SEC+ Acronyms

Question 1

FIM

Answer 1

File Integrity Monitoring [detects if files have been altered]

Question 2

NAC

Answer 2

Network Access Control [used to control access based on users and their devices]

Question 3

SPF

Answer 3

Sender Policy Framework [used to prevent email spoofing and phishing attacks]

Question 4

MFA

Answer 4

Multi-Factor Authentication [used to protects accounts in case another factor is compromised]

Question 5

Logic Bomb

Answer 5

[code inserted into app or script set to execute in response to an event]

Question 6

RAT

Answer 6

Remote Access Trojan [malware that lets an attacker access a system remotely]

Question 7

Evil Twin Attack

Answer 7

targets Wi-Fi networks by mimicking an existing network

Question 8

Rootkit

Answer 8

Malware that gives a user administrative access to a system

Question 9

DMZ

Answer 9

Demilitarized Zone [a screen subnet on a network that contains systems accessible by clients or other networks on the Internet]

Question 10

LAN

Answer 10

Local Area Network

Question 11

VPN

Answer 11

Virtual Private Network

Question 12

Honeynets

Answer 12

Networks meant to distract attackers from legitimate networks

Question 13

Waterfall

Answer 13

methodology that includes multiple states, all of which feed into each other

Question 14

Scrum

Answer 14

a daily meeting

Question 15

ESP

Answer 15

Encapsulating Security Payload [used to provide encryption of data and provide confidentiality]

Question 16

AH

Answer 16

Authentication Header [allows each of the hosts in the IPSec to authenticate with each other before exchanging data]

Question 17

IPS

Answer 17

Intrusion Prevention System

Question 18

Static Code Analysis

Answer 18

testing method in which the app is not run but rather checked line by line.

Question 19

Fuzz Testing

Answer 19

random characters are input into a computer program to find vulnerabilities

Question 20

Dynamic Code Analysis

Answer 20

testing program while they’re running

Question 21

AAA

Answer 21

Authentication, Authorization and Accounting

Question 22

WPA3

Answer 22

used to encrypt Wi-Fi traffic

Question 23

WEP

Answer 23

outdated encryption method for Wi-Fi

Question 24

RADIUS

Answer 24

protocol for authentication, authorization and accounting

Question 25

EAP-TLS

Answer 25

Extensible Authentication Protocol-Transport Layer Security [widely used authentication protocol in Wi-Fi networks]

Question 26

Risk Transfer

Answer 26

transferring risk (entirely or partially) to another entity

Question 27

Risk Mitigation

Answer 27

applying controls for a risk

Question 28

Risk Acceptance

Answer 28

not taking any additional actions to mitigate a risk

Question 29

MTTR

Answer 29

Mean Time To Repair [the time needed to repair a failed device]

Question 30

MTTF

Answer 30

Mean Time To Failure [measure of reliability for devices that can't be repaired]

Question 31

ARO

Answer 31

Annual Rate of Occurrence [number of times an incident occurs within a year]

Question 32

ALE

Answer 32

Annual Loss Expectancy [total loss in dollars expected due to a specific incident]

Question 33

MOA

Answer 33

Memorandum of Agreement [agreement between multiple entities that outlines in detail the roles and responsibilities of the parties]

Question 34

SLA

Answer 34

Service Level Agreement [outlines expectations of a vendor to a client]

Question 35

BPA

Answer 35

Business Partner Agreement [outlines obligations between business partners]

Question 36

MOU

Answer 36

Memorandum of Understanding [understanding between two or more parties that states their intention to work toward a specific goal]

Question 37

ISA

Answer 37

Interconnection Security Agreement [specifies security requirements for a connection between multiple entities]

Question 38

PaaS

Answer 38

Platform as a Service [cloud computing platform for developing applications]

Question 39

LDAP

Answer 39

Lightweight Directory Access Protocol [used for accessing and altering directory services data at the application layer]

Question 40

FDE

Answer 40

Full Device Encryption

Question 41

AUP

Answer 41

Acceptable Use Policy [outlines the rules and behaviors expected of those using company systems or networks]

