Security + Acronyms

Question 1

Which of the following answers refers to a unique 48-bit address assigned to every network adapter?
SSID, MAC or PIN ?

Answer 1

MAC (Media Access Control)

A unique 48-bit (6-byte) hardware identifier assigned to every network interfaces/ adapter.

Analogy: Like a fingerprint for your network card.

Question 2

In older, non-UEFI based PCs, the first sector of a storage drive containing information about partitions and a piece of executable code used to load the installed OS is called:

MBR, GPT or GUID ?

Answer 2

MBR (Master Boot Record)

The first sector of a storage device that contains boot instructions and partition table.
Analogy: Like a table of contents and startup instructions for your hard drive.

Question 3

In cloud computing, users on an on-premises network take advantage of a transit gateway to connect to:

VPC, VLAN or Wan ?

Answer 3

VPC (Virtual Private Cloud)

An isolated cloud computing environment within a public cloud.
Analogy: Like having a private office suite in a shared office building.

Question 4

Which of the answers listed below refer to DSA? (Select 3 answers)

Answer 4

DSA (Digital Signature Algorithm)

A method used for digital signatures to verify authenticity. Like signing a contract electronically, used for generating and verifying digital signatures.

1. Asymmetric algorithm
2. Provides authentication, integrity, and non-repudiation
3. Specifically designed for creating and verifying digital signatures

Question 5

Which of the answers listed below describe(s) the characteristics of ECDSA? (Select all that apply)

Answer 5

ECDSA (Elliptic Curve Digital Signature Algorithm)

Based on elliptic curve cryptography Its a digital signature method that provides strong security with smaller keys. Like a compact but powerful lock, used for generating and verifying digital signatures.

1. Provides authentication, integrity, and non-repudiation.
2. Based on elliptic curve cryptography.
3. Specifically designed for creating and verifying digital signatures.
4. More computationally efficient than other signature algorithms

Question 6

Which of the following answers refers to a deprecated stream cipher used in some legacy applications, such as WEP?

DES, RC4 or RSA

Answer 6

RC4 (Rivest Cipher 4)

A stream cipher (now considered insecure) once used in SSL/TLS and WEP.
Analogy: Like a broken lock that shouldn’t be used anymore.

Question 7

Which of the answers listed below refers to a wireless network authentication protocol that enhances security by encapsulating the authentication process within an encrypted TLS tunnel?

PEAP, EAP or LEAP ?

Answer 7

PEAP (Protected Extensible Authentication Protocol)

Encapsulates EAP within a TLS tunnel for secure authentication. Analogy: Like having a private conversation inside a soundproof booth.

Question 8

A type of metric used to evaluate the profitability of an investment by comparing the return generated from the investment relative to its cost is referred to as:

ROA, ROI or ROS ?

Answer 8

ROI (Return on Investment)

Measurement of the profitability of an investment. Analogy: Like calculating if the money you put into security is actually saving you money.

Question 9

Which of the answers listed below refers to an identifier used for objects in a PKI, such as CAs, digital certificates, and public key algorithms?

OID, GUID or DN ?

Answer 9

OID (Object Identifier)

A unique string of numbers that identifies objects in computing. Analogy: Like a social security number for software components.

Question 10

Which of the following answers refers to a solution designed to strengthen the security of session keys?

ECB, PFS or EFS?

Answer 10

PFS (Perfect Forward Secrecy)

Ensures session keys can’t be derived from long-term keys if compromised. Analogy: Like using disposable keys that self-destruct after each use.

Question 11

Which of the answers listed below refers to a twisted-pair copper cabling type not surrounded by any shielding that would provide protection against interference from outside sources?

UTP, Twinax or STP ?

Answer 11

UTP (Unshielded Twisted Pair)

Common network cable type (e.g., Cat5e, Cat6). Analogy: Like the standard electrical wiring for your network.

Question 12

Which of the following terms refers to a technology that enables real-time audio and video communication between individuals or groups?

VPC, VTC or VoIP ?

Answer 12

VTC (Video Teleconferencing)

Secure video communication systems. Analogy: Like a high-security boardroom meeting over video.

