Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

CompTIA PenTest+ PT0-002/Acronyms/Part 2

Acronym study

PT0-002 Acronyms — Part 2 of 5

Terms 31–60 of 135 PT0-002 acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.

← Part 1Part 2 of 5Part 3 →

Term 31

Cobalt Strike

Cobalt Strike is a commercial penetration testing tool used by security professionals to simulate advanced cyberattacks, but it is also widely abused by real adversaries for post-exploitation and command-and-control operations.

Full entry →
Full Cobalt Strike glossary entry →

Term 32

Command injection

Command injection is a security vulnerability where an attacker inserts malicious commands into a system through an input field, tricking the application into executing them on the underlying operating system.

Full entry →
Full Command injection glossary entry →

Term 33

Compensating control

A compensating control is a security measure implemented to reduce risk when a primary control cannot be used or is insufficient.

Full entry →
Full Compensating control glossary entry →

Term 34

Compliance scan

A compliance scan is an automated security assessment that checks systems, networks, and applications against a defined set of regulatory or organizational standards to verify adherence to required policies.

Full entry →
Full Compliance scan glossary entry →

Term 35

Configuration scan

A configuration scan is an automated process that checks a system or network device against a known baseline to find settings that are insecure or out of compliance.

Full entry →
Full Configuration scan glossary entry →

Term 36

Container image scan

Container image scan is the automated process of inspecting a container image for security vulnerabilities, misconfigurations, and exposed secrets before it is deployed.

Full entry →
Full Container image scan glossary entry →

Term 37

Cost Explorer

Cost Explorer is an AWS tool that lets you visualize, understand, and manage your AWS spending and usage over time.

Full entry →
Full Cost Explorer glossary entry →

Term 38

Credentialed scan

A credentialed scan is a vulnerability assessment that uses valid user credentials to log into a target system, allowing deeper inspection of the system's internal configuration and software.

Full entry →
Full Credentialed scan glossary entry →

Term 39

CSPM

Cloud Security Posture Management (CSPM) is a security tool that continuously monitors cloud environments to detect and fix misconfigurations, compliance violations, and security risks.

Full entry →
Full CSPM glossary entry →

Term 40

CSRF

Cross-Site Request Forgery is an attack that tricks a user into performing an unwanted action on a web application where they are currently authenticated.

Full entry →
Full CSRF glossary entry →

Term 41

CVE

CVE stands for Common Vulnerabilities and Exposures, which is a publicly available list of standardized identifiers for known security vulnerabilities in software and hardware.

Full entry →
Full CVE glossary entry →

Term 42

CVSS

The Common Vulnerability Scoring System (CVSS) is a standardized framework used to rate the severity of security vulnerabilities on a scale from 0 to 10.

Full entry →
Full CVSS glossary entry →

Term 43

CWE

CWE (Common Weakness Enumeration) is a structured catalog of software and hardware security weaknesses that helps IT professionals identify, prevent, and mitigate vulnerabilities in systems.

Full entry →
Full CWE glossary entry →

Term 44

DAST

DAST (Dynamic Application Security Testing) is a security testing method that finds vulnerabilities in running web applications by simulating real attacks from the outside.

Full entry →
Full DAST glossary entry →

Term 45

Deauthentication attack

A deauthentication attack is a wireless network exploit where an attacker sends fake disconnection frames to force devices off a Wi-Fi network, often used to capture handshake data or disrupt connectivity.

Full entry →
Full Deauthentication attack glossary entry →

Term 46

DNS enumeration

DNS enumeration is the process of systematically querying a Domain Name System (DNS) server to gather information about a target domain, including its subdomains, IP addresses, and mail server records.

Full entry →
Full DNS enumeration glossary entry →

Term 47

Enumeration

Enumeration is the systematic process of extracting detailed information about a target system, such as user accounts, network shares, services, and configurations, used during the reconnaissance phase of a security assessment.

Full entry →
Full Enumeration glossary entry →

Term 48

Evidence

Evidence is any data or documentation that proves an event, action, or condition occurred, crucial for verifying compliance, security incidents, or system changes.

Full entry →
Full Evidence glossary entry →

Term 49

Evil twin

An evil twin attack is a rogue wireless access point that impersonates a legitimate network to intercept or manipulate user traffic.

Full entry →
Full Evil twin glossary entry →

Term 50

Executive summary

An executive summary is a concise overview of a longer document that highlights the key points, findings, and recommendations so busy stakeholders can quickly grasp the essential information without reading the full report.

Full entry →
Full Executive summary glossary entry →

Term 51

Exploitability

Exploitability is a measure of how easy or difficult it is for an attacker to take advantage of a vulnerability in a system or software.

Full entry →
Full Exploitability glossary entry →

Term 52

Exploitation

Exploitation is the act of using a vulnerability or weakness in a system, network, or application to gain unauthorized access, cause damage, or extract data.

Full entry →
Full Exploitation glossary entry →

Term 53

False negative

A false negative is when a security tool fails to detect a real threat, mistakenly treating it as harmless.

Full entry →
Full False negative glossary entry →

Term 54

False positive

A false positive is an alert or result that indicates a security threat or vulnerability exists when in fact there is no real issue.

Full entry →
Full False positive glossary entry →

Term 55

False positive validation

A false positive validation occurs when a security tool incorrectly identifies a legitimate activity, file, or user as a threat.

Full entry →
Full False positive validation glossary entry →

Term 56

Fingerprinting

Fingerprinting is the process of gathering information about a target system or network to identify its operating system, services, software versions, and configuration details during the reconnaissance phase of a security assessment.

Full entry →
Full Fingerprinting glossary entry →

Term 57

Golden ticket

A forged Kerberos authentication ticket that grants an attacker unrestricted domain admin access to all resources in a Windows Active Directory environment.

Full entry →
Full Golden ticket glossary entry →

Term 58

Google dorking

Google dorking is the practice of using advanced search operators in Google to uncover sensitive information that companies or individuals unintentionally expose on the internet.

Full entry →
Full Google dorking glossary entry →

Term 59

Hash cracking

Hash cracking is the process of attempting to reverse a hashed value back to its original plaintext input, typically used by attackers to recover passwords or by security professionals to test password strength.

Full entry →
Full Hash cracking glossary entry →

Term 60

Hashcat

Hashcat is a powerful password recovery tool that uses various attack methods to crack password hashes, widely used by security professionals and penetration testers.

Full entry →
Full Hashcat glossary entry →
← Part 1Part 3 →

Acronym parts

Part 1Part 2currentPart 3Part 4Part 5

Study resources

All PT0-002 Acronyms→PT0-002 Practice Tests→PT0-002 Study Guide→Exam Domains→