C

Question 1

C2

Answer 1

Command and control

Servers that are centrally placed the hold control
instructions for illicitly managed hosts.

Question 2

CA

Answer 2

Certificate Authority

This entity issues certificates. After verifying them, and
is the center of trust in PKI.

Question 3

CAC

Answer 3

Common Access Card

A form of identification with photograph, barcode,
RFID and cryptographic storage of private key
information.

Question 4

CAPTCHA

Answer 4

Completely Automated Public Turing to Tell
Computers and Humans Apart

This is intended to prevent rogue automated attempts at
access.

Question 5

CAR

Answer 5

Corrective Action Report

A document generated when the defect or error has been
detected that has the goal of eliminating a reoccurrence.

Question 6

CASB

Answer 6

Cloud Access Security
Broker

A software resource place between users and cloud
applications that monitors and enforces policy-based
access to cloud resources.

Question 7

CBC

Answer 7

Cipher Block Chaining

Each plaintext block is XORed (see XOR) with the
immediately previous ciphertext block.

Question 8

CBT

Answer 8

Computer-Based Training

Courseware or lessons that are delivered via a computer,
commonly used for at home and corporate training.

Question 9

CCMP

Answer 9

Counter-Mode/CBC-Mac Protocol

Each plaintext block is XORed (see XOR) with the
immediately previous ciphertext block that includes a
message authentication code.

Question 10

CCTV

Answer 10

Closed-circuit Television

Allows monitoring and recording of activities in an
area.

Question 11

CER

Answer 11

Cross-over Error Rate

The point at which false acceptances are equal to false
rejection.

Question 12

CER

Answer 12

Certificate

A generic term for a document that facilitates
authentication.

Question 13

CERT

Answer 13

Computer Emergency Response Team

A multi-discipline group designated to handle IT
incidents.

Question 14

CFB

Answer 14

Cipher Feedback

A mode of operation for a block cipher.

Question 15

Chain of custody

Answer 15

Evidence control and management

The documentation of handling and protection of
evidence.

Question 16

CHAP

Answer 16

Challenge Handshake Authentication Protocol

Commonly used by routers and has several derivatives
in use by Microsoft for authentication.

Question 17

CIO

Answer 17

Chief Information Officer

The most senior official in an organization responsible
for the information technology and systems that support
enterprise.

Question 18

CIRT

Answer 18

Computer Incident Response Team

A group that investigates and resolves IT security
problems.

Question 19

CIS

Answer 19

Center for Internet Security

Its mission is to identify develop, promote, and lead the
world with regard to best practices for cybersecurity
solutions.

Question 20

CMP

Answer 20

Change Management Policy

An organizational process designed to facilitate making
changes to organizational resources in such a way that
they are identifiable, auditable, and orderly.

Question 21

CMS

Answer 21

Content Management System

These are applications that facilitate the creation,
editing, publishing and archival of web pages and
content.

Question 22

CN

Answer 22

Common Name

An identifying name that may be applied to a directory
resource, such as a user, server, or other object.

Question 23

COOP

Answer 23

Continuity of Operations Plan

Ensuring that vital and primary mission essential
functions continue to run, even in the face of
emergencies.

Question 24

COPE

Answer 24

Corporate Owned, Personally Enabled

Smart phones owned by the organization, but approved
for personal use.

Question 25

CP

Answer 25

Contingency Planning Procedures to follow in the event of a catastrophic incident, even though it may be unlikely.

Question 26

CRC

Answer 26

Cyclical Redundancy Check An error checking code, used in digital technology primarily to identify accidental changes to data.

Question 27

Crimeware

Answer 27

Cyber theft A class of malware that automates malicious activity.

Question 28

CRL

Answer 28

Certificate Revocation List This is maintained by a certificate authority to identify certificates associated with compromised or lost private keys.

Question 29

CSO

Answer 29

Chief Security Officer This official is responsible for development, oversight, mitigation and other risk strategies.

Question 30

CSP

Answer 30

Cloud Service Provider An organization that provides IaaS, PaaS or SaaS to an array of customers. An organization that provides cloud-based access to infrastructure, storage and/or applications.

Question 31

CSA

Answer 31

Cloud Security Alliance A nonprofit organization that promotes best practices in security for cloud-based computing.

Question 32

CSIRT

Answer 32

Computer Security Incident Response Team Information technology personnel whose purpose is to prevent, manage and coordinate actions about security incidents.

Question 33

CSR

Answer 33

Certificate Signing Request Created by an applicant seeking to gain a certificate from an authority.

Question 34

CSRF

Answer 34

Cross-site Request Forgery An attack wherein a message is spoofed from a user to a trusted site.

Question 35

CSU

Answer 35

Channel Service Unit A connecting device used to link an organization to telco-based T-services

Question 36

CTO

Answer 36

Chief Technology Officer The executive person tasked with identifying useful technology, IT strategies and partnerships.

Question 37

CTOS

Answer 37

Centralized terminal operating system. Legacy management.

Question 38

CTR

Answer 38

Counter This form of encryption is used by AES to perform streaming encryption.

Question 39

CVE

Answer 39

Common Vulnerabilities and Exposures A database of known and published software flaws that may impact security that is managed by MITRE.

Question 40

CVSS

Answer 40

Common Vulnerability Scoring System An empirical scheme for rating vulnerability severity based upon specific aspects of the vulnerability, environment, and nature of threats.

Question 41

CYOD

Answer 41

# Choose Your Own Device In this mode of control and acquisition, an employee chooses a device from a company provided list. Ownership may be personal or organization.