Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

ISC2 Certified in Cybersecurity CC/Acronyms/Part 5

Acronym study

ISC2 CC Acronyms — Part 5 of 26

Terms 121–150 of 754 ISC2 CC acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.

← Part 4Part 5 of 26Part 6 →

Term 121

Common Access Card

A Common Access Card (CAC) is a smart card issued by the U.S. Department of Defense that serves as a single identification, authentication, and access credential for military personnel and contractors.

Full entry →
Full Common Access Card glossary entry →

Term 122

Common Criteria

Common Criteria is an international standard (ISO 15408) that provides a common framework for evaluating the security features and capabilities of information technology products.

Full entry →
Full Common Criteria glossary entry →

Term 123

Communication Compliance

Communication Compliance is the set of policies, tools, and practices used by organizations to monitor, capture, and review electronic communications in order to meet regulatory, legal, and internal governance requirements.

Full entry →
Full Communication Compliance glossary entry →

Term 124

Compartmented security mode

Compartmented security mode is a multilevel security (MLS) system where subjects are cleared for all sensitivity levels but only have access to specific compartments of information based on their need-to-know.

Full entry →
Full Compartmented security mode glossary entry →

Term 125

Compensating control

A compensating control is a security measure implemented to reduce risk when a primary control cannot be used or is insufficient.

Full entry →
Full Compensating control glossary entry →

Term 126

Compliance

Compliance is the process of ensuring that an organization follows laws, regulations, standards, and internal policies that apply to its operations and data handling.

Full entry →
Full Compliance glossary entry →

Term 127

Compliance Manager

A Compliance Manager is a tool or service that helps organizations assess, monitor, and improve their adherence to regulatory standards, industry frameworks, and internal policies.

Full entry →
Full Compliance Manager glossary entry →

Term 128

Compliance state

Compliance state is the current status of a system, application, or device indicating whether it meets a defined set of security policies, regulatory requirements, or configuration standards.

Full entry →
Full Compliance state glossary entry →

Term 129

Conditional access

Conditional access is a security framework that evaluates signals like user location, device health, and risk level to grant or block access to resources in real time.

Full entry →
Full Conditional access glossary entry →

Term 130

Confidentiality

Confidentiality means keeping sensitive information secret and accessible only to authorized people or systems.

Full entry →
Full Confidentiality glossary entry →

Term 131

Confidentiality Integrity and Availability

The CIA Triad is a foundational security model that ensures data is kept secret, unaltered, and accessible when needed.

Full entry →
Full Confidentiality Integrity and Availability glossary entry →

Term 132

Configuration backup

A configuration backup is a saved copy of a device's settings, such as router interfaces, firewall rules, or switch VLANs, that can be restored if the device fails or is misconfigured.

Full entry →
Full Configuration backup glossary entry →

Term 133

Configuration baseline

A configuration baseline is a fixed reference point that documents the approved hardware, software, settings, and performance parameters of an IT system or network component at a specific point in time.

Full entry →
Full Configuration baseline glossary entry →

Term 134

Configuration drift

Configuration drift is the gradual, unplanned change in a system's configuration settings over time, causing it to deviate from its original or desired state.

Full entry →
Full Configuration drift glossary entry →

Term 135

Container Analysis

Container Analysis is the process of examining container images and running containers for security vulnerabilities, misconfigurations, and compliance issues before deployment.

Full entry →
Full Container Analysis glossary entry →

Term 136

Container escape

A container escape is a security exploit where an attacker breaks out of the isolated environment of a container to gain unauthorized access to the host operating system or other containers.

Full entry →
Full Container escape glossary entry →

Term 137

Container scanning

Container scanning is the automated process of inspecting container images for known security vulnerabilities, misconfigurations, and compliance issues before they are deployed.

Full entry →
Full Container scanning glossary entry →

Term 138

Container security

Container security is the practice of protecting containerized applications and their underlying infrastructure from threats throughout the entire lifecycle.

Full entry →
Full Container security glossary entry →

Term 139

Containment

Containment is the incident response phase where security teams isolate a compromised system or network to prevent the threat from spreading further while preserving evidence.

Full entry →
Full Containment glossary entry →

Term 140

Containment strategy

A containment strategy is a set of actions taken during a security incident to stop the threat from spreading or causing further damage while preserving evidence for analysis.

Full entry →
Full Containment strategy glossary entry →

Term 141

Contributor role

The Contributor role is a built-in Azure role that grants full access to manage resources within a scope but does not allow granting access to other users.

Full entry →
Full Contributor role glossary entry →

Term 142

Control plane

The control plane is the part of a network that makes decisions about how data should be forwarded, defining routes and policies without actually moving the data itself.

Full entry →
Full Control plane glossary entry →

Term 143

Corrective control

A security measure that acts after an incident to limit damage, restore operations, and prevent recurrence.

Full entry →
Full Corrective control glossary entry →

Term 144

Correlation rule

A correlation rule is a set of conditions in a security information and event management (SIEM) system that combines multiple log events from different sources to detect complex threats or patterns that a single event would miss.

Full entry →
Full Correlation rule glossary entry →

Term 145

Cost Explorer

Cost Explorer is an AWS tool that lets you visualize, understand, and manage your AWS spending and usage over time.

Full entry →
Full Cost Explorer glossary entry →

Term 146

Cost Management

Cost Management is the practice of planning, controlling, and optimizing spending on cloud resources to stay within budget and maximize value.

Full entry →
Full Cost Management glossary entry →

Term 147

Countermeasure

A countermeasure is any action, device, procedure, or technique that reduces a threat, vulnerability, or risk to an acceptable level.

Full entry →
Full Countermeasure glossary entry →

Term 148

Covert channel

A covert channel is a hidden communication path that allows data to be transferred in ways that violate a system's security policy, often by using resources not intended for communication.

Full entry →
Full Covert channel glossary entry →

Term 149

Cross-site request forgery

Cross-site request forgery (CSRF) is a web security vulnerability that tricks a user into unknowingly performing actions on a website where they are already authenticated.

Full entry →
Full Cross-site request forgery glossary entry →

Term 150

Cross-site scripting

Cross-site scripting (XSS) is a security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users, often to steal data or hijack sessions.

Full entry →
Full Cross-site scripting glossary entry →
← Part 4Part 6 →

Acronym parts

Part 1Part 2Part 3Part 4Part 5currentPart 6Part 7Part 8Part 9Part 10Part 11Part 12Part 13Part 14Part 15Part 16Part 17Part 18Part 19Part 20Part 21Part 22Part 23Part 24Part 25Part 26

Study resources

All ISC2 CC Acronyms→ISC2 CC Practice Tests→ISC2 CC Study Guide→Exam Domains→