Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certified Information Systems Security Professional CISSP/Acronyms/Part 6

Acronym study

CISSP Acronyms — Part 6 of 10

Terms 151–180 of 295 CISSP acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.

← Part 5Part 6 of 10Part 7 →

Term 151

Kubernetes security

Kubernetes security is the practice of protecting containerized applications, the Kubernetes cluster itself, and the underlying infrastructure from unauthorized access, data breaches, and system vulnerabilities.

Full entry →
Full Kubernetes security glossary entry →

Term 152

LDAP

LDAP is a protocol used to access and manage directory information over a network, such as user accounts and permissions.

Full entry →
Full LDAP glossary entry →

Term 153

Legal requirement

A legal requirement is a mandatory rule or standard set by law or regulation that an organization must follow, often concerning data protection, privacy, or security practices.

Full entry →
Full Legal requirement glossary entry →

Term 154

MAC

MAC (Media Access Control) is a unique hardware identifier assigned to network interfaces for communication on a local network segment.

Full entry →
Full MAC glossary entry →

Term 155

Malware

Malware is any software intentionally designed to cause damage, disrupt operations, steal data, or gain unauthorized access to computer systems.

Full entry →
Full Malware glossary entry →

Term 156

Malware analysis

Malware analysis is the process of examining malicious software to understand its behavior, origin, and impact, enabling defenders to detect, contain, and prevent future attacks.

Full entry →
Full Malware analysis glossary entry →

Term 157

Malware symptoms

Malware symptoms are the observable signs on a computer or network that indicate a malicious program may have infected the system, such as slow performance, unexpected pop-ups, or unusual network activity.

Full entry →
Full Malware symptoms glossary entry →

Term 158

Mandatory vacation

Mandatory vacation is a security control that requires employees to take a consecutive period of leave so that any unauthorized activities or irregularities in their work can be detected by others.

Full entry →
Full Mandatory vacation glossary entry →

Term 159

Maximum tolerable downtime

Maximum tolerable downtime (MTD) is the total amount of time a business process or system can be unavailable before causing irreparable harm to the organization.

Full entry →
Full Maximum tolerable downtime glossary entry →

Term 160

Meeting policy

A meeting policy is a set of rules and configurations that control how online meetings are created, joined, and conducted within a collaboration platform.

Full entry →
Full Meeting policy glossary entry →

Term 161

Messaging policy

A messaging policy is a set of rules that govern how an organization's email and instant messaging systems handle, route, secure, and retain messages to ensure compliance, security, and operational efficiency.

Full entry →
Full Messaging policy glossary entry →

Term 162

MFA

Multi-Factor Authentication (MFA) is a security method that requires a user to verify their identity using two or more different types of evidence, such as a password plus a code from a phone, before they can access an account or system.

Full entry →
Full MFA glossary entry →

Term 163

Microsoft Defender XDR

Microsoft Defender XDR is a unified security platform that automatically correlates alerts from across an organization's endpoints, email, identities, and cloud apps to stop complex attacks.

Full entry →
Full Microsoft Defender XDR glossary entry →

Term 164

MTD

MTD (Maximum Tolerable Downtime) is the longest period a business can function without a specific system or service before the damage becomes unacceptable.

Full entry →
Full MTD glossary entry →

Term 165

Multilevel security

Multilevel security is a computer security approach that allows users with different clearance levels to access data at different classification levels on the same system, while preventing unauthorized access.

Full entry →
Full Multilevel security glossary entry →

Term 166

NAC

Network Access Control (NAC) is a security technology that enforces policies to control which devices and users can connect to a network.

Full entry →
Full NAC glossary entry →

Term 167

Need to know

Need to know is a security principle that restricts access to information or resources only to individuals who require that access to perform their job duties.

Full entry →
Full Need to know glossary entry →

Term 168

Network security

Network security is the practice of protecting a computer network from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, ensuring the confidentiality, integrity, and availability of data and resources.

Full entry →
Full Network security glossary entry →

Term 169

Network Security Group

A Network Security Group is a set of rules that controls inbound and outbound traffic to Azure resources like virtual machines and subnets.

Full entry →
Full Network Security Group glossary entry →

Term 170

NIST Cybersecurity Framework

The NIST Cybersecurity Framework is a set of voluntary guidelines, standards, and best practices created by the National Institute of Standards and Technology to help organizations manage and reduce cybersecurity risk.

Full entry →
Full NIST Cybersecurity Framework glossary entry →

Term 171

OAuth

OAuth is an open standard for access delegation that allows users to grant third-party applications limited access to their resources without sharing their credentials.

Full entry →
Full OAuth glossary entry →

Term 172

Origin access control

Origin access control is a security mechanism that restricts access to a network, system, or resource based on the verified identity or attributes of the requesting entity.

Full entry →
Full Origin access control glossary entry →

Term 173

OSI model

The OSI model is a conceptual framework that standardizes the functions of a telecommunication or computing system into seven distinct layers, from physical hardware to application software.

Full entry →
Full OSI model glossary entry →

Term 174

Password policy

A set of rules designed to enhance computer security by encouraging users to create strong, secure passwords and store them properly.

Full entry →
Full Password policy glossary entry →

Term 175

PCI DSS

The Payment Card Industry Data Security Standard is a set of security requirements designed to protect credit card data during storage, processing, and transmission.

Full entry →
Full PCI DSS glossary entry →

Term 176

Penetration testing

Penetration testing is a simulated cyberattack on a computer system, network, or application to find security weaknesses before real attackers can exploit them.

Full entry →
Full Penetration testing glossary entry →

Term 177

Phishing

Phishing is a type of cyber attack where criminals impersonate legitimate organizations or individuals to trick victims into revealing sensitive information such as passwords, credit card numbers, or personal data.

Full entry →
Full Phishing glossary entry →

Term 178

Physical control

Physical controls are tangible security measures like locks, fences, and biometric scanners used to protect buildings, hardware, and sensitive data from unauthorized physical access or harm.

Full entry →
Full Physical control glossary entry →

Term 179

Policy

A policy is a set of rules or guidelines that defines how an organization manages, secures, and operates its IT systems and services.

Full entry →
Full Policy glossary entry →

Term 180

Policy as code

Policy as code is the practice of representing and managing security, compliance, and governance rules as executable code, enabling automated validation and enforcement across infrastructure and software development workflows.

Full entry →
Full Policy as code glossary entry →
← Part 5Part 7 →

Acronym parts

Part 1Part 2Part 3Part 4Part 5Part 6currentPart 7Part 8Part 9Part 10

Study resources

All CISSP Acronyms→CISSP Practice Tests→CISSP Study Guide→Exam Domains→