Master the precise word combinations used in security audits and compliance reviews in English. These collocations appear in penetration test reports, audit findings, and CISO communications.
0 / 5 completed
1 / 5
The penetration tester was hired to ___ vulnerabilities in the application before the public launch.
We 'identify vulnerabilities' in security audit language. 'Identify' is the formal technical verb: identify vulnerabilities, identify risks, identify weaknesses. All options are broadly correct, but 'identify' is the most professional and is used consistently in audit reports, CVE write-ups, and security standards documentation.
2 / 5
The security team conducted a full audit to ___ compliance with the GDPR data handling requirements.
We 'verify compliance' in audit language. 'Verify' means to independently confirm that standards are met: verify compliance, verify controls, verify findings. 'Confirm compliance' is also used after verification is complete. 'Ensure compliance' means to make compliance happen, not to check it — different meaning.
3 / 5
After the audit, the team had 30 days to ___ all critical findings before the next review cycle.
We 'remediate findings' in security audit language. 'Remediate' is the domain-specific term for fixing identified security issues: remediate vulnerabilities, remediate findings. It implies a formal, documented fix. 'Address' is also professional and slightly softer; 'fix findings' and 'resolve findings' are less common in formal audit reports.
4 / 5
The audit report ___ several gaps in the company's access control policies that needed immediate attention.
We say an audit report 'highlights' or 'reveals' gaps. 'Highlight' is the preferred collocation in report writing: the report highlights, the assessment highlights. 'Reveal' implies something previously hidden. 'Shows' is too generic; 'found' is more natural in spoken summaries than formal written reports.
5 / 5
The CISO asked the team to ___ the risk of each vulnerability based on exploitability and potential business impact.
We 'score vulnerabilities' using frameworks like CVSS (Common Vulnerability Scoring System). 'Score' is the technical collocation in security risk management. 'Assess risk' is also standard and more general. 'Rate vulnerabilities' is informal but common. In the context of a formal framework, 'score' is the precise term.