Practice security abbreviations: CVE, CVSS, OWASP, SAST, DAST, SBOM, SLSA, SOC2, ISO27001, GDPR, WAF, SIEM, SOAR, IOC, and IOA.
0 / 5 completed
1 / 5
What does CVE stand for and what does a CVE number identify?
CVE (Common Vulnerabilities and Exposures) is a standardized numbering system for known security vulnerabilities. A CVE ID like CVE-2021-44228 (Log4Shell) uniquely identifies a specific vulnerability, enabling consistent tracking across tools and reports.
2 / 5
What is the difference between SAST and DAST?
SAST analyzes source code, bytecode, or binaries at rest — finding vulnerabilities early in the pipeline. DAST sends requests to a running application to find vulnerabilities from an attacker's perspective. Both are complementary in a DevSecOps pipeline.
3 / 5
What does SBOM stand for and why has it become important?
An SBOM (Software Bill of Materials) lists every dependency, library, and component in your software. After major supply chain attacks (e.g., SolarWinds, Log4Shell), SBOMs became a security requirement — they let you quickly identify whether you're affected by a new CVE.
4 / 5
What does SIEM stand for and what is its role?
A SIEM (Security Information and Event Management) platform ingests logs from firewalls, servers, applications, and endpoints, then correlates events to detect threats and generate alerts. Examples: Splunk, Microsoft Sentinel, Elastic SIEM.
5 / 5
What is the difference between an IOC and an IOA in security?
IOC (Indicator of Compromise) identifies that a system has been compromised — like a known malware hash found on disk. IOA (Indicator of Attack) identifies attack behavior happening in real time — like unusual process creation patterns — enabling proactive defense before compromise.