Acronyms A-E

Question 1

AAA

Answer 1

Authentication, Authorization, and Accounting

A security framework that ensures only authorized individuals are able to access resources.

Question 2

ABAC

Answer 2

Attribute Based Access Control

Evaluates attributes to determine the access.

Question 3

ACL

Answer 3

Access Control List

A list of rules that specifies which users or systems are granted or denied access to a particular object or system resource.

Question 4

AES

Answer 4

Advanced Encryption Standard

A specification for the encryption of electronic data established by NIST in 2001, much stronger than DES and triple DES.

Question 5

AIS

Answer 5

Automated Indicator Sharing

A service provided by CISA that enables real-time exchange of cyber threat indicators.

Question 6

APT

Answer 6

Advanced Persistent Threat

A type of cyber attack where an unauthorized user gains access to a system and remains undetected for an extended period.

Question 7

ARP

Answer 7

Address Resolution Protocol

A protocol used to map an IP address to a physical MAC address.

Question 8

ASLR

Answer 8

Address Space Layout Randomization

A technique used to prevent attackers from exploiting vulnerabilities by randomizing key data areas in memory.

Question 9

BCP

Answer 9

Business Continuity Planning

A strategy for ensuring an organization’s ability to prevent or recover from significant disruptions.

Question 10

BDPU Guard?

Answer 10

Bridge Protocol Data Units Guard

A feature that defends the layer 2 STP topology against BDPU-related threats.

Question 11

BIA

Answer 11

Business Impact Analysis

Identifies the operational and financial impacts resulting from the disruption of business functions.

Question 12

BIOS

Answer 12

Basic Input/Output System

Software stored on a memory chip that instructs the computer on basic functions like booting and hardware configuration.

Question 13

BLOB

Answer 13

Binary Large Object Storage

Used by cloud providers as a database for large amounts of text or binary data.

Question 14

BPA

Answer 14

Business Partnership Agreement

Agreement between two companies outlining contributions, responsibilities, and profit sharing.

Question 15

BYOD

Answer 15

Bring Your Own Device

A policy that allows employees to use personal devices to access company resources.

Question 16

CA

Answer 16

Certificate Authority

A trusted entity that issues digital certificates to verify identities.

Question 17

CAC

Answer 17

Common Access Card

A smart card used as standard identification for Active Duty United States Defense personnel.

Question 18

CASB.

Answer 18

Cloud Access Security Broker

Software/hardware that enforces security policies between users and cloud services.

Question 19

CAPTCHA

Answer 19

Completely Automated Public Turing test to tell Computers and Humans Apart

A challenge-response test used to distinguish between human and automated users.

Question 20

CBC

Answer 20

Cipher Block Chaining

A mode of operation for a block cipher where a sequence of bits are encrypted as a single unit.

Question 21

CER

Answer 21

Certificate

Security files provided by a Certificate Authority to help verify the authenticity of a website.

Question 22

CHAP

Answer 22

Challenge Handshake Authentication Protocol

A challenge-response identity authentication protocol that does not expose a password.

Question 23

CIA

Answer 23

Confidentiality, Integrity, and Availability

Known collectively as the CIA triad.

Question 24

CIRT

Answer 24

Computer Incident Response Team

A team responsible for responding to and mitigating cyber security incidents.

Question 25

COPE

Answer 25

Corporate-Owned, Personally-Enabled ## Footnote A policy allowing employees to use company-owned devices for personal use.

Question 26

CRC

Answer 26

Cyclic Redundancy Check ## Footnote A mathematical algorithm used to detect errors in data transmission.

Question 27

CRL

Answer 27

Certificate Revocation List ## Footnote The first phase of checking if a certificate is valid.

Question 28

CSA

Answer 28

Cloud Security Alliance ## Footnote A non-profit organization that provides resources to help Cloud Security Providers.

Question 29

CSRF

Answer 29

Cross-Site Request Forgery ## Footnote A web security vulnerability that allows an attacker to induce users to perform unintended actions.

Question 30

CSO

Answer 30

Chief Security Officer ## Footnote A senior-level executive responsible for overseeing an organization's security program.

Question 31

CSP

Answer 31

Cloud Service Provider ## Footnote A third-party company that provides scalable computing resources over a network.

Question 32

CSR

Answer 32

Certificate Signing Request ## Footnote A request made by a user or device to a certificate authority for a digital certificate.

Question 33

CSV

Answer 33

Comma Separated Values ## Footnote A file format used to store data in a table-like format.

Question 34

CVE

Answer 34

Common Vulnerabilities and Exposure ## Footnote A list of vulnerabilities created by MITRE.

Question 35

CVSS

Answer 35

Common Vulnerabilities Scoring System ## Footnote A ranking of vulnerabilities and their severity.

Question 36

CYOD

Answer 36

Choose Your Own Device ## Footnote A policy where the company has a set of devices for employees to choose for work.

Question 37

DAC

Answer 37

Discretionary Access Control ## Footnote Restricting access to objects based on the identity of the subject.

Question 38

DDoS

Answer 38

Distributed Denial of Service ## Footnote A cyber attack using multiple systems to flood a target server with traffic.

Question 39

DES

Answer 39

Data Encryption Standard ## Footnote A symmetric-key block cipher that is now considered insecure.

Question 40

DHCP

Answer 40

Dynamic Host Configuration Protocol ## Footnote A protocol used to automatically assign IP addresses and other network settings.

Question 41

DMZ

Answer 41

Demilitarized Zone ## Footnote A network segment isolated from the internal network for public-facing services.

Question 42

DNS

Answer 42

Domain Name System ## Footnote A system that translates domain names into IP addresses.

Question 43

DoS

Answer 43

Denial of Service ## Footnote A cyber attack that overwhelms a server with traffic, causing unavailability.

Question 44

DPO

Answer 44

Data Protection Officer ## Footnote Ensures that the organization is protecting personal data according to legislation.

Question 45

DRP

Answer 45

Disaster Recovery Plan ## Footnote Preparing for any type of disaster that could occur.

Question 46

EAP

Answer 46

Extensible Authentication Protocol ## Footnote An architectural framework providing extensibility for authentication methods.

Question 47

EFS

Answer 47

Encrypting File System ## Footnote A feature in Windows allowing files and folders to be encrypted using a user's public key.

Question 48

EMI

Answer 48

Electromagnetic Interference ## Footnote Interference caused by electromagnetic waves that disrupt electronic devices.

Question 49

EMP

Answer 49

Electromagnetic Pulse ## Footnote A burst of electromagnetic radiation that can damage electronic devices.

Question 50

ESP

Answer 50

Encapsulating Security Payload ## Footnote A protocol in IPSec responsible for the CIA triad of security.

Question 51

ALE

Answer 51

Annualized Loss Expectancy - a metric used to estimate the potential financial loss an organization could experience from a specific cyber security threat over a year

Question 52

ARO

Answer 52

Annual Rate of Occurrence - the estimated frequency or likelihood of a specific security incident happening within a given year