The API will ___ the user by verifying their token before processing the request.
To authenticate a user means to verify their identity. Authenticate is the precise security term, behind "authentication service." Check out, verify up, and confirm in are informal or wrong. Engineers "authenticate the request first," so authenticate the user is the correct collocation.
2 / 5
After login, the system will ___ a session token that the client sends with each request.
To issue a token means to generate and grant an authentication token. Issue is the precise term, behind "token issuance" and "the issuer (iss)." Give out, hand over, and send up are informal. Auth servers "issue a JWT on login," so issue a token is the correct collocation.
3 / 5
For sensitive actions, the app will ___ the user with a second factor.
To challenge the user means to require additional proof of identity (e.g. an MFA prompt). Challenge is the precise term, behind "challenge-response" and "step-up authentication." Test out, quiz, and ask over are informal or imprecise. Systems "challenge the user for a second factor," so challenge the user is the correct collocation.
4 / 5
When an employee leaves, the security team will ___ all their active tokens.
To revoke a token means to invalidate it so it can no longer authenticate. Revoke is the precise term, behind "token revocation." Cancel out, kill off, and pull over are informal. Security procedures "revoke all credentials on offboarding," so revoke tokens is the correct collocation.
5 / 5
The session will ___ after 30 minutes of inactivity, requiring the user to log in again.
A session expires when it reaches its time limit and becomes invalid. Expire is the precise term, behind "session expiry" and "token expiration." Run out, time off, and end up are informal. Engineers configure "the session expires after 30 minutes," so expire is the correct collocation.