Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

ISC2 Certified in Cybersecurity CC/Acronyms/Part 19

Acronym study

ISC2 CC Acronyms — Part 19 of 26

Terms 541–570 of 754 ISC2 CC acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.

← Part 18Part 19 of 26Part 20 →

Term 541

Risk

Risk is the possibility that an event or action will negatively affect an organization's ability to achieve its goals, often measured in terms of likelihood and impact.

Full entry →
Full Risk glossary entry →

Term 542

Risk acceptance

Risk acceptance is a risk management strategy where an organization acknowledges a potential risk but decides to tolerate it without taking active measures to reduce or eliminate it.

Full entry →
Full Risk acceptance glossary entry →

Term 543

Risk appetite

Risk appetite is the amount of risk an organization is willing to accept in pursuit of its objectives, defining the boundaries for decision-making.

Full entry →
Full Risk appetite glossary entry →

Term 544

Risk assessment

Risk assessment is the process of identifying, analyzing, and evaluating potential threats to an organization's assets to determine the likelihood and impact of those threats, and to decide on appropriate treatment measures.

Full entry →
Full Risk assessment glossary entry →

Term 545

Risk avoidance

Risk avoidance is a risk management strategy that involves eliminating any activity, process, or technology that introduces a specific risk, rather than trying to reduce or accept it.

Full entry →
Full Risk avoidance glossary entry →

Term 546

Risk management

Risk management is the process of identifying, assessing, and controlling threats to an organization's capital, earnings, and operations, including IT systems and data.

Full entry →
Full Risk management glossary entry →

Term 547

Risk mitigation

Risk mitigation is the process of reducing the likelihood or impact of a potential security threat to an acceptable level through specific controls and actions.

Full entry →
Full Risk mitigation glossary entry →

Term 548

Risk register

A risk register is a formal document that lists and tracks all identified risks to an IT project, system, or organization, including their assessed impact, probability, and planned responses.

Full entry →
Full Risk register glossary entry →

Term 549

Risk score

A risk score is a numerical value that represents the level of risk associated with a given asset, threat, or vulnerability in a security context.

Full entry →
Full Risk score glossary entry →

Term 550

Risk tolerance

Risk tolerance is the amount of risk an organization or individual is willing to accept in pursuit of its objectives, defining the boundary between acceptable and unacceptable losses.

Full entry →
Full Risk tolerance glossary entry →

Term 551

Risk transfer

Risk transfer is the practice of shifting the financial burden of a potential loss to another party, typically through insurance or contracts.

Full entry →
Full Risk transfer glossary entry →

Term 552

Risk treatment

Risk treatment is the process of selecting and implementing measures to modify risk, which can include avoiding, accepting, mitigating, or transferring the risk.

Full entry →
Full Risk treatment glossary entry →

Term 553

Risk-based access

Risk-based access is a security model that dynamically adjusts access permissions based on the assessed risk of each access request, rather than granting a static level of access to all users.

Full entry →
Full Risk-based access glossary entry →

Term 554

Rogue AP

A Rogue Access Point is an unauthorized wireless access point connected to a network without the network administrator's permission, creating a serious security vulnerability.

Full entry →
Full Rogue AP glossary entry →

Term 555

Role

A role is a named set of permissions that can be assigned to users or groups to control access to resources in an IT environment.

Full entry →
Full Role glossary entry →

Term 556

Role assignment

Role assignment is the process of granting a specific set of permissions to a user, group, or service principal so they can perform certain actions within a system.

Full entry →
Full Role assignment glossary entry →

Term 557

Root cause analysis

Root cause analysis is a systematic process used to identify the fundamental underlying cause of a problem, rather than just treating its symptoms.

Full entry →
Full Root cause analysis glossary entry →

Term 558

Root user

The root user is the superuser on Linux and Unix-like systems with unrestricted permissions to execute any command and access any file on the system.

Full entry →
Full Root user glossary entry →

Term 559

Rootkit

A rootkit is a type of malware that hides its presence and the presence of other malicious software on a computer, often by modifying the operating system itself.

Full entry →
Full Rootkit glossary entry →

Term 560

Route 53

Route 53 is Amazon Web Services’ cloud-based Domain Name System (DNS) web service that translates human-readable domain names into IP addresses and routes end-user requests to internet applications.

Full entry →
Full Route 53 glossary entry →

Term 561

Route table

A route table is a set of rules, called routes, that determine where network traffic from a subnet or virtual network is directed.

Full entry →
Full Route table glossary entry →

Term 562

RPO

Recovery Point Objective (RPO) is the maximum acceptable amount of data loss measured in time, defining how recent data must be to resume operations after a disruption.

Full entry →
Full RPO glossary entry →

Term 563

RTO

Recovery Time Objective is the maximum acceptable time to restore a system or data after a disaster, defining how quickly normal operations must resume.

Full entry →
Full RTO glossary entry →

Term 564

Runbook

A runbook is a documented set of step-by-step procedures that IT teams use to handle routine operations, incidents, and maintenance tasks consistently and efficiently.

Full entry →
Full Runbook glossary entry →

Term 565

Safe Attachments

Safe Attachments is a Microsoft Defender for Office 365 feature that opens email attachments in a virtual sandbox to detect and block malicious content before they reach your inbox.

Full entry →
Full Safe Attachments glossary entry →

Term 566

Safe Links

Safe Links is a Microsoft Defender for Office 365 feature that scans URLs in emails and documents in real time to protect users from malicious websites.

Full entry →
Full Safe Links glossary entry →

Term 567

Safeguard

A safeguard is a control, measure, or action designed to protect an organization's assets from threats, vulnerabilities, and risks.

Full entry →
Full Safeguard glossary entry →

Term 568

Sandbox analysis

Sandbox analysis is a security technique where suspicious files or code are executed in an isolated, controlled environment to observe their behavior without risking harm to the live network.

Full entry →
Full Sandbox analysis glossary entry →

Term 569

SAST

Static Application Security Testing is a white-box method of analyzing source code, bytecode, or compiled binaries for security vulnerabilities without executing the program.

Full entry →
Full SAST glossary entry →

Term 570

Savings Plan

A flexible pricing model from cloud providers that gives you discounted rates on compute usage in exchange for a commitment to a consistent amount of spending over a one- or three-year term.

Full entry →
Full Savings Plan glossary entry →
← Part 18Part 20 →

Acronym parts

Part 1Part 2Part 3Part 4Part 5Part 6Part 7Part 8Part 9Part 10Part 11Part 12Part 13Part 14Part 15Part 16Part 17Part 18Part 19currentPart 20Part 21Part 22Part 23Part 24Part 25Part 26

Study resources

All ISC2 CC Acronyms→ISC2 CC Practice Tests→ISC2 CC Study Guide→Exam Domains→