Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

ISC2 Certified in Cybersecurity CC/Acronyms/Part 2

Acronym study

ISC2 CC Acronyms — Part 2 of 26

Terms 31–60 of 754 ISC2 CC acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.

← Part 1Part 2 of 26Part 3 →

Term 31

API security

API security is the practice of protecting application programming interfaces from attacks by ensuring only authorized users and applications can access data and functions.

Full entry →
Full API security glossary entry →

Term 32

App protection policy

An app protection policy is a set of rules that controls how data is handled and secured within mobile applications, ensuring corporate information stays safe even on personal devices.

Full entry →
Full App protection policy glossary entry →

Term 33

AppArmor

AppArmor is a Linux kernel security module that restricts programs to a predefined set of resources using mandatory access control (MAC) policies.

Full entry →
Full AppArmor glossary entry →

Term 34

Application deployment

Application deployment is the process of making a software application available for use, typically by installing, configuring, and activating it on target devices or servers.

Full entry →
Full Application deployment glossary entry →

Term 35

ARM template

An ARM template is a JSON file that defines the infrastructure and configuration for Azure resources, enabling repeatable and consistent deployments.

Full entry →
Full ARM template glossary entry →

Term 36

ARO

ARO stands for Annualized Rate of Occurrence, a number that estimates how often a specific threat or risk event is expected to happen in a single year.

Full entry →
Full ARO glossary entry →

Term 37

ARP poisoning

ARP poisoning is a network attack where an attacker sends fake Address Resolution Protocol messages to link their MAC address with a legitimate IP address, enabling them to intercept, modify, or stop data on a local network.

Full entry →
Full ARP poisoning glossary entry →

Term 38

Artifact Registry

Artifact Registry is a managed service for storing, managing, and securing container images and other software packages in a centralized repository.

Full entry →
Full Artifact Registry glossary entry →

Term 39

Asset

In IT and cybersecurity, an asset is anything valuable that an organization owns or controls, including data, hardware, software, people, and intellectual property.

Full entry →
Full Asset glossary entry →

Term 40

Asset valuation

Asset valuation is the process of determining the financial worth of an organization's information assets, often used to prioritize security controls and allocate protection resources effectively.

Full entry →
Full Asset valuation glossary entry →

Term 41

Assume breach

Assume breach is a security mindset where an organization operates as if attackers have already compromised their network, shifting focus to rapid detection, containment, and damage limitation rather than only prevention.

Full entry →
Full Assume breach glossary entry →

Term 42

Assured Workloads

Assured Workloads is a set of cloud security controls that help organizations run sensitive workloads in a trusted, verified environment on Google Cloud.

Full entry →
Full Assured Workloads glossary entry →

Term 43

Attack chain

The attack chain (or kill chain) is a model that describes the stages of a cyberattack, from initial reconnaissance to the final objective, helping defenders understand and disrupt each phase.

Full entry →
Full Attack chain glossary entry →

Term 44

Attack simulation training

Attack simulation training is a Microsoft 365 security tool that lets IT administrators run realistic phishing and password-attack campaigns against their own users to identify vulnerabilities and improve security awareness.

Full entry →
Full Attack simulation training glossary entry →

Term 45

Attack surface reduction

Attack surface reduction is a set of security practices that minimizes the number of ways an attacker can access or exploit a system by removing unnecessary features, locking down configurations, and controlling software behavior.

Full entry →
Full Attack surface reduction glossary entry →

Term 46

Attack vector

An attack vector is the specific path or method a cyber attacker uses to gain unauthorized access to a computer system or network.

Full entry →
Full Attack vector glossary entry →

Term 47

Audit

An audit is a systematic, independent review of IT systems, processes, and controls to verify compliance with policies, standards, and regulations.

Full entry →
Full Audit glossary entry →

Term 48

Audit log

An audit log is a chronological record of security-relevant events and user activities within a system, used for monitoring, compliance, and forensic analysis.

Full entry →
Full Audit log glossary entry →

Term 49

Audit trail

An audit trail is a chronological record of events, changes, or activities in a system that provides evidence of who did what, when, and from where.

Full entry →
Full Audit trail glossary entry →

Term 50

Authentication

Authentication is the process of verifying that someone or something is who or what it claims to be before granting access to a system or resource.

Full entry →
Full Authentication glossary entry →

Term 51

Authentication Authorization and Accounting

Authentication, Authorization, and Accounting (AAA) is a security framework that controls who can access a network or system, what they are allowed to do, and tracks what they actually did.

Full entry →
Full Authentication Authorization and Accounting glossary entry →

Term 52

Authentication log

An authentication log is a record of all attempts to verify a user's identity when accessing a system, including successes, failures, and associated metadata.

Full entry →
Full Authentication log glossary entry →

Term 53

Authenticator app

An authenticator app is a software application on your phone or computer that generates temporary codes used to prove your identity when logging into online accounts.

Full entry →
Full Authenticator app glossary entry →

Term 54

Authorization

Authorization determines what an authenticated user is allowed to do within a system, such as accessing files, running programs, or changing settings.

Full entry →
Full Authorization glossary entry →

Term 55

authorized_keys

A file on a server that stores the public keys of users who are allowed to log in without a password using SSH key-based authentication.

Full entry →
Full authorized_keys glossary entry →

Term 56

Availability

Availability is the measure of how often a system or service is operational and accessible when needed, typically expressed as a percentage of uptime.

Full entry →
Full Availability glossary entry →

Term 57

AWS Audit Manager

AWS Audit Manager is a service that automatically collects evidence from your AWS accounts to help you prove that you are following security and compliance rules, making audits easier and faster.

Full entry →
Full AWS Audit Manager glossary entry →

Term 58

AWS Config

AWS Config is a service that continuously records, evaluates, and reports on changes to your AWS resources so you can maintain a secure and compliant infrastructure.

Full entry →
Full AWS Config glossary entry →

Term 59

AWS Config Rules

AWS Config Rules are customizable, automated checks that continuously evaluate your AWS resource configurations against desired compliance or security policies and alert you when a resource is noncompliant.

Full entry →
Full AWS Config Rules glossary entry →

Term 60

AWS Firewall Manager

AWS Firewall Manager is a centralized security management service that lets you configure and enforce firewall rules across all accounts and resources in your AWS organization from a single place.

Full entry →
Full AWS Firewall Manager glossary entry →
← Part 1Part 3 →

Acronym parts

Part 1Part 2currentPart 3Part 4Part 5Part 6Part 7Part 8Part 9Part 10Part 11Part 12Part 13Part 14Part 15Part 16Part 17Part 18Part 19Part 20Part 21Part 22Part 23Part 24Part 25Part 26

Study resources

All ISC2 CC Acronyms→ISC2 CC Practice Tests→ISC2 CC Study Guide→Exam Domains→