Security+ Acronyms

Question 1

AAA - Authentication, Authorization, and Accounting

Answer 1

Access control framework

Question 2

ABAC

Answer 2

Attribute-Based Access Control — evaluates attributes for access

Question 3

ACL

Answer 3

Access Control List — permissions tied to resources

Question 4

AES

Answer 4

Advanced Encryption Standard — symmetric encryption

Question 5

APT

Answer 5

Advanced Persistent Threat — long-term targeted attack

Question 6

BCP

Answer 6

Business Continuity Plan — ensures operations after disruption

Question 7

BIA

Answer 7

Business Impact Analysis — identifies critical functions

Question 8

BYOD

Answer 8

Bring Your Own Device — policy for personal devices at work

Question 9

CA

Answer 9

Certificate Authority — issues digital certificates

Question 10

CIA

Answer 10

Confidentiality

Question 11

CRL

Answer 11

Certificate Revocation List — list of revoked certs

Question 12

CSRF

Answer 12

Cross-Site Request Forgery — web attack exploiting trust

Question 13

DAC

Answer 13

Discretionary Access Control — owner-based access

Question 14

DDoS

Answer 14

Distributed Denial of Service — flood of traffic attack

Question 15

DLP

Answer 15

Data Loss Prevention — prevents data exfiltration

Question 16

DNS

Answer 16

Domain Name System — resolves domain to IP

Question 17

DRP

Answer 17

Disaster Recovery Plan — restores systems after failure

Question 18

EDR

Answer 18

Endpoint Detection and Response — detects endpoint threats

Question 19

HIPS

Answer 19

Host-based Intrusion Prevention System — blocks host attacks

Question 20

IAM

Answer 20

Identity and Access Management — manages digital identities

Question 21

IPS

Answer 21

Intrusion Prevention System — detects and blocks attacks

Question 22

MFA

Answer 22

Multi-Factor Authentication — requires multiple factors

Question 23

NAC

Answer 23

Network Access Control — controls device access to network

Question 24

NAT

Answer 24

Network Address Translation — hides internal IPs

Question 25

OCSP

Answer 25

Online Certificate Status Protocol — checks cert validity

Question 26

OSINT

Answer 26

Open-Source Intelligence — gathers public threat info

Question 27

OT

Answer 27

Operational Technology — controls industrial systems

Question 28

PII

Answer 28

Personally Identifiable Information — sensitive user data

Question 29

PKI

Answer 29

Public Key Infrastructure — framework for certs and keys

Question 30

RADIUS

Answer 30

Remote Authentication Dial-In User Service — AAA protocol

Question 31

RTO

Answer 31

Recovery Time Objective — max downtime allowed

Question 32

RPO

Answer 32

Recovery Point Objective — max acceptable data loss

Question 33

RBAC

Answer 33

Role-Based Access Control — access via job roles

Question 34

SaaS

Answer 34

Software as a Service — cloud delivery model

Question 35

SCADA

Answer 35

Supervisory Control and Data Acquisition — ICS systems

Question 36

SDN

Answer 36

Software-Defined Networking — programmable networking

Question 37

SIEM

Answer 37

Security Information and Event Management — log correlation

Question 38

SLA

Answer 38

Service Level Agreement — defines service expectations

Question 39

SLE

Answer 39

Single Loss Expectancy — expected loss from one event

Question 40

SSO

Answer 40

Single Sign-On — single login for multiple systems

Question 41

TACACS+

Answer 41

Terminal Access Controller Access Control System Plus — AAA protocol

Question 42

TLS

Answer 42

Transport Layer Security — encrypts communication

Question 43

TPM

Answer 43

Trusted Platform Module — hardware key storage

Question 44

UTM

Answer 44

Unified Threat Management — consolidated security device

Question 45

VM

Answer 45

Virtual Machine — isolated computing instance

Question 46

VPN

Answer 46

Virtual Private Network — secure network tunnel

Question 47

XDR

Answer 47

Extended Detection and Response — unified threat response

Question 48

XSS

Answer 48

Cross-Site Scripting — web injection attack