5 exercises on the precise vocabulary of security incidents, breach response, and vulnerability management. In security, the right verb choice matters — it signals expertise.
0 / 5 completed
1 / 5
The security team ___ a breach in the authentication service.
Detect — the most technical and formal verb for security discovery:
Detect a breach is the most precise and professional collocation in security vocabulary. It implies the use of monitoring systems, SIEM tools, or automated detection mechanisms — not just a person noticing something unusual.
Why "detect" stands out: "Detect" carries the connotation of technical instrumentation finding the problem. Security operations centres (SOCs) use Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) specifically to detect breaches. GDPR and other regulations require organisations to detect and notify within specific timeframes.
The other options in context:
found → general and informal: "We found a breach" — correct but not the sharpest technical choice
identified → formal and analytical, common in post-incident reports: "The breach was identified at 14:32 UTC"
discovered → implies the breach was not expected and was stumbled upon: "We discovered the breach during routine maintenance"
Key security detection vocabulary:
detect / identify / discover a breach
respond to an incident
contain the breach → stop it spreading
remediate the vulnerability → fix the root cause
notify / report the affected parties
2 / 5
We immediately ___ the compromised API keys and issued new ones.
Revoke — the precise security term for invalidating credentials:
Revoke credentials / keys / tokens / certificates is the standard security vocabulary for intentionally invalidating a secret that is compromised or no longer needed. It is the correct technical term across all credential types.
Why "revoke" and not the others?
Revoke = formally withdraw the authority or validity of a credential. The system marks it as invalid; any further use is refused. This is the precise technical term used in OAuth flows, PKI (Public Key Infrastructure), API gateways, and identity management systems.
Cancel = used for subscriptions, orders, and appointments — not credentials. You cancel a meeting, not an API key.
Delete = remove from storage. Deletion implies the record is gone; revocation implies it still exists but is marked as invalid. Important distinction in audit logging — you often want the record to remain for compliance.
Remove = too generic, lacks the specific security connotation.
Common "revoke" collocations in security:
revoke an API key / access token / certificate
revoke user access / permissions
revoke a certificate (TLS/SSL)
"The certificate was revoked before its expiry date."
3 / 5
The penetration tester ___ the vulnerability in the input validation.
Exploit — the standard penetration testing verb for taking advantage of a vulnerability:
Exploit a vulnerability is the universally standard collocation in security and penetration testing. It means deliberately taking advantage of a weakness in a system to demonstrate that it can be used for unauthorised access or other malicious purposes.
The security verb chain:
identify / discover / find a vulnerability → reconnaissance and scanning phase
assess / evaluate the severity → how dangerous is it? (CVSS score)
exploit the vulnerability → prove the attack is possible
document / report the finding → responsible disclosure
patch / remediate / fix the vulnerability → resolution
verify the fix → confirm the vulnerability is closed
Why not the others?
used → too vague, no security connotation. "Used the vulnerability" sounds like poor English in a security report.
attacked → "attack a system" is correct, but "attack a vulnerability" is not standard. You exploit a vulnerability; you attack a system or endpoint.
abused → used in the sense of feature abuse or policy abuse, not standard for technical vulnerabilities.
Remember: In a legal/professional context, "exploit" in penetration testing is authorised by a contract or scope agreement — it is not malicious.
4 / 5
The company ___ the incident to the ICO within 72 hours as required by GDPR.
Notified and reported — both correct in GDPR breach reporting language:
GDPR Article 33 requires that a personal data breach be notified to the supervisory authority (in the UK: the ICO — Information Commissioner's Office) within 72 hours. Both "notify" and "report" are used in this context:
Notify: The verb used in the text of GDPR itself: "The controller shall notify the breach to the competent supervisory authority." Most formal and legally precise. "The organisation notified the ICO of the breach within 40 hours." Also: "notify the affected individuals."
Report: Equally natural and widely used in practice. "The company reported the data breach to the ICO." "We submitted a breach report to the regulator." Very common in news coverage, compliance documentation, and team communications.
"Told" is incorrect in this context — you do not "tell" a report to a regulator. You would say "told the regulator about the incident" (correct grammar) but "told the incident to the ICO" is grammatically wrong.
GDPR / data breach vocabulary:
suffer / experience a breach → "The company suffered a data breach"
notify / report a breach → to the regulator
notify / inform / alert affected individuals
investigate the incident
mitigate the impact
demonstrate compliance → show the regulator you followed procedures
5 / 5
The dev team ___ the patch within 4 hours of the CVE disclosure.
Deployed, applied, and released — all collocate with "patch" in security contexts:
Patching vocabulary is nuanced — the right verb depends on what stage of the patching process you are describing:
Released a patch: Creating and publishing the patch for users to install. Used by the software vendor or development team announcing the fix is available. "Microsoft released a patch for the zero-day vulnerability." "The dev team released the patch within 4 hours of the CVE disclosure." This describes the moment the fix is made available.
Deployed a patch: Actively installing the patch on live systems. Used by system administrators, SREs, and DevOps teams who push the fix to production servers. "The ops team deployed the patch to all affected servers overnight."
Applied a patch: The most general term — can mean either deploying it to a system or incorporating it into code. "The admin applied the security patch to the web server." Also used in software development: "She applied the patch to the codebase."
Full patching lifecycle:
CVE is disclosed → vulnerability is published publicly