Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

ISC2 Certified in Cybersecurity CC/Acronyms/Part 21

Acronym study

ISC2 CC Acronyms — Part 21 of 26

Terms 601–630 of 754 ISC2 CC acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.

← Part 20Part 21 of 26Part 22 →

Term 601

Security strategy

A security strategy is a high-level plan that outlines how an organization protects its information assets, aligns security with business goals, and manages risk over time.

Full entry →
Full Security strategy glossary entry →

Term 602

Security update

A security update is a software patch released to fix a vulnerability that could be exploited by attackers to compromise a system.

Full entry →
Full Security update glossary entry →

Term 603

SELinux

SELinux (Security-Enhanced Linux) is a mandatory access control (MAC) security mechanism built into the Linux kernel that enforces policies to restrict how processes and users interact with files, devices, and system resources.

Full entry →
Full SELinux glossary entry →

Term 604

Sender Policy Framework

Sender Policy Framework (SPF) is an email authentication method that prevents spammers from sending emails that appear to come from your domain by listing which servers are allowed to send email for that domain.

Full entry →
Full Sender Policy Framework glossary entry →

Term 605

Sensitivity label

A sensitivity label is a metadata tag applied to digital content that classifies the content's level of confidentiality and governs how it can be shared, protected, and accessed.

Full entry →
Full Sensitivity label glossary entry →

Term 606

Separation of duties

Separation of duties is a security principle that splits critical tasks and privileges among multiple people to prevent fraud, errors, and abuse of power.

Full entry →
Full Separation of duties glossary entry →

Term 607

Serverless security

Serverless security is the practice of protecting applications that run on serverless computing platforms, where the cloud provider manages the infrastructure and the customer is responsible for securing the code, data, and access controls.

Full entry →
Full Serverless security glossary entry →

Term 608

Service account

A service account is a special type of account used by an application or a virtual machine, rather than a human user, to authenticate and interact with cloud services and APIs securely.

Full entry →
Full Service account glossary entry →

Term 609

Service Control Policy

A Service Control Policy (SCP) is a centralized governance tool in AWS Organizations that allows you to define and enforce maximum permissions for all accounts in an organization, acting as a security guardrail that limits what actions principals can perform.

Full entry →
Full Service Control Policy glossary entry →

Term 610

Service Health

Service Health is a monitoring feature in Microsoft 365 and Azure that provides real-time and historical status of cloud services, including outages, advisories, and incidents.

Full entry →
Full Service Health glossary entry →

Term 611

Service Level Agreement

A service level agreement (SLA) is a documented contract that defines the specific level of service a provider guarantees to a customer, including performance metrics, responsibilities, and remedies for failures.

Full entry →
Full Service Level Agreement glossary entry →

Term 612

Service principal

A service principal is an identity created for an application or automated tool to access cloud resources securely without using a human user account.

Full entry →
Full Service principal glossary entry →

Term 613

Service Trust Portal

The Service Trust Portal is a Microsoft website that gives IT professionals and auditors access to compliance documentation, audit reports, and security information about Microsoft cloud services.

Full entry →
Full Service Trust Portal glossary entry →

Term 614

sFlow

sFlow is a network monitoring technology that samples packets and exports traffic statistics to a central collector for analyzing network performance and security.

Full entry →
Full sFlow glossary entry →

Term 615

SFTP

SFTP (Secure File Transfer Protocol) is a network protocol that provides secure file transfer over SSH, encrypting both commands and data.

Full entry →
Full SFTP glossary entry →

Term 616

SGID

SGID stands for Set Group ID, a Unix/Linux file permission that allows a process or executable to run with the group privileges of the file's group owner, not the user who runs it.

Full entry →
Full SGID glossary entry →

Term 617

Shared responsibility

Shared responsibility is a cloud security model where the cloud provider and the customer each own distinct parts of security and compliance duties.

Full entry →
Full Shared responsibility glossary entry →

Term 618

Shared secret

A shared secret is a piece of data, like a password or cryptographic key, known only to the parties involved in a secure communication, used to verify identity and protect information.

Full entry →
Full Shared secret glossary entry →

Term 619

Shield

A shield in IT networking is a conductive layer around a cable or device that blocks electromagnetic interference to protect signal integrity.

Full entry →
Full Shield glossary entry →

Term 620

Shift left security

Shift left security is the practice of integrating security testing and controls earlier in the software development lifecycle, rather than waiting until after deployment.

Full entry →
Full Shift left security glossary entry →

Term 621

Shoulder surfing

A social engineering attack where an attacker observes a victim's screen or keyboard to steal passwords or sensitive information.

Full entry →
Full Shoulder surfing glossary entry →

Term 622

Side-channel attack

A side-channel attack is a type of security exploit that gathers information from a system by observing its physical or secondary outputs—such as timing, power consumption, or electromagnetic emissions—rather than directly attacking the software or cryptographic algorithm.

Full entry →
Full Side-channel attack glossary entry →

Term 623

SIEM

SIEM (Security Information and Event Management) is a system that collects and analyzes log data from across an IT environment to detect and respond to security threats in real time.

Full entry →
Full SIEM glossary entry →

Term 624

SIEM query

A SIEM query is a search command used in a Security Information and Event Management system to find, filter, and analyze security-related log data from across an organization's IT environment.

Full entry →
Full SIEM query glossary entry →

Term 625

Sigma rule

A Sigma rule is a generic, YAML-based detection rule format used in cybersecurity to describe suspicious activities in a way that can be easily shared and converted for use across different security information and event management (SIEM) systems.

Full entry →
Full Sigma rule glossary entry →

Term 626

Simple Mail Transfer Protocol Secure

SMTPS is a secure version of the Simple Mail Transfer Protocol that uses encryption to protect email messages during transmission between email servers.

Full entry →
Full Simple Mail Transfer Protocol Secure glossary entry →

Term 627

Single sign-on

Single sign-on (SSO) is an authentication method that allows a user to log in once and gain access to multiple applications or systems without re-entering credentials.

Full entry →
Full Single sign-on glossary entry →

Term 628

SLA

A Service Level Agreement (SLA) is a contract between a service provider and a customer that defines the level of service expected, including metrics like uptime, response time, and penalties for non-compliance.

Full entry →
Full SLA glossary entry →

Term 629

SLE

SLE (Single Loss Expectancy) is the monetary loss expected each time a specific risk event occurs, calculated as asset value times exposure factor.

Full entry →
Full SLE glossary entry →

Term 630

SMB

SMB is a network file-sharing protocol that allows applications to read, write, and request services from server programs in a computer network.

Full entry →
Full SMB glossary entry →
← Part 20Part 22 →

Acronym parts

Part 1Part 2Part 3Part 4Part 5Part 6Part 7Part 8Part 9Part 10Part 11Part 12Part 13Part 14Part 15Part 16Part 17Part 18Part 19Part 20Part 21currentPart 22Part 23Part 24Part 25Part 26

Study resources

All ISC2 CC Acronyms→ISC2 CC Practice Tests→ISC2 CC Study Guide→Exam Domains→