Question 13

A dedicated data storage solution that combines multiple disk drive components into a single logical unit to increase volume size, performance, or reliability is known as:

SAN, RAID or JBOD ?

Answer 13

RAID (Redundant Array of Independent Disks)

Data storage virtualisation technology. Analogy: Like having multiple copies of your important files on different shelves.

Question 14

Which of the answers listed below can be used to describe XSRF? (Select 3 answers)

Answer 14

XSRF (Cross-Site Request Forgery)

Attack that tricks users into executing unwanted actions. Analogy: Like someone forging your signature on a check while you’re logged in to your bank.

1. Exploits the trust a website has in the user’s web browser.
2. Website executes attacker’s requests.
3. A user is tricked by an attacker into submitting unauthorised web requests.

Question 15

Which of the following answers can be used to describe the characteristics of an XSS attack? (Select 3 answers)

Answer 15

XSS (Cross-Site Scripting)

Injection attack where malicious scripts are executed in web pages.
Analogy: Like someone slipping a poisoned note into a stack of papers you’re about to read.

1. Exploits the trust a user’s web browser has in a website.
2. A malicious script is injected into a trusted website.
3. User’s browser executes attacker’s script.

Question 16

Which of the answers listed below refers to an encoding method (and a file format) for storing cryptographic objects such as X.509 certificates, CRLs, and private keys?

FIM, PEM or PFS?

Answer 16

PEM (Privacy Enhanced Mail)

Base64 encoded format for certificates and keys. Analogy: Like a standardised envelope for sending digital security credentials.

Question 17

Which of the following answers refers to a centralised server that is used to distribute cryptographic keys and authenticate users and services within a computer network?

PKI, KDC or RAS ?

Answer 17

KDC (Key Distribution Centre)

Part of Kerberos that authenticates users and issues tickets. Analogy: Like a passport office that issues travel documents after verifying your identity.

Question 18

An AI feature that enables it to accomplish tasks based on training data without explicit human instructions is called:

AGI, ML, LLM ?

Answer 18

ML (Machine Learning)

AI that improves automatically through experience. Analogy: Like a security guard that gets smarter the more threats they see.

Question 19

Which data packet type is specifically used to detect and prevent network loops in Ethernet networks?

MTU, BPDU or Jumbo Frame ?

Answer 19

BPDU (Bridge Protocol Data Unit)

Messages exchanged in spanning tree protocol (STP) networks. Analogy: Like traffic signals between network bridges to prevent loops.

Question 20

Which of the answers listed below refers to a key exchange protocol that generates temporary keys for each session, providing forward secrecy to protect past and future communications?

DHE, PFS or SHA ?

Answer 20

DHE (Diffie-Hellman Ephemeral)

Key exchange method that generates temporary session keys. Analogy: Like creating a secret handshake that changes every time you meet.

Question 21

Which of the following terms refers to a method for managing infrastructure resources through scripts and templates?

IaaS, IaC or ML ?

Answer 21

IaC (Infrastructure as Code)

Managing and provisioning infrastructure through machine-readable files.
Analogy: Like writing a recipe to automatically build your network environment.

Question 22

Which of the following answers refers to a cybersecurity framework that combines network and security functions into a single cloud-based service?

SASE, SOAR or SIEM ?

Answer 22

SASE (Secure Access Service Edge)

Converges network and security services into cloud-delivered platform.
Analogy: Like having a security checkpoint in the cloud for all your network traffic.

Question 23

A process used by organizations to assess and evaluate the potential impact of disruptive incidents or disasters on their critical business functions and operations is referred to as:

BIA, BPA or BCP ?

Answer 23

BIA (Business Impact Analysis)

Process to determine potential effects of disruption to business functions. Analogy: Like a stress test for your business operations.

Question 24

Which of the answers listed below refers to one of the last stages in SDLC?

UCD, UAT or AUT ?

Answer 24

UAT (User Acceptance Testing)

Final testing phase where end users verify the system. Analogy: Like a test drive before buying a new car.

