Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certified Information Systems Security Professional CISSP/Acronyms/Part 5

Acronym study

CISSP Acronyms — Part 5 of 10

Terms 121–150 of 295 CISSP acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.

← Part 4Part 5 of 10Part 6 →

Term 121

IAM

Identity and Access Management (IAM) is a framework of policies and technologies that ensures the right individuals have the appropriate access to technology resources.

Full entry →
Full IAM glossary entry →

Term 122

IAM binding

An IAM binding is a collection of members (users, groups, or service accounts) assigned to a single role within a Google Cloud resource policy, defining who has what permissions.

Full entry →
Full IAM binding glossary entry →

Term 123

IAM group

An IAM group is a collection of IAM users in a cloud or identity system that simplifies permission management by allowing you to assign policies to multiple users at once.

Full entry →
Full IAM group glossary entry →

Term 124

IAM misconfiguration

An IAM misconfiguration occurs when identity and access management settings are incorrectly set, granting too many or too few permissions to users or services, which can lead to security breaches or operational failures.

Full entry →
Full IAM misconfiguration glossary entry →

Term 125

IAM policy

An IAM policy is a set of rules that determines who can access specific cloud resources and what actions they are allowed to perform.

Full entry →
Full IAM policy glossary entry →

Term 126

IAM role

An IAM role is a set of permissions that an entity can assume temporarily to access cloud resources securely.

Full entry →
Full IAM role glossary entry →

Term 127

IAM user

An IAM user is an identity created in AWS Identity and Access Management that represents a person or service interacting with AWS resources, with its own credentials and permissions.

Full entry →
Full IAM user glossary entry →

Term 128

Identification

Identification is the process where a user or device claims an identity, often by providing a username, ID number, or account name, before proving that claim with authentication.

Full entry →
Full Identification glossary entry →

Term 129

Identity and access management

Identity and access management (IAM) is the security discipline that ensures the right individuals access the right resources at the right times for the right reasons.

Full entry →
Full Identity and access management glossary entry →

Term 130

Identity as security perimeter

A security model where trust is determined by user identity and context rather than the network location, treating identity itself as the primary boundary for access control.

Full entry →
Full Identity as security perimeter glossary entry →

Term 131

IDS

An IDS is a security system that monitors network or system traffic for suspicious activity and alerts administrators to potential threats, but does not actively block them.

Full entry →
Full IDS glossary entry →

Term 132

Incident

An incident is a security event that violates an organization's policies or threatens its data, systems, or operations, requiring a structured response.

Full entry →
Full Incident glossary entry →

Term 133

Incident classification

Incident classification is the process of categorizing security incidents based on type, severity, and impact to ensure appropriate response and resource allocation.

Full entry →
Full Incident classification glossary entry →

Term 134

Incident documentation

Incident documentation is the practice of recording every detail of a cybersecurity or IT incident, from detection to resolution, to ensure accurate analysis, legal compliance, and process improvement.

Full entry →
Full Incident documentation glossary entry →

Term 135

Incident management

Incident management is the process of identifying, logging, prioritizing, and resolving IT service disruptions to restore normal operations as quickly as possible with minimal business impact.

Full entry →
Full Incident management glossary entry →

Term 136

Incident response

Incident response is the structured approach an organization uses to identify, contain, and recover from cybersecurity incidents like data breaches or ransomware attacks.

Full entry →
Full Incident response glossary entry →

Term 137

Incident response lifecycle

The Incident response lifecycle is the structured process organizations follow to detect, contain, eradicate, and recover from cybersecurity incidents while learning from each event to improve future defenses.

Full entry →
Full Incident response lifecycle glossary entry →

Term 138

Incident severity

Incident severity is a classification used in IT incident management to describe the level of impact and urgency of an event, guiding response priority.

Full entry →
Full Incident severity glossary entry →

Term 139

Information security management

Information security management is the systematic process of developing, implementing, monitoring, and improving policies, procedures, and controls to protect an organization's information assets from threats and ensure confidentiality, integrity, and availability.

Full entry →
Full Information security management glossary entry →

Term 140

Inherent risk

Inherent risk is the level of risk that exists in a process or system before any security controls or mitigations are applied.

Full entry →
Full Inherent risk glossary entry →

Term 141

Insider Risk Management

Insider Risk Management is the practice of identifying, assessing, and mitigating threats that originate from within an organization, such as employees, contractors, or partners who have legitimate access to systems and data.

Full entry →
Full Insider Risk Management glossary entry →

Term 142

IPS

An Intrusion Prevention System (IPS) is a network security device that monitors traffic in real time and automatically blocks threats before they reach your systems.

Full entry →
Full IPS glossary entry →

Term 143

IPsec

IPsec is a suite of protocols used to secure Internet Protocol (IP) communications by encrypting and authenticating each IP packet in a data stream.

Full entry →
Full IPsec glossary entry →

Term 144

ISO 27001

ISO 27001 is an international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).

Full entry →
Full ISO 27001 glossary entry →

Term 145

Job rotation

Job rotation is a security governance practice where employees periodically switch roles or responsibilities to reduce risk, prevent fraud, and ensure organizational resilience.

Full entry →
Full Job rotation glossary entry →

Term 146

Just-enough access

Just-enough access is an identity and access management principle that grants users only the minimum permissions required to perform their specific job tasks, reducing security risks.

Full entry →
Full Just-enough access glossary entry →

Term 147

Just-in-time access

Just-in-time access is a security method that grants users elevated permissions only for a limited time exactly when they need them, then automatically removes those permissions.

Full entry →
Full Just-in-time access glossary entry →

Term 148

Kerberos

Kerberos is a network authentication protocol that uses tickets and symmetric-key cryptography to verify the identity of users and services in a secure, non-repudiable way.

Full entry →
Full Kerberos glossary entry →

Term 149

KMS encryption

KMS encryption is a managed service that creates, stores, and controls cryptographic keys used to encrypt data in the cloud.

Full entry →
Full KMS encryption glossary entry →

Term 150

Kubernetes RBAC

Kubernetes RBAC is a security mechanism that controls who can access and perform actions on resources in a Kubernetes cluster based on their role.

Full entry →
Full Kubernetes RBAC glossary entry →
← Part 4Part 6 →

Acronym parts

Part 1Part 2Part 3Part 4Part 5currentPart 6Part 7Part 8Part 9Part 10

Study resources

All CISSP Acronyms→CISSP Practice Tests→CISSP Study Guide→Exam Domains→