Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certified Information Systems Security Professional CISSP/Acronyms/Part 7

Acronym study

CISSP Acronyms — Part 7 of 10

Terms 181–210 of 295 CISSP acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.

← Part 6Part 7 of 10Part 8 →

Term 181

Policy assignment

Policy assignment is the process of attaching a set of rules or permissions to a specific resource, user, or group so that those rules are enforced in a cloud or IT environment.

Full entry →
Full Policy assignment glossary entry →

Term 182

Policy definition

A policy definition is a formal rule or set of rules that specifies allowed or denied actions on resources within an IT environment, often used for governance, compliance, and security control.

Full entry →
Full Policy definition glossary entry →

Term 183

Policy enforcement

Policy enforcement is the process of implementing and ensuring compliance with defined security rules and configurations across an IT environment.

Full entry →
Full Policy enforcement glossary entry →

Term 184

Policy inheritance

Policy inheritance is the mechanism by which policies applied to a parent container in a hierarchical system automatically apply to all child objects within that container, unless explicitly blocked or overridden.

Full entry →
Full Policy inheritance glossary entry →

Term 185

Port security

Port security is a network switch feature that restricts which devices can connect to a port based on the device's MAC address, preventing unauthorized access.

Full entry →
Full Port security glossary entry →

Term 186

Preventive control

A preventive control is a security measure designed to stop unauthorized access, attacks, or errors before they can occur.

Full entry →
Full Preventive control glossary entry →

Term 187

Privacy

Privacy in IT is the control over how personal data is collected, stored, used, and shared by systems and organizations.

Full entry →
Full Privacy glossary entry →

Term 188

Privacy and security

Privacy and security refer to the practices and technologies used to protect sensitive data from unauthorized access while ensuring individuals' rights over their personal information are respected.

Full entry →
Full Privacy and security glossary entry →

Term 189

Privacy risk management

Privacy risk management is the ongoing process of identifying, assessing, and responding to risks that could compromise the confidentiality, integrity, or availability of personal data.

Full entry →
Full Privacy risk management glossary entry →

Term 190

Private Google Access

Private Google Access lets virtual machines in a Google Cloud VPC reach Google APIs and services using private IP addresses, without needing public internet access.

Full entry →
Full Private Google Access glossary entry →

Term 191

Privileged access

Privileged access is a special level of permission that allows a user or system to perform high-impact actions like installing software, changing system settings, or accessing sensitive data across an IT environment.

Full entry →
Full Privileged access glossary entry →

Term 192

Privileged access management

Privileged access management is a cybersecurity practice that controls and monitors the elevated access rights of users who have special permissions to critical systems and data.

Full entry →
Full Privileged access management glossary entry →

Term 193

Pseudonymization

Pseudonymization is a data processing technique that replaces private identifiers with artificial identifiers, or pseudonyms, to protect personal data while still allowing for analysis and processing.

Full entry →
Full Pseudonymization glossary entry →

Term 194

Qualitative risk analysis

Qualitative risk analysis is a subjective, scenario-based approach to prioritizing information security risks by evaluating their likelihood and potential impact using predefined scales rather than numerical calculations.

Full entry →
Full Qualitative risk analysis glossary entry →

Term 195

Quality update policy

A quality update policy is a set of rules and schedules that IT administrators use to control which Windows updates are deployed to devices to ensure stability, security, and compatibility.

Full entry →
Full Quality update policy glossary entry →

Term 196

Quantitative risk analysis

Quantitative risk analysis is a structured process that uses numerical data and statistical methods to calculate the potential financial impact of risks on an organization's assets and projects.

Full entry →
Full Quantitative risk analysis glossary entry →

Term 197

RADIUS

RADIUS is a network protocol that provides centralized authentication, authorization, and accounting management for users who connect and use a network service.

Full entry →
Full RADIUS glossary entry →

Term 198

RBAC

RBAC is a method of restricting network access based on the roles of individual users within an organization, where permissions are assigned to roles rather than to individuals directly.

Full entry →
Full RBAC glossary entry →

Term 199

Read-access geo-redundant storage

Read-access geo-redundant storage (RA-GRS) is a cloud storage replication option that maintains three synchronous copies in one primary region and three asynchronous copies in a secondary region, while allowing read access to the secondary copy even during normal operations.

Full entry →
Full Read-access geo-redundant storage glossary entry →

Term 200

Reference monitor

A trusted, always-active component of a computer's operating system that enforces security policies by checking every access request to files, memory, or devices before allowing it.

Full entry →
Full Reference monitor glossary entry →

Term 201

Regulatory requirement

A regulatory requirement is a rule issued by a government or industry authority that organizations must follow, often to protect data, ensure safety, or maintain fair practices.

Full entry →
Full Regulatory requirement glossary entry →

Term 202

Residual risk

Residual risk is the level of risk that remains after all security controls and countermeasures have been applied.

Full entry →
Full Residual risk glossary entry →

Term 203

Resource policy

A resource policy is a set of rules that controls who can access a specific cloud resource and what actions they can perform on it.

Full entry →
Full Resource policy glossary entry →

Term 204

Retention policy

A retention policy is a set of rules that determines how long an organization keeps its data and what happens to it when the retention period expires.

Full entry →
Full Retention policy glossary entry →

Term 205

Retry policy

A retry policy is a set of rules that automatically re-attempts a failed operation after a defined interval, up to a maximum number of tries.

Full entry →
Full Retry policy glossary entry →

Term 206

Risk

Risk is the possibility that an event or action will negatively affect an organization's ability to achieve its goals, often measured in terms of likelihood and impact.

Full entry →
Full Risk glossary entry →

Term 207

Risk acceptance

Risk acceptance is a risk management strategy where an organization acknowledges a potential risk but decides to tolerate it without taking active measures to reduce or eliminate it.

Full entry →
Full Risk acceptance glossary entry →

Term 208

Risk appetite

Risk appetite is the amount of risk an organization is willing to accept in pursuit of its objectives, defining the boundaries for decision-making.

Full entry →
Full Risk appetite glossary entry →

Term 209

Risk assessment

Risk assessment is the process of identifying, analyzing, and evaluating potential threats to an organization's assets to determine the likelihood and impact of those threats, and to decide on appropriate treatment measures.

Full entry →
Full Risk assessment glossary entry →

Term 210

Risk avoidance

Risk avoidance is a risk management strategy that involves eliminating any activity, process, or technology that introduces a specific risk, rather than trying to reduce or accept it.

Full entry →
Full Risk avoidance glossary entry →
← Part 6Part 8 →

Acronym parts

Part 1Part 2Part 3Part 4Part 5Part 6Part 7currentPart 8Part 9Part 10

Study resources

All CISSP Acronyms→CISSP Practice Tests→CISSP Study Guide→Exam Domains→