Question 25

Which cipher mode transforms a block cipher into a stream cipher enabling the encryption of individual bits or bytes of data? ECB, CBC or CFB ?

Answer 25

CFB (Cipher Feedback) Mode of operation for block ciphers that turns them into stream ciphers. Analogy: Like converting a safe into a continuous stream of mini-locks.

Question 26

Which of the following answers refers to a deprecated encryption protocol? SSH, SHA-256 or SSL ?

Answer 26

SSL (Secure Sockets Layer) Deprecated predecessor to TLS for encrypted communications. Analogy: Like the old, less secure version of a secret conversation protocol.

Question 27

A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as: API, DLL or EXE ?

Answer 27

DLL (Dynamic Link Library) Shared library files in Windows used by multiple programs. Analogy: Like a shared toolbox that different programs can use.

Question 28

A block cipher mode that combines a unique counter with encryption key to generate a stream of pseudorandom data blocks which are then used for encrypting data is called: CFB, CTM or CBC ?

Answer 28

CTM (Counter Mode) Block cipher mode that turns block ciphers into stream ciphers. Analogy: Like converting a vault into a flowing stream of small safes.

Question 29

Which of the following combines a cryptographic hash function with a secret key to provide a means of verifying both the authenticity and integrity of a message or data? MD5, HMAC or DSA ?

Answer 29

HMAC (Hash-based Message Authentication Code) Combines cryptographic hash with secret key for message authentication. Analogy: Like a tamper-evident seal for your digital messages.

Question 30

What is the fastest way for checking the validity of a digital certificate? CRL, OSPF or OCSP?

Answer 30

OCSP (Online Certificate Status Protocol) A real-time protocol that checks if a digital certificate has been revoked before it expires. Unlike static CRL lists, OCSP provides live validation. Analogy: A bouncer checking your ID's validity with the DMV before letting you in.

Question 31

Which of the terms listed below refers to a process of intercepting network traffic data for analysis and troubleshooting purposes? AIS, EDR or PCAP ?

Answer 31

PCAP (Packet Capture) The raw data collected from network traffic, often saved in .pcap files for analysis. Used for troubleshooting and security investigations. Analogy: A security camera recording all conversations in a building.

Question 32

In a Kerberos-protected network, this type of secure token is granted to users during their initial login to enable them access to multiple network services without the need to re-enter their login information. OTP, TGS or TGT ?

Answer 32

TGT (Ticket-Granting Ticket) In Kerberos authentication, this is the initial credential that allows users to request access to specific services without re-entering credentials. Analogy: A festival wristband that lets you access all venues without showing your ticket each time.

Question 33

Which of the following answers refers to a language primarily used for automating the assessment of security vulnerabilities and configuration issues on computer systems? OVAL, SAML or XML ?

Answer 33

OVAL (Open Vulnerability and Assessment Language) An XML-based standard used to define and detect system vulnerabilities, configurations, and patches across platforms. Analogy: A universal recipe for finding security flaws in any system.

Question 34

A remote access authentication protocol used primarily in Microsoft networks that periodically re-authenticates client at random intervals to prevent session hijacking is known as: PEAP, CHAP or MSCHAP ?

Answer 34

MSCHAP (Microsoft Challenge-Handshake Authentication Protocol) An encrypted authentication method where the server challenges the client to prove identity without sending plaintext passwords. Analogy: A secret knock that proves you belong, without saying the password out loud.

Question 35

Which of the acronyms listed below refers to a formal and legally binding document that specifies detailed terms, obligations, and responsibilities of all parties involved? SOW, MOU or MOA ?

Answer 35

MOA (Memorandum of Agreement) A formal but non-binding document outlining collaboration terms between parties. Less detailed than a contract but more structured than an MOU. Analogy: A written pinky promise between organizations.

Question 36

Which of the following answers refers to CSRF?

Answer 36

CSRF (Cross-Site Request Forgery) A type of malicious attack where unauthorised commands are transmitted from a user's browser to a web application without their knowledge or consent, often leading to actions being taken on their behalf.

