Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

CompTIA PenTest+ PT0-002/Acronyms/Part 3

Acronym study

PT0-002 Acronyms — Part 3 of 5

Terms 61–90 of 135 PT0-002 acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.

← Part 2Part 3 of 5Part 4 →

Term 61

IAST

IAST (Interactive Application Security Testing) is a security testing method that analyzes an application from within while it is running, typically during automated testing or manual QA, to find vulnerabilities in real time.

Full entry →
Full IAST glossary entry →

Term 62

IDOR

IDOR (Insecure Direct Object Reference) is a vulnerability where an application exposes internal object references, allowing attackers to access or modify data by manipulating those references.

Full entry →
Full IDOR glossary entry →

Term 63

John the Ripper

John the Ripper is a free and open-source password cracking tool used by security professionals to test password strength and by attackers to guess credentials.

Full entry →
Full John the Ripper glossary entry →

Term 64

Kerberoasting

Kerberoasting is an attack where a hacker steals service account password hashes from Active Directory to crack them offline and gain unauthorized access.

Full entry →
Full Kerberoasting glossary entry →

Term 65

Kill chain

A kill chain is a step-by-step model that describes the stages of a cyberattack, from initial reconnaissance to the final objective, helping defenders understand and disrupt each phase.

Full entry →
Full Kill chain glossary entry →

Term 66

Kubernetes security

Kubernetes security is the practice of protecting containerized applications, the Kubernetes cluster itself, and the underlying infrastructure from unauthorized access, data breaches, and system vulnerabilities.

Full entry →
Full Kubernetes security glossary entry →

Term 67

Lateral movement

Lateral movement is the technique attackers use to move through a network from one compromised system to another, seeking sensitive data or higher privileges.

Full entry →
Full Lateral movement glossary entry →

Term 68

Legal compliance

Legal compliance is the process of ensuring that an organization's IT systems, data handling, and business practices follow all applicable laws, regulations, and industry standards.

Full entry →
Full Legal compliance glossary entry →

Term 69

Liability

Liability in IT refers to the legal and financial responsibility an organization or individual bears for data breaches, security failures, or compliance violations arising from inadequate planning and scoping of systems and processes.

Full entry →
Full Liability glossary entry →

Term 70

Maltego

Maltego is a graphical open-source intelligence tool used for information gathering and reconnaissance, enabling users to map and visualize relationships between entities like people, domains, and networks.

Full entry →
Full Maltego glossary entry →

Term 71

Master service agreement

A master service agreement is a legal contract between a service provider and a client that sets the general terms and conditions for all future work and projects, so they don't have to be renegotiated each time.

Full entry →
Full Master service agreement glossary entry →

Term 72

Metasploit

Metasploit is a powerful penetration testing framework that helps security professionals find and exploit vulnerabilities in computer systems.

Full entry →
Full Metasploit glossary entry →

Term 73

Meterpreter

Meterpreter is an advanced, dynamically extensible payload that provides an interactive command shell and post-exploitation capabilities within a memory-resident environment during a penetration test.

Full entry →
Full Meterpreter glossary entry →

Term 74

Mimikatz

Mimikatz is a powerful open-source tool used by attackers and security professionals to extract plaintext passwords, hashes, PINs, and Kerberos tickets from Windows memory.

Full entry →
Full Mimikatz glossary entry →

Term 75

Mitigation

Mitigation is the process of reducing the severity, impact, or likelihood of a security threat or vulnerability.

Full entry →
Full Mitigation glossary entry →

Term 76

Nessus

Nessus is a vulnerability scanner that automatically identifies security weaknesses, missing patches, and misconfigurations in computer systems and networks.

Full entry →
Full Nessus glossary entry →

Term 77

Nikto

Nikto is an open-source web server scanner that tests for potentially dangerous files, outdated server software, and configuration issues.

Full entry →
Full Nikto glossary entry →

Term 78

Nmap

Nmap is a network scanning tool used to discover hosts, services, and operating systems on a computer network.

Full entry →
Full Nmap glossary entry →

Term 79

Non-disclosure agreement

A legally binding contract that prevents one party from sharing confidential information with unauthorized individuals or entities.

Full entry →
Full Non-disclosure agreement glossary entry →

Term 80

OpenVAS

OpenVAS is an open-source vulnerability scanner that helps IT professionals identify security weaknesses in networks, systems, and applications.

Full entry →
Full OpenVAS glossary entry →

Term 81

OSINT

OSINT (Open Source Intelligence) is the practice of collecting and analyzing publicly available information from free or commercially available sources to support intelligence gathering, cybersecurity assessments, and penetration testing.

Full entry →
Full OSINT glossary entry →

Term 82

Pass-the-hash

Pass-the-hash is a cyberattack where an attacker captures the hash of a user's password and uses it to authenticate to other systems without ever knowing the actual password.

Full entry →
Full Pass-the-hash glossary entry →

Term 83

Passive reconnaissance

Passive reconnaissance is the process of gathering information about a target system or network without directly interacting with it, using publicly available sources and stealthy observation.

Full entry →
Full Passive reconnaissance glossary entry →

Term 84

Patch prioritization

Patch prioritization is the process of ranking security updates based on risk, impact, and urgency to decide which ones to apply first in an IT environment.

Full entry →
Full Patch prioritization glossary entry →

Term 85

Path traversal

Path traversal is a web security vulnerability that allows an attacker to access files and directories stored outside the web server's root folder by manipulating file paths in user-supplied input.

Full entry →
Full Path traversal glossary entry →

Term 86

Payload

In IT and cybersecurity, a payload is the core data or malicious code delivered within a packet, file, or attack that performs the actual intended action.

Full entry →
Full Payload glossary entry →

Term 87

Penetration testing

Penetration testing is a simulated cyberattack on a computer system, network, or application to find security weaknesses before real attackers can exploit them.

Full entry →
Full Penetration testing glossary entry →

Term 88

Persistence

Persistence is the set of techniques attackers use to maintain long-term access to a compromised system even after reboots or credential changes.

Full entry →
Full Persistence glossary entry →

Term 89

Phishing

Phishing is a type of cyber attack where criminals impersonate legitimate organizations or individuals to trick victims into revealing sensitive information such as passwords, credit card numbers, or personal data.

Full entry →
Full Phishing glossary entry →

Term 90

Pivoting

Pivoting is a post-exploitation technique where an attacker uses a compromised system as a relay to access other systems on a network that were not directly reachable.

Full entry →
Full Pivoting glossary entry →
← Part 2Part 4 →

Acronym parts

Part 1Part 2Part 3currentPart 4Part 5

Study resources

All PT0-002 Acronyms→PT0-002 Practice Tests→PT0-002 Study Guide→Exam Domains→