Acronyms S-Z

Question 1

S/MIME

Answer 1

Secure/Multipurpose Internet Mail Extensions - standard for secure email messaging that provides encryption and digital signing capabilities.

Question 2

SAN

Answer 2

Storage Area Network - specialized, high-speed network that provides network access to storage devices. SANs are typically composed of hosts, switches, storage elements, and storage devices that are interconnected using a variety of technologies, topologies, and protocols

Question 3

SaaS

Answer 3

Software as a Service - a cloud computing model in which a third-party provider offers software applications.

Question 4

SAE

Answer 4

Simultaneous Authentication of Equals - key exchange protocol that provides stronger security and that replaced PSK in WPA2.

Question 5

SATCOM

Answer 5

Secure Satellite Communications - refers to the use of satellite technology for communication purposes, including voice, data, and video transmission.

Question 6

SCADA

Answer 6

Supervisory Control and Data Acquisition - a system used to control and monitor industrial processes.

Question 7

SCP

Answer 7

Secure Copy Protocol - a protocol used to securely transfer files between two devices.

Question 8

SHA

Answer 8

Secure Hash Algorithm - SHA stands for secure hashing algorithm. SHA is a modified version of MD5 and used for hashing data and certificates. A hashing algorithm shortens the input data into a smaller form that cannot be understood by using bitwise operations, modular additions, and compression functions.

Question 9

SID

Answer 9

Security Identifier - a unique identifier used to identify a user or group in Windows operating systems.

Question 10

SIEM

Answer 10

Security Information and Event Management - type of security solution that provides real-time analysis of security alerts and events generated by network hardware and applications.

Question 11

SLA

Answer 11

Service Level Agreement - a contract between a client and a service provider that defines cybersecurity expectations and responsibilities. Security standards: Minimum service levels, incident response times, and protection against cyber threats

Question 12

SNMP

Answer 12

Simple Network Management Protocol - a protocol used to manage and monitor network devices.

Question 13

SMTP

Answer 13

Simple Mail Transfer Protocol - a protocol used to send email messages between servers

Question 14

SOAR

Answer 14

Security Orchestration, Automation and Response - security technology that helps organizations automate and streamline their security operations and incident response processes.

Question 15

SoC

Answer 15

System on Chip - integrated circuit (IC) that combines various components of a computer or electronic system into a single chip

Question 16

SQL

Answer 16

Structured Query Language - a programming language used for managing and manipulating data in relational databases.

Question 17

SQLi

Answer 17

SQL Injection)- SQL injection is a code injection technique that might destroy your database. SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via web page input.

Question 18

SSH

Answer 18

Secure Shell - a protocol used for secure remote access to a device. Uses Port 22

Question 19

SSL

Answer 19

Secure Sockets Layer - SSL, or Secure Sockets Layer, is an encryption-based Internet security protocol. It was first developed by Netscape in 1995 for the purpose of ensuring privacy, authentication, and data integrity in Internet communications. SSL is the predecessor to the modern TLS encryption used today. A website that implements SSL/TLS has “HTTPS” in its URL instead of “HTTP”

Question 20

SSO

Answer 20

Single Sign-On - an authentication method that lets users access multiple applications and services using a single set of login credentials.

Question 21

STP

Answer 21

Spanning Tree Protocol - a protocol used to prevent loops in a network topology.

Question 22

STIX

Answer 22

Structured Threat Information Exchange - designed to support the sharing of cybersecurity threat intelligence between different organizations and cybersecurity technologies.

Question 23

TACACS+

Answer 23

Terminal Access Controller Access Control System Plus) - protocol used for providing centralized authentication, authorization, and accounting (AAA) services for network devices such as routers, switches, and firewalls.

Question 24

TAXII

Answer 24

Trusted Automated Exchange of Indicator Information - application protocol for exchanging Cyber Threat Intelligence over HTTPS. It works with STIX.