Question 42

NDA

Answer 42

Non-Disclosure Agreement [states an individual will not share confidential and proprietary data but doesn't outline how they should behave while using company systems]

Question 43

BYOD

Answer 43

Bring Your Own Device [policy that outlines how to manage and protect personal devices before the connect to the corporate network]

Question 44

CYOD

Answer 44

Choose Your Own Device [doesn't allow users to use their own personal devices on the network]

Question 45

COPE

Answer 45

Corporate-Owned Personally Enabled [doesn't allow personal devices on corporate network]

Question 46

CER

Answer 46

Crossover Error Rate [biometrics rate calculated by plotting FAR {False Acceptance Rate} and FRR {False Rejection Rate}]

Question 47

FAR

Answer 47

False Acceptance Rate [a higher FAR mean more unauthorized users are granted access]

Question 48

FRR

Answer 48

False Rejection Rate [means authorized users are not granted access]

Question 49

SHA

Answer 49

Secure Hash Algorithm [a hashing function used to verify data integrity]

Question 50

DH

Answer 50

Diffie-Hellman [a key exchange used for establishing a shared key]

Question 51

DES

Answer 51

Data Encryption Standard [encryption algorithm]

Question 52

AES

Answer 52

Advanced Encryption Standard [encryption algorithm]

Question 53

SSO

Answer 53

Single Sign-On [allow user to log into multiple systems after a single successful login]

Question 54

FTP

Answer 54

File Transfer Protocol [used to transfer files over a network]

Question 55

HMAC

Answer 55

Hash-Based Message Authentication [a hashing algorithm]

Question 56

MD5

Answer 56

Message Digest 5 [hashing algorithm]

Question 57

RIPEMD

Answer 57

RACE Integrity Primitives Evaluation Message Digest [hashing algorithm]

Question 58

SHA

Answer 58

Secure Hash Algorithm [a hashing algorithm]

Question 59

TPM

Answer 59

Trusted Platform Module [a hardware chip attached to a computer's motherboard capable of storing keys for full disk encryption {FDE}]

Question 60

FDE

Answer 60

Full Disk Encryption

Question 61

MFD

Answer 61

Multi-Functional Device [a printer that also performs actions such as scanning, copying and faxing]

Question 62

SED

Answer 62

Self-Encrypting Drive [automatically encrypts data]

Question 63

DLP

Answer 63

Data Loss Prevention [used to actively identify and stop data exfiltration]

Question 64

OCSP

Answer 64

Online Certificate Status Protocol [gives real-time info on the status of a certificate]

Question 65

DAC

Answer 65

Discretionary Access Control [access control method where the owner of a file determines who can access]

Question 66

MAC

Answer 66

Mandatory Access Control [uses classification levels on resources and clearance levels on uses]

Question 67

RBAC

Answer 67

Role-Based Access Control [grants access based on a user's defined role]

Question 68

ABAC

Answer 68

Attribute-Based Access Control [uses granular control based on attributes of users]

Question 69

DoS

Answer 69

Denial-of-Service [overloading an app or service on a system, which leads to resource exhaustion]

Question 70

IaaS

Answer 70

Infrastructure as a Service [provider give the customer computing resources such as servers, storage and networking]

Question 71

SaaS

Answer 71

Software as a Service [offers a full application to the customer]

Question 72

PaaS

Answer 72

Platform as a Service [offers an environment for developers to create application in the cloud]

Question 73

BaaS

Answer 73

Backup as a Service [offers solutions for backing up and restoring data]

Question 74

OSINT

Answer 74

Open-Source Intelligence Gathering [gathering intel through public sources]

Question 75

OWASP

Answer 75

Open Web Application Security Project [non-profit to help improve application security]

Question 76

ALE

Answer 76

Annualized Loss Expectancy

Question 77

SLE

Answer 77

Single Loss Expectancy

Question 78

ARO

Answer 78

Annualized Rate of Occurrence