Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certified Information Systems Security Professional CISSP/Acronyms/Part 9

Acronym study

CISSP Acronyms — Part 9 of 10

Terms 241–270 of 295 CISSP acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.

← Part 8Part 9 of 10Part 10 →

Term 241

Security pillar

The Security pillar is a set of best practices for designing and operating cloud systems that protect data, systems, and assets through confidentiality, integrity, and availability controls.

Full entry →
Full Security pillar glossary entry →

Term 242

Security policy

A security policy is a formal set of rules and guidelines that an organization establishes to protect its information assets and technology resources.

Full entry →
Full Security policy glossary entry →

Term 243

Security posture

An organization's overall cybersecurity strength, including policies, controls, and readiness to defend against and respond to threats.

Full entry →
Full Security posture glossary entry →

Term 244

Security recommendation

A security recommendation is a prescribed action, configuration, or update that aims to reduce risk and protect systems, data, and users from known threats or vulnerabilities.

Full entry →
Full Security recommendation glossary entry →

Term 245

Security strategy

A security strategy is a high-level plan that outlines how an organization protects its information assets, aligns security with business goals, and manages risk over time.

Full entry →
Full Security strategy glossary entry →

Term 246

Security update

A security update is a software patch released to fix a vulnerability that could be exploited by attackers to compromise a system.

Full entry →
Full Security update glossary entry →

Term 247

Separation of duties

Separation of duties is a security principle that splits critical tasks and privileges among multiple people to prevent fraud, errors, and abuse of power.

Full entry →
Full Separation of duties glossary entry →

Term 248

Serverless security

Serverless security is the practice of protecting applications that run on serverless computing platforms, where the cloud provider manages the infrastructure and the customer is responsible for securing the code, data, and access controls.

Full entry →
Full Serverless security glossary entry →

Term 249

Service Control Policy

A Service Control Policy (SCP) is a centralized governance tool in AWS Organizations that allows you to define and enforce maximum permissions for all accounts in an organization, acting as a security guardrail that limits what actions principals can perform.

Full entry →
Full Service Control Policy glossary entry →

Term 250

Shared access

Shared access is a permission model where multiple users, systems, or services are granted common access rights to a resource such as a file, database, network drive, or cloud storage.

Full entry →
Full Shared access glossary entry →

Term 251

Shared access signature

A shared access signature (SAS) is a secure, time-limited URL that grants granular access to specific resources in cloud storage, allowing you to delegate permissions without sharing your account keys.

Full entry →
Full Shared access signature glossary entry →

Term 252

Shift left security

Shift left security is the practice of integrating security testing and controls earlier in the software development lifecycle, rather than waiting until after deployment.

Full entry →
Full Shift left security glossary entry →

Term 253

Side-channel attack

A side-channel attack is a type of security exploit that gathers information from a system by observing its physical or secondary outputs—such as timing, power consumption, or electromagnetic emissions—rather than directly attacking the software or cryptographic algorithm.

Full entry →
Full Side-channel attack glossary entry →

Term 254

SIEM

SIEM (Security Information and Event Management) is a system that collects and analyzes log data from across an IT environment to detect and respond to security threats in real time.

Full entry →
Full SIEM glossary entry →

Term 255

SIEM query

A SIEM query is a search command used in a Security Information and Event Management system to find, filter, and analyze security-related log data from across an organization's IT environment.

Full entry →
Full SIEM query glossary entry →

Term 256

SLE

SLE (Single Loss Expectancy) is the monetary loss expected each time a specific risk event occurs, calculated as asset value times exposure factor.

Full entry →
Full SLE glossary entry →

Term 257

Software testing

Software testing is the process of checking whether a software application works correctly, meets requirements, and is free of defects before it is released to users.

Full entry →
Full Software testing glossary entry →

Term 258

Spear phishing

Spear phishing is a targeted cyberattack in which a criminal sends a fraudulent email that appears to come from a trusted source, aiming to trick a specific person or organization into revealing sensitive data or installing malware.

Full entry →
Full Spear phishing glossary entry →

Term 259

SSL VPN

An SSL VPN is a virtual private network that uses the Secure Sockets Layer protocol to create an encrypted tunnel for remote users to securely access network resources over the internet.

Full entry →
Full SSL VPN glossary entry →

Term 260

Storage firewall

A storage firewall is a security appliance or software that controls access to storage systems, protecting data from unauthorized access, malware, and insider threats by inspecting and filtering storage protocol traffic.

Full entry →
Full Storage firewall glossary entry →

Term 261

Stored access policy

A stored access policy is a server-side set of rules that defines permissions for accessing data or resources, applied consistently each time a request is made.

Full entry →
Full Stored access policy glossary entry →

Term 262

STRIDE

STRIDE is a threat classification model that helps IT professionals identify and categorize security threats across six categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

Full entry →
Full STRIDE glossary entry →

Term 263

Symmetric encryption

Symmetric encryption is a cryptographic method where the same secret key is used to both encrypt and decrypt data, ensuring confidentiality between two parties.

Full entry →
Full Symmetric encryption glossary entry →

Term 264

System high mode

System high mode is a security operating mode where all users with access to the system have security clearances that meet the highest classification level of information processed, but may not have a formal need-to-know for all data within the system.

Full entry →
Full System high mode glossary entry →

Term 265

TACACS+

TACACS+ is a protocol that separates authentication, authorization, and accounting functions to control who can access network devices and what they can do.

Full entry →
Full TACACS+ glossary entry →

Term 266

TCB

TCB (Trusted Computing Base) is the collection of all hardware, firmware, and software components in a system that are essential to enforcing its security policy.

Full entry →
Full TCB glossary entry →

Term 267

Teams policy

A Teams policy is a set of rules in Microsoft Teams that controls how users can communicate, collaborate, and access features within the application.

Full entry →
Full Teams policy glossary entry →

Term 268

Technical control

A technical control is a security mechanism implemented through hardware, software, or firmware that protects the confidentiality, integrity, and availability of IT systems and data.

Full entry →
Full Technical control glossary entry →

Term 269

TEMPEST

TEMPEST is a U.S. government standard for protecting electronic equipment from emitting electromagnetic signals that could be intercepted to steal sensitive information.

Full entry →
Full TEMPEST glossary entry →

Term 270

Threat

A threat is any potential danger that could harm a computer system, network, or data, whether from a malicious hacker, a natural disaster, or an accidental mistake.

Full entry →
Full Threat glossary entry →
← Part 8Part 10 →

Acronym parts

Part 1Part 2Part 3Part 4Part 5Part 6Part 7Part 8Part 9currentPart 10

Study resources

All CISSP Acronyms→CISSP Practice Tests→CISSP Study Guide→Exam Domains→