Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certified Information Systems Security Professional CISSP/Acronyms/Part 1

Acronym study

CISSP Acronyms — Part 1 of 10

Terms 1–30 of 295 CISSP acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.

Part 1 of 10Part 2 →

Term 1

ABAC

ABAC (Attribute-Based Access Control) is a method of controlling access to resources by evaluating a set of attributes (such as user role, time, location, and device) against policy rules, rather than using static roles or identities.

Full entry →
Full ABAC glossary entry →

Term 2

Acceptable use policy

An acceptable use policy is a set of rules that an organization creates to define how employees and other users may use its computer systems, networks, and data.

Full entry →
Full Acceptable use policy glossary entry →

Term 3

Access control

Access control is the security practice of determining who or what is allowed to view, use, or enter a resource, and under what conditions.

Full entry →
Full Access control glossary entry →

Term 4

Access key

An access key is a unique identifier and secret code pair used to authenticate requests to cloud storage services, ensuring only authorized users or applications can access data.

Full entry →
Full Access key glossary entry →

Term 5

Access port

An access port is a switch port that connects to a single end device, like a computer or printer, and carries traffic for only one VLAN.

Full entry →
Full Access port glossary entry →

Term 6

Access review

An access review is a periodic audit process where administrators check and confirm which users have permissions to what resources, ensuring only authorized people retain access.

Full entry →
Full Access review glossary entry →

Term 7

Access token

A digital key that a computer system gives you to prove your identity and grant you permission to access specific resources or perform actions.

Full entry →
Full Access token glossary entry →

Term 8

Accountability

Accountability is the security principle that ensures actions and identity are linked so that a person or system can be held responsible for their activities.

Full entry →
Full Accountability glossary entry →

Term 9

Administrative control

An administrative control is a policy, procedure, or guideline designed to manage and reduce security risk through people and processes rather than technology alone.

Full entry →
Full Administrative control glossary entry →

Term 10

ALE

ALE (Annualized Loss Expectancy) is a risk management formula that estimates the yearly monetary loss from a specific threat to an asset.

Full entry →
Full ALE glossary entry →

Term 11

Alerting policy

An alerting policy is a set of rules that defines when to send notifications about a system condition that needs attention.

Full entry →
Full Alerting policy glossary entry →

Term 12

Anonymization

Anonymization is the process of removing or altering personally identifiable information so that an individual cannot be identified, directly or indirectly, from the remaining data.

Full entry →
Full Anonymization glossary entry →

Term 13

Anti-malware

Anti-malware is software that detects, prevents, and removes malicious software from computers, networks, and devices.

Full entry →
Full Anti-malware glossary entry →

Term 14

Anti-malware policy

An anti-malware policy is a set of rules and procedures that an organization enforces to prevent, detect, and remove malicious software from its computers and networks.

Full entry →
Full Anti-malware policy glossary entry →

Term 15

Anti-phishing policy

An anti-phishing policy is a set of rules and technical controls that organizations use to detect, block, and respond to email or message-based attacks that trick users into revealing sensitive information.

Full entry →
Full Anti-phishing policy glossary entry →

Term 16

Anti-spam policy

An anti-spam policy is a set of rules and filters used by email systems to automatically detect and block unwanted, unsolicited, or harmful messages before they reach a user's inbox.

Full entry →
Full Anti-spam policy glossary entry →

Term 17

API security

API security is the practice of protecting application programming interfaces from attacks by ensuring only authorized users and applications can access data and functions.

Full entry →
Full API security glossary entry →

Term 18

App protection policy

An app protection policy is a set of rules that controls how data is handled and secured within mobile applications, ensuring corporate information stays safe even on personal devices.

Full entry →
Full App protection policy glossary entry →

Term 19

Application Security Group

An Application Security Group (ASG) is a cloud networking feature that groups virtual machines logically and allows you to apply security rules based on the application workload, rather than individual IP addresses.

Full entry →
Full Application Security Group glossary entry →

Term 20

ARO

ARO stands for Annualized Rate of Occurrence, a number that estimates how often a specific threat or risk event is expected to happen in a single year.

Full entry →
Full ARO glossary entry →

Term 21

Asset

In IT and cybersecurity, an asset is anything valuable that an organization owns or controls, including data, hardware, software, people, and intellectual property.

Full entry →
Full Asset glossary entry →

Term 22

Asset valuation

Asset valuation is the process of determining the financial worth of an organization's information assets, often used to prioritize security controls and allocate protection resources effectively.

Full entry →
Full Asset valuation glossary entry →

Term 23

Asymmetric encryption

Asymmetric encryption is a cryptographic method that uses a pair of keys—a public key for encryption and a private key for decryption—to securely exchange data without sharing a secret.

Full entry →
Full Asymmetric encryption glossary entry →

Term 24

Audit

An audit is a systematic, independent review of IT systems, processes, and controls to verify compliance with policies, standards, and regulations.

Full entry →
Full Audit glossary entry →

Term 25

Audit log

An audit log is a chronological record of security-relevant events and user activities within a system, used for monitoring, compliance, and forensic analysis.

Full entry →
Full Audit log glossary entry →

Term 26

Audit trail

An audit trail is a chronological record of events, changes, or activities in a system that provides evidence of who did what, when, and from where.

Full entry →
Full Audit trail glossary entry →

Term 27

Authentication

Authentication is the process of verifying that someone or something is who or what it claims to be before granting access to a system or resource.

Full entry →
Full Authentication glossary entry →

Term 28

Authorization

Authorization determines what an authenticated user is allowed to do within a system, such as accessing files, running programs, or changing settings.

Full entry →
Full Authorization glossary entry →

Term 29

Azure Firewall

Azure Firewall is a cloud-based network security service that protects your virtual networks in Microsoft Azure by filtering traffic based on rules you define.

Full entry →
Full Azure Firewall glossary entry →

Term 30

Azure Policy

Azure Policy is a service in Microsoft Azure that lets you create, assign, and manage rules to ensure your resources stay compliant with your company standards and service-level agreements.

Full entry →
Full Azure Policy glossary entry →
Part 2 →

Acronym parts

Part 1currentPart 2Part 3Part 4Part 5Part 6Part 7Part 8Part 9Part 10

Study resources

All CISSP Acronyms→CISSP Practice Tests→CISSP Study Guide→Exam Domains→