Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certified Information Systems Security Professional CISSP/Acronyms/Part 4

Acronym study

CISSP Acronyms — Part 4 of 10

Terms 91–120 of 295 CISSP acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.

← Part 3Part 4 of 10Part 5 →

Term 91

DREAD

DREAD is a qualitative risk assessment model used to rank threats by evaluating Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability.

Full entry →
Full DREAD glossary entry →

Term 92

Due care

Due care is the legal and ethical duty of an organization to take reasonable steps to protect sensitive information and IT systems from harm.

Full entry →
Full Due care glossary entry →

Term 93

Due diligence

Due diligence is the process of systematically reviewing and verifying information, policies, and procedures to identify and manage risks before making a decision or taking an action in an IT or security context.

Full entry →
Full Due diligence glossary entry →

Term 94

EAL

EAL, or Evaluation Assurance Level, is a numeric rating from 1 to 7 that measures how thoroughly a computer product has been tested for security, with higher numbers indicating more rigorous testing.

Full entry →
Full EAL glossary entry →

Term 95

EDR

Endpoint Detection and Response (EDR) is a cybersecurity technology that continuously monitors endpoint devices to detect, investigate, and respond to advanced threats.

Full entry →
Full EDR glossary entry →

Term 96

EDR alert

An EDR alert is a notification generated by Endpoint Detection and Response software when it detects potentially malicious activity or an anomaly on a device like a laptop, server, or workstation.

Full entry →
Full EDR alert glossary entry →

Term 97

Encryption

Encryption is the process of converting readable data into a secret code to prevent unauthorized access.

Full entry →
Full Encryption glossary entry →

Term 98

Encryption at rest

Encryption at rest is the practice of securing stored data by converting it into an unreadable format using cryptographic algorithms, so that even if physical or digital access to the storage medium is obtained, the data remains confidential.

Full entry →
Full Encryption at rest glossary entry →

Term 99

Encryption in transit

Encryption in transit is the process of scrambling data as it moves between two points over a network so that anyone who intercepts it cannot read it.

Full entry →
Full Encryption in transit glossary entry →

Term 100

Encryption key

An encryption key is a string of random characters used by an algorithm to lock (encrypt) and unlock (decrypt) data, ensuring only authorized parties can read it.

Full entry →
Full Encryption key glossary entry →

Term 101

Endpoint security baseline

An endpoint security baseline is a set of minimum security configurations and controls applied to devices like laptops, servers, and mobile devices to protect against threats.

Full entry →
Full Endpoint security baseline glossary entry →

Term 102

Endpoint security policy

An endpoint security policy is a set of rules that controls how devices like laptops, phones, and servers connect to a network and what security protections they must have to keep data safe.

Full entry →
Full Endpoint security policy glossary entry →

Term 103

Enterprise Mobility and Security

Enterprise Mobility and Security is a Microsoft 365 suite of cloud services that secures and manages mobile devices, apps, and data within an organization.

Full entry →
Full Enterprise Mobility and Security glossary entry →

Term 104

Enterprise risk management

Enterprise risk management is the systematic process of identifying, assessing, and responding to risks that could affect an organization’s ability to achieve its objectives.

Full entry →
Full Enterprise risk management glossary entry →

Term 105

Evaluation assurance level

A rating from the Common Criteria that measures how thoroughly a computer product or system has been tested and verified for security.

Full entry →
Full Evaluation assurance level glossary entry →

Term 106

Exposure factor

Exposure factor is the percentage of an asset's value that would be lost if a specific threat event occurs, used to calculate the single loss expectancy in risk analysis.

Full entry →
Full Exposure factor glossary entry →

Term 107

Feature update policy

A feature update policy is a set of rules that controls how and when new features and capabilities are deployed to software, ensuring consistency, security, and minimal disruption across an organization.

Full entry →
Full Feature update policy glossary entry →

Term 108

Federated identity

Federated identity is a system that allows users to use one set of login credentials across multiple different organizations' systems and websites without needing to create separate accounts.

Full entry →
Full Federated identity glossary entry →

Term 109

Fileless malware

Fileless malware is a type of malicious activity that uses legitimate system tools and memory to execute attacks, leaving no traditional file on the hard drive.

Full entry →
Full Fileless malware glossary entry →

Term 110

Firewall

A firewall is a network security system that monitors and controls incoming and outgoing traffic based on predetermined security rules to protect trusted internal networks from untrusted external networks.

Full entry →
Full Firewall glossary entry →

Term 111

Firewall log

A firewall log is a record of network traffic that a firewall has allowed or denied, used by IT professionals to monitor security events and troubleshoot connectivity issues.

Full entry →
Full Firewall log glossary entry →

Term 112

Firewall rule

A firewall rule is a set of conditions that tells a firewall which network traffic to allow or block based on attributes like source, destination, port, and protocol.

Full entry →
Full Firewall rule glossary entry →

Term 113

GDPR

The General Data Protection Regulation (GDPR) is a European Union law that sets strict rules for how organizations collect, store, process, and protect the personal data of individuals within the EU.

Full entry →
Full GDPR glossary entry →

Term 114

GitHub Advanced Security

GitHub Advanced Security is a suite of security tools integrated into GitHub that helps developers find and fix vulnerabilities, secrets, and code quality issues directly in their repositories.

Full entry →
Full GitHub Advanced Security glossary entry →

Term 115

Group Policy

Group Policy is a Windows-based feature that allows administrators to centrally manage and enforce settings for users and computers across an organization.

Full entry →
Full Group Policy glossary entry →

Term 116

Guest access

Guest access allows a user to temporarily connect to a network, application, or shared resource with limited permissions, without being a permanent member of the organization.

Full entry →
Full Guest access glossary entry →

Term 117

Hardware security module

A specialized hardware appliance that securely generates, stores, and manages cryptographic keys in a tamper-resistant environment for enterprise security systems.

Full entry →
Full Hardware security module glossary entry →

Term 118

Hashing

Hashing is a one-way mathematical function that converts any input data into a fixed-length string of characters, called a hash or digest, which is used to verify data integrity and store passwords securely.

Full entry →
Full Hashing glossary entry →

Term 119

HIPAA

HIPAA is a U.S. law that sets national standards for protecting sensitive patient health information from being disclosed without the patient's consent or knowledge.

Full entry →
Full HIPAA glossary entry →

Term 120

Host firewall

A host firewall is a software-based security tool that runs directly on an individual device, such as a laptop, server, or desktop, to monitor and control incoming and outgoing network traffic based on a set of security rules.

Full entry →
Full Host firewall glossary entry →
← Part 3Part 5 →

Acronym parts

Part 1Part 2Part 3Part 4currentPart 5Part 6Part 7Part 8Part 9Part 10

Study resources

All CISSP Acronyms→CISSP Practice Tests→CISSP Study Guide→Exam Domains→