Question 25

TCP

Answer 25

Transmission Control Protocol - a protocol used to establish a reliable connection between two devices. Uses three way handshake.

Question 26

TOTP

Answer 26

Time Based One Time Password - TOTP uses a timestamp and a time-based factor to generate the password. Specifically, TOTP calculates the message authentication code based on the current time and a time interval (usually 30 seconds).

Question 27

TPM

Answer 27

Trusted Platform Module - chip on motherboard that can be used to store critical information such as encryption keys. TPM can be used for FDE (Full Disk Encryption).

Question 28

UAT

Answer 28

User Acceptance Testing - the final phase of the software testing process. In the UAT phase, real users test the software to ensure it works as expected in real-world scenarios.

Question 29

UBA

Answer 29

User Behaviour Analysis - checks whether user activity sticks out from their usual activity.

Question 30

UDP

Answer 30

User Datagram Protocol - a protocol used for sending datagrams over a network. Connectionless.

Question 31

UEFI

Answer 31

Unified Extensible Firmware Interface - modern version of BIOS. UEFI can be used for securely starting a device.

Question 32

URL

Answer 32

Uniform Resource Locator - a unique identifier used to locate a resource on the Internet. It is also referred to as a web address.

Question 33

VLAN

Answer 33

Virtual Local Area Network - a logical grouping of devices on a network that are grouped together based on factors such as function, department, or location, rather than physical location.

Question 34

VM

Answer 34

Virtual Machine - a software environment that emulates a physical computer.

Question 35

VPN

Answer 35

Virtual Private Network - a virtual private network, or VPN, is an encrypted connection over the Internet from a device to a network. The encrypted connection helps ensure that sensitive data is safely transmitted. It prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct work remotely. VPN technology is widely used in corporate environments.

Question 36

VTP

Answer 36

VLAN Trunking Protocol - proprietary protocol used by Cisco switches to exchange VLAN information. With VTP, you can synchronize VLAN information (such as VLAN ID or VLAN name) with switches inside the same VTP domain.

Question 37

WAF

Answer 37

Web Application Firewall - firewall used to protect web applications.

Question 38

WAP

Answer 38

Wireless Access Point) - network device that receives and transmits data over WLAN

Question 39

WEP

Answer 39

Wired Equivalent Privacy - wired equivalent privacy is meant to protect Wi-Fi transmissions by encrypting the data so outsiders who are not inside the encrypted network will not be able to read the messages or data contained within. WEP is better than no security at all, and it is still used on older devices that do not support WPA or WPA2.

Question 40

WIDS

Answer 40

Wireless Intrusion Detection System - a system used to detect unauthorized access to a wireless network.

Question 41

WPA

Answer 41

Wi-Fi Protected Access - a security protocol used for wireless networks. There is WPA, WPA2, WPA3.

Question 42

X.509

Answer 42

a standard for public key certificates used for authentication in network communication.

Question 43

XML

Answer 43

Extensible Markup Language - a markup language used for encoding documents in a format that is both human-readable and machine-readable.

Question 44

XSS

Answer 44

Cross-Site Scripting - a type of attack in which an attacker injects malicious code into a web page viewed by other users. Usually this code is javascript code. There are 3 main versions of XSS: DOM Based, Stored and Reflected XSS.

Question 45

SASE

Answer 45

Secure Access Service Edge - technology used to deliver wide area network and security controls as a cloud computing service

Question 46

SCAP

Answer 46

Security Content Automation Protocol - a set of open standards used to organize and express security-related information, enabling automated vulnerability management, policy compliance evaluation, and security measurement across different systems within an organization

Question 47

SLE

Answer 47

Single Loss Expectancy - estimated monetary loss an organization could expect to incur from a single occurrence of a specific security incident

Question 48

SPF

Answer 48

Sender Policy Framework - an email authentication protocol designed to prevent email spoofing by allowing domain owners to specify which mail servers are authorized to send emails on their behalf