Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

ISC2 Certified in Cybersecurity CC/Acronyms/Part 11

Acronym study

ISC2 CC Acronyms — Part 11 of 26

Terms 301–330 of 754 ISC2 CC acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.

← Part 10Part 11 of 26Part 12 →

Term 301

IAM

Identity and Access Management (IAM) is a framework of policies and technologies that ensures the right individuals have the appropriate access to technology resources.

Full entry →
Full IAM glossary entry →

Term 302

IAM group

An IAM group is a collection of IAM users in a cloud or identity system that simplifies permission management by allowing you to assign policies to multiple users at once.

Full entry →
Full IAM group glossary entry →

Term 303

IAM misconfiguration

An IAM misconfiguration occurs when identity and access management settings are incorrectly set, granting too many or too few permissions to users or services, which can lead to security breaches or operational failures.

Full entry →
Full IAM misconfiguration glossary entry →

Term 304

IAM policy

An IAM policy is a set of rules that determines who can access specific cloud resources and what actions they are allowed to perform.

Full entry →
Full IAM policy glossary entry →

Term 305

IAM role

An IAM role is a set of permissions that an entity can assume temporarily to access cloud resources securely.

Full entry →
Full IAM role glossary entry →

Term 306

IAM user

An IAM user is an identity created in AWS Identity and Access Management that represents a person or service interacting with AWS resources, with its own credentials and permissions.

Full entry →
Full IAM user glossary entry →

Term 307

ICMP

ICMP is a network-layer protocol used by network devices to send error messages and operational information about network connectivity.

Full entry →
Full ICMP glossary entry →

Term 308

ICS

An ICS is a system of networked devices used to monitor and control industrial processes, such as manufacturing or power generation.

Full entry →
Full ICS glossary entry →

Term 309

Idempotency

Idempotency means that an operation can be performed multiple times without changing the result beyond the first application.

Full entry →
Full Idempotency glossary entry →

Term 310

Identity as security perimeter

A security model where trust is determined by user identity and context rather than the network location, treating identity itself as the primary boundary for access control.

Full entry →
Full Identity as security perimeter glossary entry →

Term 311

Identity proofing

Identity proofing is the process of verifying that a person is who they claim to be before granting access to systems or data.

Full entry →
Full Identity proofing glossary entry →

Term 312

Identity protection

Identity protection is the set of policies, technologies, and practices used to secure digital identities and prevent unauthorized access to systems and data.

Full entry →
Full Identity protection glossary entry →

Term 313

Identity provider

An identity provider (IdP) is a system that creates, stores, and manages digital identities and authenticates users for other applications and services.

Full entry →
Full Identity provider glossary entry →

Term 314

IDS

An IDS is a security system that monitors network or system traffic for suspicious activity and alerts administrators to potential threats, but does not actively block them.

Full entry →
Full IDS glossary entry →

Term 315

IIoT

IIoT (Industrial Internet of Things) connects industrial machines and sensors to networks for data collection, analysis, and automation in manufacturing, energy, and utilities.

Full entry →
Full IIoT glossary entry →

Term 316

IKE

IKE (Internet Key Exchange) is a protocol used to set up a secure, authenticated communication channel between two parties by establishing and managing the Security Associations for IPsec.

Full entry →
Full IKE glossary entry →

Term 317

Impact

Impact is the measure of the potential damage or harm that a risk event could cause to an organization's assets, operations, or reputation.

Full entry →
Full Impact glossary entry →

Term 318

Impersonation

Impersonation is a security attack where an attacker pretends to be a legitimate person or system to gain unauthorized access, steal data, or commit fraud.

Full entry →
Full Impersonation glossary entry →

Term 319

Implicit deny

Implicit deny is a security rule that automatically blocks any network traffic that is not explicitly allowed by an access control list or firewall rule.

Full entry →
Full Implicit deny glossary entry →

Term 320

Inbound ACL

An inbound ACL is a set of rules applied to network traffic entering an interface that decides whether to allow or block that traffic based on criteria like source IP, destination port, or protocol.

Full entry →
Full Inbound ACL glossary entry →

Term 321

Incident

An incident is a security event that violates an organization's policies or threatens its data, systems, or operations, requiring a structured response.

Full entry →
Full Incident glossary entry →

Term 322

Incident classification

Incident classification is the process of categorizing security incidents based on type, severity, and impact to ensure appropriate response and resource allocation.

Full entry →
Full Incident classification glossary entry →

Term 323

Incident response

Incident response is the structured approach an organization uses to identify, contain, and recover from cybersecurity incidents like data breaches or ransomware attacks.

Full entry →
Full Incident response glossary entry →

Term 324

Incident response lifecycle

The Incident response lifecycle is the structured process organizations follow to detect, contain, eradicate, and recover from cybersecurity incidents while learning from each event to improve future defenses.

Full entry →
Full Incident response lifecycle glossary entry →

Term 325

Incident severity

Incident severity is a classification used in IT incident management to describe the level of impact and urgency of an event, guiding response priority.

Full entry →
Full Incident severity glossary entry →

Term 326

Indicator of attack

An indicator of attack (IOA) is a sign that an attack is actively occurring or about to occur, focusing on attacker behavior and intent rather than just the artifacts left behind.

Full entry →
Full Indicator of attack glossary entry →

Term 327

Indicator of compromise

An indicator of compromise is a piece of digital evidence—such as a suspicious file hash, IP address, or unusual network pattern—that suggests a system may have been breached by an attacker.

Full entry →
Full Indicator of compromise glossary entry →

Term 328

Industrial Control System

An Industrial Control System (ICS) is a network of computers and devices that monitors and controls industrial machinery, such as power plants, water treatment facilities, and assembly lines.

Full entry →
Full Industrial Control System glossary entry →

Term 329

Industrial Internet of Things

The Industrial Internet of Things (IIoT) is a network of physical devices, machines, and sensors in industrial settings that collect and exchange data over the internet to improve efficiency and safety.

Full entry →
Full Industrial Internet of Things glossary entry →

Term 330

Information barriers

Information barriers are policies and technical controls that prevent the unauthorized flow of sensitive information between different parts of an organization to avoid conflicts of interest and ensure compliance.

Full entry →
Full Information barriers glossary entry →
← Part 10Part 12 →

Acronym parts

Part 1Part 2Part 3Part 4Part 5Part 6Part 7Part 8Part 9Part 10Part 11currentPart 12Part 13Part 14Part 15Part 16Part 17Part 18Part 19Part 20Part 21Part 22Part 23Part 24Part 25Part 26

Study resources

All ISC2 CC Acronyms→ISC2 CC Practice Tests→ISC2 CC Study Guide→Exam Domains→