Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

ISC2 Certified in Cybersecurity CC/Acronyms/Part 6

Acronym study

ISC2 CC Acronyms — Part 6 of 26

Terms 151–180 of 754 ISC2 CC acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.

← Part 5Part 6 of 26Part 7 →

Term 151

CSRF

Cross-Site Request Forgery is an attack that tricks a user into performing an unwanted action on a web application where they are currently authenticated.

Full entry →
Full CSRF glossary entry →

Term 152

Custom domain

A custom domain is a personalized internet address (like contoso.com) that you can use with cloud services instead of the default domain provided by the service provider.

Full entry →
Full Custom domain glossary entry →

Term 153

Customer Lockbox

Customer Lockbox is a Microsoft 365 service that gives customers explicit control over granting Microsoft support engineers temporary access to their tenant data for troubleshooting and issue resolution.

Full entry →
Full Customer Lockbox glossary entry →

Term 154

DAC

Discretionary Access Control is a security model where the owner of a resource decides who can access it and what permissions they have.

Full entry →
Full DAC glossary entry →

Term 155

DAST

DAST (Dynamic Application Security Testing) is a security testing method that finds vulnerabilities in running web applications by simulating real attacks from the outside.

Full entry →
Full DAST glossary entry →

Term 156

Data catalog

A data catalog is a centralized inventory of data assets that helps people find, understand, and trust the data they need for analytics or business decisions.

Full entry →
Full Data catalog glossary entry →

Term 157

Data classification

Data classification is the process of organizing data into categories based on its sensitivity, value, and criticality to an organization, so that appropriate security controls can be applied.

Full entry →
Full Data classification glossary entry →

Term 158

Data controller

An entity that determines the purposes and means of processing personal data.

Full entry →
Full Data controller glossary entry →

Term 159

Data custodian

A data custodian is the person or team responsible for the safe handling, storage, and transport of data on behalf of the data owner.

Full entry →
Full Data custodian glossary entry →

Term 160

Data governance

Data governance is the overall process of managing the availability, usability, integrity, and security of data used in an organization, based on internal standards and policies.

Full entry →
Full Data governance glossary entry →

Term 161

Data ingestion

Data ingestion is the process of moving data from various sources into a storage system where it can be accessed, analyzed, and used.

Full entry →
Full Data ingestion glossary entry →

Term 162

Data lifecycle management

Data lifecycle management is the process of managing data from its creation to its deletion, ensuring it is stored, used, and disposed of in a way that meets security, compliance, and business needs.

Full entry →
Full Data lifecycle management glossary entry →

Term 163

Data lineage

Data lineage is the process of tracking the origin, movement, and transformation of data as it flows through various systems and steps in a data pipeline.

Full entry →
Full Data lineage glossary entry →

Term 164

Data Loss Prevention

Data Loss Prevention (DLP) is a set of tools and processes that help organizations stop sensitive information from being shared, leaked, or stolen, whether accidentally or on purpose.

Full entry →
Full Data Loss Prevention glossary entry →

Term 165

Data masking

Data masking is a security technique that replaces sensitive data with realistic but fictional data so it can be used safely in non-production environments.

Full entry →
Full Data masking glossary entry →

Term 166

Data owner

A senior-level person who is accountable for the classification, protection, and appropriate use of a specific set of data within an organization.

Full entry →
Full Data owner glossary entry →

Term 167

Data plane

The part of a network device that actually forwards data packets from one interface to another based on decisions made by the control plane.

Full entry →
Full Data plane glossary entry →

Term 168

Data processor

A data processor is a person or organization that processes personal data on behalf of a data controller, following the controller's instructions and under their authority.

Full entry →
Full Data processor glossary entry →

Term 169

Data protection

Data protection refers to the practices and technologies used to safeguard personal and sensitive information from unauthorized access, loss, or corruption.

Full entry →
Full Data protection glossary entry →

Term 170

Data remanence

Data remanence is the residual representation of data that remains on a storage medium even after attempts to erase or remove it.

Full entry →
Full Data remanence glossary entry →

Term 171

Data retention

Data retention is the practice of keeping data for a specific period to meet legal, business, or compliance needs, and then securely disposing of it.

Full entry →
Full Data retention glossary entry →

Term 172

Data sanitization

Data sanitization is the process of deliberately, permanently, and irreversibly removing or destroying data stored on a device or media so that it cannot be recovered or reconstructed by any known method.

Full entry →
Full Data sanitization glossary entry →

Term 173

Data security

Data security is the practice of protecting digital information from unauthorized access, corruption, or theft throughout its lifecycle.

Full entry →
Full Data security glossary entry →

Term 174

Data transformation

Data transformation is the process of converting data from one format, structure, or value into another to make it usable for analysis, storage, or reporting.

Full entry →
Full Data transformation glossary entry →

Term 175

Data visualization

Data visualization is the practice of translating data and information into visual context, such as charts and graphs, to make complex data easier to understand and use for decision-making.

Full entry →
Full Data visualization glossary entry →

Term 176

DDoS

A DDoS (Distributed Denial-of-Service) attack is a malicious attempt to disrupt normal traffic of a targeted server, service, or network by overwhelming it with a flood of internet traffic from multiple compromised systems.

Full entry →
Full DDoS glossary entry →

Term 177

Deauthentication attack

A deauthentication attack is a wireless network exploit where an attacker sends fake disconnection frames to force devices off a Wi-Fi network, often used to capture handshake data or disrupt connectivity.

Full entry →
Full Deauthentication attack glossary entry →

Term 178

Decryption

Decryption is the process of converting encrypted or scrambled data back into its original, readable form using a specific key or method.

Full entry →
Full Decryption glossary entry →

Term 179

Dedicated security mode

A configuration in IT systems where security services or appliances operate in an isolated, single-purpose environment to prevent interference with other functions and reduce attack surface.

Full entry →
Full Dedicated security mode glossary entry →

Term 180

Defender for Cloud

Microsoft Defender for Cloud is a cloud security posture management (CSPM) and cloud workload protection platform (CWPP) that provides unified security management and threat protection across hybrid and multi-cloud environments.

Full entry →
Full Defender for Cloud glossary entry →
← Part 5Part 7 →

Acronym parts

Part 1Part 2Part 3Part 4Part 5Part 6currentPart 7Part 8Part 9Part 10Part 11Part 12Part 13Part 14Part 15Part 16Part 17Part 18Part 19Part 20Part 21Part 22Part 23Part 24Part 25Part 26

Study resources

All ISC2 CC Acronyms→ISC2 CC Practice Tests→ISC2 CC Study Guide→Exam Domains→