Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certified Information Systems Security Professional CISSP/Acronyms/Part 2

Acronym study

CISSP Acronyms — Part 2 of 10

Terms 31–60 of 295 CISSP acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.

← Part 1Part 2 of 10Part 3 →

Term 31

Azure VPN Gateway

A cloud-based virtual private network gateway in Microsoft Azure that securely connects on-premises networks to Azure virtual networks over encrypted tunnels.

Full entry →
Full Azure VPN Gateway glossary entry →

Term 32

Backup policy

A backup policy is a documented set of rules that defines what data to back up, how often, where to store it, and how long to keep it, ensuring data can be restored after loss.

Full entry →
Full Backup policy glossary entry →

Term 33

Bell-LaPadula

A formal security model that prevents users from reading information at a higher classification level than their own and from writing information down to a lower classification level.

Full entry →
Full Bell-LaPadula glossary entry →

Term 34

Biba

Biba is a security model that uses a lattice-based system to enforce integrity, ensuring that data cannot be corrupted by unauthorized or less trustworthy subjects.

Full entry →
Full Biba glossary entry →

Term 35

BitLocker policy

A BitLocker policy is a set of configuration rules that IT administrators use to manage how BitLocker Drive Encryption is enabled, enforced, and recovered on Windows devices within an organization.

Full entry →
Full BitLocker policy glossary entry →

Term 36

Branch policy

A branch policy is a set of rules and conditions enforced on a Git branch to control how code changes are proposed, reviewed, and merged, ensuring code quality and protecting critical branches.

Full entry →
Full Branch policy glossary entry →

Term 37

Brewer-Nash

Brewer-Nash is a security model that prevents conflicts of interest by restricting access to data based on the user's past access history and organizational membership.

Full entry →
Full Brewer-Nash glossary entry →

Term 38

Broken access control

Broken access control is a security vulnerability that occurs when an application does not properly enforce restrictions on what authenticated users are allowed to do, allowing them to access unauthorized data or perform unauthorized actions.

Full entry →
Full Broken access control glossary entry →

Term 39

Business impact analysis

A systematic process used to identify and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident, or emergency.

Full entry →
Full Business impact analysis glossary entry →

Term 40

Certificate authority

A trusted entity that issues digital certificates to verify the identity of websites, devices, and users in secure online communications.

Full entry →
Full Certificate authority glossary entry →

Term 41

Certificate pinning

Certificate pinning is a security technique that associates a specific digital certificate or public key with a particular server, so that an app or system will only trust that exact certificate, rejecting any others even if they are issued by a trusted certificate authority.

Full entry →
Full Certificate pinning glossary entry →

Term 42

Certificate signing request

A Certificate Signing Request (CSR) is a specially formatted message sent by an applicant to a Certificate Authority (CA) to request a digital certificate that binds their public key to their identity.

Full entry →
Full Certificate signing request glossary entry →

Term 43

Certificate warning

A certificate warning is a security alert a web browser or application displays when it cannot fully trust the digital certificate presented by a website or service.

Full entry →
Full Certificate warning glossary entry →

Term 44

Change management

Change management is the structured process of planning, approving, implementing, and reviewing changes to IT systems to minimize risk and disruption.

Full entry →
Full Change management glossary entry →

Term 45

Clark-Wilson

A security model that enforces data integrity by ensuring that only authorized, well-formed transactions change data, and that those changes are logged and controlled.

Full entry →
Full Clark-Wilson glossary entry →

Term 46

Cloud Audit Logs

Cloud Audit Logs are a record of actions taken by users, services, and resources inside a cloud environment, capturing who did what, when, and from where.

Full entry →
Full Cloud Audit Logs glossary entry →

Term 47

Cloud IAM

Cloud IAM (Identity and Access Management) is a framework of policies and technologies that ensures the right individuals have appropriate access to cloud resources at the right time and for the right reasons.

Full entry →
Full Cloud IAM glossary entry →

Term 48

Cloud security architecture

Cloud security architecture is the design and organization of security controls, policies, and technologies used to protect data, applications, and infrastructure in a cloud computing environment.

Full entry →
Full Cloud security architecture glossary entry →

Term 49

Cloud security posture management

Cloud security posture management is the continuous process of monitoring cloud environments to detect misconfigurations, compliance violations, and security risks, and automatically remediating them to maintain a strong security posture.

Full entry →
Full Cloud security posture management glossary entry →

Term 50

Cloud VPN

A Cloud VPN is a service that securely connects your private network to a cloud provider's network over the public internet using encryption and authentication.

Full entry →
Full Cloud VPN glossary entry →

Term 51

COBIT

Control Objectives for Information and Related Technologies — an IT governance framework for managing and auditing IT processes.

Full entry →
Full COBIT glossary entry →

Term 52

Code of ethics

A set of principles and rules that guide IT professionals to act with integrity, honesty, and responsibility in their work.

Full entry →
Full Code of ethics glossary entry →

Term 53

Common Criteria

Common Criteria is an international standard (ISO 15408) that provides a common framework for evaluating the security features and capabilities of information technology products.

Full entry →
Full Common Criteria glossary entry →

Term 54

Communication Compliance

Communication Compliance is the set of policies, tools, and practices used by organizations to monitor, capture, and review electronic communications in order to meet regulatory, legal, and internal governance requirements.

Full entry →
Full Communication Compliance glossary entry →

Term 55

Compartmented security mode

Compartmented security mode is a multilevel security (MLS) system where subjects are cleared for all sensitivity levels but only have access to specific compartments of information based on their need-to-know.

Full entry →
Full Compartmented security mode glossary entry →

Term 56

Compensating control

A compensating control is a security measure implemented to reduce risk when a primary control cannot be used or is insufficient.

Full entry →
Full Compensating control glossary entry →

Term 57

Compliance

Compliance is the process of ensuring that an organization follows laws, regulations, standards, and internal policies that apply to its operations and data handling.

Full entry →
Full Compliance glossary entry →

Term 58

Compliance Manager

A Compliance Manager is a tool or service that helps organizations assess, monitor, and improve their adherence to regulatory standards, industry frameworks, and internal policies.

Full entry →
Full Compliance Manager glossary entry →

Term 59

Compliance policy

A compliance policy is a set of rules that ensures devices, users, and applications meet an organization's security and regulatory requirements before they can access corporate resources.

Full entry →
Full Compliance policy glossary entry →

Term 60

Compliance scan

A compliance scan is an automated security assessment that checks systems, networks, and applications against a defined set of regulatory or organizational standards to verify adherence to required policies.

Full entry →
Full Compliance scan glossary entry →
← Part 1Part 3 →

Acronym parts

Part 1Part 2currentPart 3Part 4Part 5Part 6Part 7Part 8Part 9Part 10

Study resources

All CISSP Acronyms→CISSP Practice Tests→CISSP Study Guide→Exam Domains→