1 / 5
Fill in: 'We ___ every new CVE against our actual dependency tree before reacting.'
-
-
-
-
We 'assess' a CVE — the standard collocation for evaluating its real impact. The other options aren't idiomatic here.
2 / 5
Fill in: 'We ___ vulnerabilities by exploitability and exposure, not just severity score.'
-
-
-
-
We 'prioritise' vulnerabilities — the standard collocation for ranking by real-world risk. The other options aren't idiomatic here.
3 / 5
Fill in: 'A critical, internet-facing CVE should ___ an out-of-band patch instead of waiting for the next release.'
-
-
-
-
We say a finding will 'warrant' urgent action — the standard collocation for justifying an exception process. The other options aren't idiomatic here.
4 / 5
Fill in: 'We ___ an unpatchable dependency with compensating controls until a fix ships.'
-
-
-
-
We 'mitigate' a risk — the standard security collocation for reducing exposure without a full fix. The other options aren't idiomatic here.
5 / 5
Fill in: 'We ___ every triage decision so an auditor can see why a CVE was deprioritised.'
-
-
-
-
We 'document' a decision — the standard collocation for recording it formally. The other options aren't idiomatic here.