Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

CompTIA PenTest+ PT0-002/Acronyms/Part 4

Acronym study

PT0-002 Acronyms — Part 4 of 5

Terms 91–120 of 135 PT0-002 acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.

← Part 3Part 4 of 5Part 5 →

Term 91

PMKID attack

A PMKID attack is a wireless network attack that exploits a vulnerability in the RSN IE (Robust Security Network Information Element) of Wi-Fi Protected Access (WPA/WPA2) networks to recover the Pre-Shared Key (PSK) without needing to capture the full four-way handshake.

Full entry →
Full PMKID attack glossary entry →

Term 92

Port scanning

Port scanning is the process of probing a computer or network device to discover which network ports are open, closed, or filtered, revealing potential entry points for services and applications.

Full entry →
Full Port scanning glossary entry →

Term 93

Post-exploitation

Post-exploitation is the phase of a penetration test that begins after an attacker has gained initial access to a system, focusing on maintaining access, escalating privileges, moving laterally, and achieving the test's objectives.

Full entry →
Full Post-exploitation glossary entry →

Term 94

Pretexting

Pretexting is a social engineering attack where the attacker fabricates a believable scenario or false identity to trick a victim into revealing sensitive information or performing an action.

Full entry →
Full Pretexting glossary entry →

Term 95

Privilege escalation

Privilege escalation is when a user or attacker gains more access or control over a system than they are supposed to have.

Full entry →
Full Privilege escalation glossary entry →

Term 96

Proof of concept

A proof of concept is a small, informal test to see if an idea, technology, or method can actually work in the real world before you commit major time or money to it.

Full entry →
Full Proof of concept glossary entry →

Term 97

Purple team

A purple team is a collaborative approach in cybersecurity where the offensive (red) and defensive (blue) teams work together to improve an organization's security posture by sharing insights and tactics.

Full entry →
Full Purple team glossary entry →

Term 98

Rainbow table

A rainbow table is a precomputed list of password hashes used to reverse weak passwords quickly without guessing each one live.

Full entry →
Full Rainbow table glossary entry →

Term 99

Red team

A red team is a group of security professionals who simulate real-world attacks on an organization's systems, people, and facilities to test the effectiveness of its defenses.

Full entry →
Full Red team glossary entry →

Term 100

Remediation

Remediation is the process of fixing or eliminating vulnerabilities, misconfigurations, or security weaknesses in an IT environment.

Full entry →
Full Remediation glossary entry →

Term 101

Remediation recommendation

A remediation recommendation is a prioritized, actionable suggestion for fixing a security vulnerability, misconfiguration, or compliance gap identified during an assessment or scan.

Full entry →
Full Remediation recommendation glossary entry →

Term 102

Reverse shell

A reverse shell is a type of remote access attack where the target machine initiates an outbound connection back to the attacker, allowing the attacker to execute commands on the compromised system.

Full entry →
Full Reverse shell glossary entry →

Term 103

Risk rating

A risk rating is a score or label assigned to a potential security threat or vulnerability that indicates how likely it is to cause harm and how severe that harm would be.

Full entry →
Full Risk rating glossary entry →

Term 104

Risk-based vulnerability management

Risk-based vulnerability management is a cybersecurity approach that prioritizes the fixing of security weaknesses based on the level of risk they pose to an organization's specific environment, rather than just addressing all vulnerabilities in the order they are found.

Full entry →
Full Risk-based vulnerability management glossary entry →

Term 105

Rules of engagement

Rules of engagement are the documented guidelines that define the scope, boundaries, and authorized actions a security tester may take during a penetration test or security assessment.

Full entry →
Full Rules of engagement glossary entry →

Term 106

SAST

Static Application Security Testing is a white-box method of analyzing source code, bytecode, or compiled binaries for security vulnerabilities without executing the program.

Full entry →
Full SAST glossary entry →

Term 107

SBOM

An SBOM is a formal, machine-readable inventory of all software components and dependencies used in a software application or system.

Full entry →
Full SBOM glossary entry →

Term 108

SCA

SCA (Software Composition Analysis) is a security testing method that automatically identifies open-source components, libraries, and dependencies in software to find known vulnerabilities and license compliance issues.

Full entry →
Full SCA glossary entry →

Term 109

Scope

In IT, scope defines the boundaries, goals, and deliverables of a project, assessment, or engagement, specifying what is included and what is excluded.

Full entry →
Full Scope glossary entry →

Term 110

Scope creep

Scope creep is the gradual, unplanned expansion of a project's objectives and deliverables beyond its original requirements, often leading to budget overruns, missed deadlines, and compromised quality.

Full entry →
Full Scope creep glossary entry →

Term 111

Secrets scanning

Secrets scanning is the automated process of detecting accidentally exposed sensitive information, such as passwords, API keys, and tokens, in code repositories and other digital environments.

Full entry →
Full Secrets scanning glossary entry →

Term 112

Service discovery

Service discovery is the process by which networked services automatically locate each other to communicate, without needing manual configuration of network addresses.

Full entry →
Full Service discovery glossary entry →

Term 113

Shellcode

Shellcode is a small piece of code used as a payload in the exploitation of a software vulnerability, typically giving an attacker a command shell on the target machine.

Full entry →
Full Shellcode glossary entry →

Term 114

Shodan

Shodan is a search engine that lets you find specific types of internet-connected devices, such as webcams, routers, and servers, by scanning the internet and indexing their services and banners.

Full entry →
Full Shodan glossary entry →

Term 115

Silver ticket

A forged Kerberos service ticket that grants access to a specific service in a Windows domain without requiring the user's password.

Full entry →
Full Silver ticket glossary entry →

Term 116

Smishing

Smishing is a social engineering attack that uses deceptive text messages to trick recipients into revealing sensitive information or installing malware.

Full entry →
Full Smishing glossary entry →

Term 117

Spear phishing

Spear phishing is a targeted cyberattack in which a criminal sends a fraudulent email that appears to come from a trusted source, aiming to trick a specific person or organization into revealing sensitive data or installing malware.

Full entry →
Full Spear phishing glossary entry →

Term 118

SQL injection

SQL injection is a web security vulnerability that allows an attacker to interfere with the queries an application makes to its database, often to read, modify, or destroy data.

Full entry →
Full SQL injection glossary entry →

Term 119

Statement of work

A Statement of work (SOW) is a formal document that defines the scope, deliverables, timeline, and terms of a project or service engagement between a vendor and a client.

Full entry →
Full Statement of work glossary entry →

Term 120

Target of evaluation

The Target of Evaluation (TOE) is the specific system, product, or component that is formally assessed against a set of security requirements during a security evaluation or certification process.

Full entry →
Full Target of evaluation glossary entry →
← Part 3Part 5 →

Acronym parts

Part 1Part 2Part 3Part 4currentPart 5

Study resources

All PT0-002 Acronyms→PT0-002 Practice Tests→PT0-002 Study Guide→Exam Domains→