE standard for NAC used for authenticating devices trying to connect to a network

Question 31

RADIUS

Answer 31

remote authentication dial in user service, AAA system that can operate in TCP or UDP and uses md5 hash for sending passwords

Question 32

TACACS+

Answer 32

terminal access controller access control system plus, uses TCP traffic to provide AAA services and full packet encryption

Question 33

LDAP

Answer 33

lightweight directory access protocol, used for IAM to make directories of contact information

Question 34

SAML

Answer 34

security assertion markup language, xml standard for exchanging authentication/authorization information

Question 35

FIDO

Answer 35

fast identity online, protocol used for passwordless authentication

Question 36

PAM

Answer 36

privileged access management

Question 37

FRR

Answer 37

false rejection rate

Question 38

FAR

Answer 38

false acceptance rate

Question 39

ROC

Answer 39

receiver operating characteristic

Question 40

JIT

Answer 40

just in time, permissions granted and revoked as needed

Question 41

PDU

Answer 41

power distribution unit, provides power management remotely for server racks and other environments

Question 42

SAN

Answer 42

storage area network

Question 43

NAS

Answer 43

network attached storage

Question 44

CSA

Answer 44

cloud security alliance

Question 45

CCM

Answer 45

cloud controls matrix

Question 46

YAML

Answer 46

YAML ain't markup language, human readable format for data like configuration files

Question 47

SWG

Answer 47

secure web gateways, monitor rules to block/allow traffic

Question 48

CASB

Answer 48

cloud access security broker, software tools that are intermediaries between users and service providers. Can be inline or API based.

Question 49

SCT

Answer 49

security compliance toolkit, microsoft tools that work with Windows security baseline

Question 50

SED

Answer 50

self encrypting drive

Question 51

SCADA

Answer 51

supervisory control and data acquisition, large systems that run power and water distribution

Question 52

ICS

Answer 52

industrial controls system, industrial automation

Question 53

RTU

Answer 53

remote telemetry units, collect data from sensors and programmable logic controllers

Question 54

PLC

Answer 54

programmable logic controller, control and collect data from industrial devices

Question 55

MPLS

Answer 55

multiprotocol label switching, uses data labels rather than network addresses to establish paths between endpoints

Question 56

SASE

Answer 56

secure access service edge, combines multiple security tools into one cloud service such as vpns, SDWAN, firewalls, SWGs, zero trust networks

Question 57

CAM

Answer 57

content addressable memory, used to lookup data by content rather than addresses used by switches and routers

Question 58

MAC

Answer 58

media access control, unique identifier assigned to a network access card

Question 59

STP

Answer 59

spanning tree protocol, prevents loops in ethernet networks

Question 60

BPDU

Answer 60

bridge protocol data unit guard, protects STP by preventing ports that shouldn't send BPDUs from sending them

Question 61

DHCP

Answer 61

dynamic host configuration protocol, assigns IPs and other network configuration settings to devices on a network

Question 62

DKIM

Answer 62

DomainKeys Identified Mail, signs messages with a private key to verify sender identity

Question 63

SPF

Answer 63

sender policy framework, specifies which email servers can be used for a domain

Question 64

DMARC

Answer 64

domain based message authentication reporting and conformance, uses SPF and DKIM to determine if an email is authentic

Question 65

ICMP

Answer 65

internet control message protocol, network layer protocol used to send error messages and operational information between network devices

Question 66

NAT

Answer 66

network address translation, assigns devices a public IP address that can be shared with other devices on the network

Question 67

SNMP

Answer 67

simple network management protocol, used to monitor and manage network devices

Question 68

MIB

Answer 68

management information base, stores information about network devices

Question 69

SIP

Answer 69

session initiation protocol, used to initiate/terminate real time communication such as voice/video calls and IMs

Question 70

RTP

Answer 70

realtime transport protocol, delivers audio and video over IP networks in real time

Question 71

NTP

Answer 71

network time protocol, synchronizes clocks on devices across a network

Question 72

BGP

Answer 72

border gateway protocol, manages how packets are routed across the internet by exchanging routing information between networks

Question 73

S/MIME

Answer 73

secure/multipurpose internet mail extensions, provides the ability to encrypt and sign MIME data for email attachments. Requires a certificate to send and receive.

Question 74

IPSec

Answer 74

internet protocol security, includes AH and ESP

Question 75

AH

Answer 75

authentication header, authenticates IP packets with hashing and a shared secret key

Question 76

ESP

Answer 76

encapsulating security protocol, provides integrity and authentication for packets

Question 77

SSP

Answer 77

security simple pairing, bluetooth pairing method wherein a device generates a number which must be confirmed on the other device

Question 78

SAE

Answer 78

simultaneous authentication of equals, password authentication paired with shared secret key exchange

Question 79

CCMP

Answer 79

counter mode with cipher block chaining message authentication protocol, encryption used in WPA2

Question 80

UEM

Answer 80

unified endpoint management for mobile, IoT, desktop devices and more

Question 81

MAM

Answer 81

mobile application management

Question 82

MMS

Answer 82

multimedia messaging service

Question 83

Netflow

Answer 83

cisco protocol that monitors network traffic and captures metadata

Question 84

EXIF

Answer 84

exchangeable image file format, photo metadata

Question 85

RCA

Answer 85

root cause analysis

Question 86

EDRM

Answer 86

electronic discovery reference model, nine stage model describing the discovery process for digital forensics

Question 87

CFReDS

Answer 87

computer forensic data sets by NIST used for testing, evaluating, training

Question 88

MSA

Answer 88

master service agreements, umbrella contract between a vendor and organization

Question 89

SLA

Answer 89

service level agreement, written contract specifying conditions of service provided and remediations if expectations aren't met

Question 90

MOU

Answer 90

memorandum of understanding, informal letter documenting aspects of a business relationship

Question 91

MOA

Answer 91

memorandum of agreement, formal document outlining terms and details of an agreement between parties

Question 92

BPA

Answer 92

business partners agreements, specifies responsibilities and profit shares of a partnership

Question 93

CBT

Answer 93

computer based training in relation to cybersecurity for employees

Question 94

ERM

Answer 94

enterprise risk management

Question 95

KRI

Answer 95

key risk indicator

Question 96

BIA (2 meanings)

Answer 96

bluetooth impersonation attack, business impact analysis

Question 97

MTBTF

Answer 97

mean time between failures

Question 98

MTTR

Answer 98

mean time to repair