5 collocation exercises on auth and access control.
0 / 5 completed
1 / 5
The system must ___ the user before granting access.
You authenticate a user — confirming they are who they claim to be, typically via a password, token or biometric. Authenticate is the precise collocation, distinct from authorise (which controls what they may do). Verify up, validate off and confirm out are not idiomatic. Authentication answers who are you? and is the first gate before any access decision is made by the application.
2 / 5
After login, the system must ___ access to resources.
You authorise access — deciding what an authenticated user is allowed to do. Authorisation (US: authorize) answers what may you do? and is governed by roles or policies. The collocation is authorise access. Permit up, allow off and enable out are wrong. Keeping authentication and authorisation distinct is fundamental security vocabulary: you authenticate first, then authorise each action against permissions.
3 / 5
On successful login, the server will ___ a token.
The server issues a token — such as a JWT or access token — that the client presents on later requests. The verb issue collocates with token, certificate and credential. While mint appears informally, mint up is wrong, and grant off and hand down are not idiomatic. An issued token carries the user's identity and scopes so the API can authorise each call without re-checking the password.
4 / 5
If a token is compromised, you should ___ the session.
You revoke a session (or revoke a token) to immediately invalidate it, forcing the user to authenticate again. Revoke is the security collocation for withdrawing previously granted access. Cancel off, void up and kill out are not standard. Revocation is essential during incidents: when credentials leak, revoking active sessions limits the window in which an attacker can use the stolen token.
5 / 5
For stronger security, organisations ___ MFA.
Organisations enforce MFA (multi-factor authentication) — making it mandatory rather than optional. The verb enforce collocates with policy, MFA and rules. Impose up, press on and compel out are not idiomatic. Enforcing MFA significantly reduces account takeover, because a stolen password alone is no longer enough to authenticate; the attacker also needs the second factor.