Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

ISC2 Certified in Cybersecurity CC/Acronyms/Part 1

Acronym study

ISC2 CC Acronyms — Part 1 of 26

Terms 1–30 of 754 ISC2 CC acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.

Part 1 of 26Part 2 →

Term 1

2FA

Two-factor authentication (2FA) is a security method that requires two different types of proof before granting access to an account or system.

Full entry →
Full 2FA glossary entry →

Term 2

802.1X

802.1X is a network access control standard that authenticates devices before they are allowed to connect to a wired or wireless network.

Full entry →
Full 802.1X glossary entry →

Term 3

AAA

AAA (Authentication, Authorization, and Accounting) is a security framework that controls who can access a network, what they are allowed to do, and tracks what they did.

Full entry →
Full AAA glossary entry →

Term 4

ABAC

ABAC (Attribute-Based Access Control) is a method of controlling access to resources by evaluating a set of attributes (such as user role, time, location, and device) against policy rules, rather than using static roles or identities.

Full entry →
Full ABAC glossary entry →

Term 5

Acceptable use policy

An acceptable use policy is a set of rules that an organization creates to define how employees and other users may use its computer systems, networks, and data.

Full entry →
Full Acceptable use policy glossary entry →

Term 6

Access control

Access control is the security practice of determining who or what is allowed to view, use, or enter a resource, and under what conditions.

Full entry →
Full Access control glossary entry →

Term 7

Access Control List

An Access Control List is a set of rules that decides which traffic is allowed or denied entry to a network or device.

Full entry →
Full Access Control List glossary entry →

Term 8

Access review

An access review is a periodic audit process where administrators check and confirm which users have permissions to what resources, ensuring only authorized people retain access.

Full entry →
Full Access review glossary entry →

Term 9

Access Transparency

Access Transparency is the practice of logging and monitoring all access requests to cloud service provider infrastructure by the provider's personnel, giving customers visibility into who accessed their data and when.

Full entry →
Full Access Transparency glossary entry →

Term 10

Account lockout

Account lockout is a security feature that temporarily disables a user account after a set number of failed login attempts to prevent unauthorized access.

Full entry →
Full Account lockout glossary entry →

Term 11

Accountability

Accountability is the security principle that ensures actions and identity are linked so that a person or system can be held responsible for their activities.

Full entry →
Full Accountability glossary entry →

Term 12

ACL

An Access Control List is a set of rules that determines who or what can access specific network resources or data.

Full entry →
Full ACL glossary entry →

Term 13

Administrative control

An administrative control is a policy, procedure, or guideline designed to manage and reduce security risk through people and processes rather than technology alone.

Full entry →
Full Administrative control glossary entry →

Term 14

Administrative unit

An Administrative unit is a container in Microsoft Entra ID that allows you to delegate administrative permissions over a subset of users, groups, or devices, rather than the entire directory.

Full entry →
Full Administrative unit glossary entry →

Term 15

Advanced Encryption Standard

Advanced Encryption Standard (AES) is a widely used symmetric encryption algorithm that protects electronic data by converting readable information into a scrambled format that can only be unscrambled with the correct secret key.

Full entry →
Full Advanced Encryption Standard glossary entry →

Term 16

Adware

Adware is software that automatically displays or downloads unwanted advertisements, often bundled with free programs, and may track user behavior without clear consent.

Full entry →
Full Adware glossary entry →

Term 17

AH

AH (Authentication Header) is an IPsec protocol that provides connectionless integrity, data origin authentication, and anti-replay protection for IP packets.

Full entry →
Full AH glossary entry →

Term 18

AH

AH (Authentication Header) is an IPsec protocol that provides connectionless integrity, data origin authentication, and anti-replay protection for IP packets.

Full entry →
Full AH glossary entry →

Term 19

ALE

ALE (Annualized Loss Expectancy) is a risk management formula that estimates the yearly monetary loss from a specific threat to an asset.

Full entry →
Full ALE glossary entry →

Term 20

Alert

An alert is a notification that something unusual or potentially harmful has happened in a computer system or network.

Full entry →
Full Alert glossary entry →

Term 21

Alert fatigue

Alert fatigue is the desensitization and overwhelming feeling security analysts experience when they receive so many security alerts that they begin to ignore or miss them.

Full entry →
Full Alert fatigue glossary entry →

Term 22

Alias record

An Alias record is a DNS record type that maps a hostname to another hostname, seamlessly routing traffic to AWS resources like load balancers or CloudFront distributions.

Full entry →
Full Alias record glossary entry →

Term 23

Analysis

In incident response, analysis is the process of examining data and events to determine what happened, how it happened, and what actions to take.

Full entry →
Full Analysis glossary entry →

Term 24

Anonymization

Anonymization is the process of removing or altering personally identifiable information so that an individual cannot be identified, directly or indirectly, from the remaining data.

Full entry →
Full Anonymization glossary entry →

Term 25

Ansible

Ansible is an open-source automation tool that IT professionals use to configure systems, deploy software, and manage infrastructure without needing to install agent software on every managed machine.

Full entry →
Full Ansible glossary entry →

Term 26

Anti-malware

Anti-malware is software that detects, prevents, and removes malicious software from computers, networks, and devices.

Full entry →
Full Anti-malware glossary entry →

Term 27

Anti-malware policy

An anti-malware policy is a set of rules and procedures that an organization enforces to prevent, detect, and remove malicious software from its computers and networks.

Full entry →
Full Anti-malware policy glossary entry →

Term 28

Anti-phishing policy

An anti-phishing policy is a set of rules and technical controls that organizations use to detect, block, and respond to email or message-based attacks that trick users into revealing sensitive information.

Full entry →
Full Anti-phishing policy glossary entry →

Term 29

Anti-spam policy

An anti-spam policy is a set of rules and filters used by email systems to automatically detect and block unwanted, unsolicited, or harmful messages before they reach a user's inbox.

Full entry →
Full Anti-spam policy glossary entry →

Term 30

Antivirus

Antivirus is software that detects, prevents, and removes malicious software (malware) from a computer or network.

Full entry →
Full Antivirus glossary entry →
Part 2 →

Acronym parts

Part 1currentPart 2Part 3Part 4Part 5Part 6Part 7Part 8Part 9Part 10Part 11Part 12Part 13Part 14Part 15Part 16Part 17Part 18Part 19Part 20Part 21Part 22Part 23Part 24Part 25Part 26

Study resources

All ISC2 CC Acronyms→ISC2 CC Practice Tests→ISC2 CC Study Guide→Exam Domains→