Question 37

ARP provides: FQDN-to-IP mapping, MAC-to-IP mapping or IP-to-MAC mapping ?

Answer 37

ARP (Address Resolution Protocol) A network protocol that maps dynamic IP addresses to physical MAC addresses on a local network. Vulnerable to spoofing attacks. Analogy: A school attendance sheet matching names (IPs) to faces (MACs).

Question 38

A set of procedures put in place to recover IT systems and data following a major disruption is called: BIA, BCP or DRP ?

Answer 38

DRP (Disaster Recovery Plan) A documented process to restore IT systems and data after catastrophic events like cyberattacks or natural disasters. Analogy: A fire escape plan for your digital infrastructure.

Question 39

Which of the answers listed below refers to a network protocol used for synchronising clocks over a computer network? VTP, RTP or NTP?

Answer 39

NTP (Network Time Protocol) Synchronises clocks across networked devices to ensure accurate timestamps, critical for logging and security. Analogy: A conductor keeping all orchestra instruments in perfect time.

Question 40

An integrated circuit combining components typically found in a standard computer system is referred to as: SoC, BIOS or HSM ?

Answer 40

SoC (System on a Chip) A microchip that integrates all components of a computer (CPU, RAM, storage) into a single unit. Common in IoT and mobile devices. Analogy: A Swiss Army knife of computing—everything in one compact tool.

Question 41

Which of the answers listed below refers to a protocol used by routers, hosts, and network devices to generate error messages and troubleshoot problems with delivery of IP packets? CCMP, ICMP or RSTP ?

Answer 41

ICMP (Internet Control Message Protocol) A network protocol used by devices to send error messages and operational information (e.g., "ping" requests). Essential for network troubleshooting but can be abused in attacks. Analogy: Like a walkie-talkie system that network devices used to say "I'm here!" or "This path is blocked!"

Question 42

Which of the following terms refer to the characteristic features of DSL? (Select 3 answers)

Answer 42

DSL (Digital Subscriber Line) Provides internet over traditional copper telephone lines, offering slower speeds than fiber but wider availability. Analogy: Delivering Netflix through old-school telephone wires. 1. Copper cabling 2. Telephone lines 3. Last mile solutions

Question 43

Which of the answers listed below refers to a mobile device deployment model that allows employees to use private mobile devices for accessing company's restricted data and applications? JBOD, BYOD or CYOD ?

Answer 43

BYOD (Bring Your Own Device) A policy allowing employees to use personal devices for work, requiring strong security controls. Analogy: Letting workers use their own cars for deliveries—but requiring GPS and alarms.

Question 44

What is the name of a U.S. government initiative providing a set of procedures and plans that an organisation can implement to ensure continued performance of its essential functions during unexpected events? RPO, BCP, COOP ?

Answer 44

COOP (Continuity of Operations Plan) Ensures essential functions continue during disruptions (like cyberattacks or disasters). Focuses on maintaining critical services. Analogy: A backup generator for your most vital business operations.

Question 45

Which of the following answers refers to a policy framework that allows domain owners to specify how email receivers should handle emails that fail authentication checks? DKIM, SPF or DMARC ?

Answer 45

DMARC (Domain-based Message Authentication, Reporting & Conformance) Email security protocol that uses SPF and DKIM to prevent spoofing. Tells receivers what to do with failed emails (quarantine/reject). Analogy: A fraud-detection system for your email domain.

Question 46

A cloud-based solution that provides ongoing oversight and supervision of IT assets and services is called: PaaS, SaaS or MaaS ?

Answer 46

MaaS (Monitoring as a Service) Cloud-based service that provides real-time monitoring of systems, networks, or applications. Analogy: A 24/7 security guard you rent instead of hiring.

Question 47

Which of the following terms is used to describe all aspects of software development? SDLM, SDLC or PLC ?

Answer 47

SDLM (Software Development Lifecycle Management) Tools and processes to oversee the entire software development process (planning to deployment). Analogy: A project manager for building software from start to finish.

Question 48

Which of the answers listed below refers to a markup language for exchanging authentication and authorisation data? XML, SAML or XHTML ?

