Main menu

CompTIA Security+ Certification Exam Acronym Glossary



Authentication, Authorization and Accounting. Security architecture framework designed for:

  1. Verification of the identity of a person or process (Authentication)
  2. Granting or denying access to network resources (Authorization)
  3. Tracking the services users are accessing as well as the amount of network resources they are consuming (Accounting)

Access Control List. A mechanism that implements access control for a system resource by enumerating the identities of the system entities that are permitted to access the resource.


Advanced Encryption Standard. Symmetric-key encryption standard comprising three block ciphers, AES-128, AES-192 and AES-256. Each of these ciphers has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. When used with 256-bit key, it is referred to as AES256. AES uses the Rijandel algorithm.


Advanced Encryption Standard 256-bit (also written as AES-256). A symmetric-key encryption algorithm that uses 256-bit encryption key.


Authentication Header. A component of the Internet Protocol Security (IPsec) protocol suite designed to provide connectionless data integrity service and data origin authentication service for IP datagrams, and (optionally) to provide protection against replay attacks. AH does not provide confidentiality, which means it does not encrypt the data. The data is readable, but protected from modification by the use of hash. AH can be used alone or in combination with the Encapsulating Security Payload (ESP) protocol (another component of the IPsec suite). AH packets are identified with protocol ID number 51 embedded in the packet.


Annualized Loss Expectancy. A risk assessment formula defining probable financial loss due to a risk over a one year period. It is defined as: Annualized Loss Expectancy (ALE) = Annual Rate of Occurrence (ARO) x Single Loss Expectancy (SLE).


Access Point. Device or software that allows wireless devices to connect to a wired network. Often used as interchangeable term for a Wireless Access Point (WAP).


Application Programming Interface. A collection of code that allows computer programmers to speed up the process of creating software applications. The main advantage from using APIs comes from the fact that they usually contain many readily available functions designed to perform specific tasks. An API call allows the programmer to take advantage of the block of code already defined within API instead of writing the entire programming code required to perform a given task from scratch.


Application Service Provider. A vendor that provides application functionality and associated services across a network to multiple customers using a rental or usage-based transaction-pricing model.


Annualized Rate of Occurrence. An estimate based on the historical data of how often a threat would be successful in exploiting a vulnerability. For example, if an event occurs once every 10 years, then its annualized rate of occurrence is 1 / 10 = 0.1.


Address Resolution Protocol. A low-level computer networking protocol used for resolution of a Network Layer address (IP) into a Data Link Layer address (Ethernet MAC address).


Acceptable Use Policy. A set of rules enforced in a network that restrict the use to which the network may be put.