Answer 48

SAML (Security Assertion Markup Language) XML-based standard for Single Sign-On (SSO). Allows secure authentication across systems. Analogy: A universal passport for logging into multiple services.

Question 49

What are the characteristic features of SAML? (Select 3 answers)

Answer 49

SAML (Security Assertion Markup Language) XML-based standard for Single Sign-On (SSO). Allows secure authentication across systems. Analogy: A universal passport for logging into multiple services. 1. Handles both authentication and authorisation for SSO. 2. Uses XML for data exchange. 3. Commonly used in enterprise environments and legacy systems.

Question 50

Which DNS TXT records are used for spam management? (Select 3 answers)

Answer 50

DMARC, DKIM and SPF 1. DMARC (Domain-based Message Authentication, Reporting & Conformance) Email security protocol that uses SPF and DKIM to prevent spoofing. Tells receivers what to do with failed emails (quarantine/reject). Analogy: A fraud-detection system for your email domain. 2. DKIM (DomainKeys Identified Mail) A method for validating that an email was sent by an authorised sender and hasn’t been tampered with. It adds a digital signature to the email header, like a seal of authenticity. 3. SPF (Sender Policy Framework) A protocol that helps prevent email spoofing by verifying that the sender’s IP address is authorised to send emails for that domain. It’s like a guest list for your email server.

Question 51

Which of the following terms can be used as a synonym for an aerial drone? USV, UAP or UAV ?

Answer 51

UAV (Unmanned Aerial Vehicle) A drone operated remotely or autonomously, used for surveillance, delivery, or reconnaissance. Think of it as a flying robot spy or courier.

Question 52

A software development approach that aims for speedy application creation and continuous improvement through iterative development and user collaboration is referred to as: FDD, DevOps or RAD ?

Answer 52

RAD (Rapid Application Development) A software development methodology emphasizing quick prototypes and iterative updates. Analogy: Building a car by quickly testing and improving each part.

Question 53

Which of the protocols listed below is referred to as a connectionless, unreliable, or best-effort protocol? MPLS, SMTP or UDP ?

Answer 53

UDP (User Datagram Protocol) A fast but unreliable network protocol (no error-checking). Used for video streaming/gaming. Analogy: Sending postcards without tracking, fast but no guarantee they arrive.

Question 54

Which of the following answers refers to a software tool that provides a single management interface for mobile devices, PCs, printers, IoT devices and wearables? MDM, UEM or MAM ?

Answer 54

UEM (Unified Endpoint Management) Manages all devices (laptops, phones, IoT) from one platform. Combines MDM and traditional IT tools. Analogy: A universal remote control for every company device.

Question 55

Which of the answers listed below refers to a technology that allows USB devices to act as both hosts and peripherals, enabling them to connect to and communicate with other USB devices directly without the need for a computer or dedicated host? PnP, OTG or HCI?

Answer 55

OTG (On-The-Go) USB standard allowing devices (like phones) to act as hosts for peripherals (keyboards, drives). Analogy: Turning your phone into a mini-computer.

Question 56

Which of the answers listed below refers to a set of procedures put in place to recover IT systems and data following a major disruption? IRP, DRP or ERP ?

Answer 56

DRP (Disaster Recovery Plan) Steps to restore systems/data after major incidents (cyberattacks, outages). Analogy: A fire drill for your IT infrastructure.

Question 57

Which of the following acronyms refers to a senior executive responsible for technology-related decision-making and planning? CIO, CSO or CTO ?

Answer 57

CTO (Chief Technology Officer) Executive overseeing tech strategy, innovation, and implementation in a company. Analogy: The captain of the tech ship, steering innovation.

Question 58

Which of the following acronyms refers to a document that authorises, initiates, and tracks the progress and completion of a particular job or task? SOW, WO or MSA?

Answer 58

WO (Work Order) A formal document that authorizes, initiates, and tracks the progress/completion of a specific job or task. It includes details like scope, timeline, and responsible parties. Think of it as a "to-do list with authority" for teams or contractors.