Security and compliance teams use formal collocations in audit processes. Phrases like evidence compliance and remediate findings appear in SOC 2 reports, ISO assessments, and penetration test reviews.
0 / 5 completed
1 / 5
The security team will ___ annual audits to verify compliance with ISO 27001.
Conduct audits is the standard formal collocation used in security and compliance contexts. 'Run' is informal. 'Perform' is close but more common in operational contexts. 'Carry out' is correct but more common in British administrative language. Conduct audits is the professional standard in governance, risk, and compliance (GRC) documentation.
2 / 5
After the penetration test, engineers were given 30 days to ___ critical findings.
Remediate findings is the fixed security compliance collocation for the structured process of correcting vulnerabilities or gaps identified during an audit. 'Fix' is informal. 'Address' is vaguer. 'Resolve' is used more for incidents. Remediate findings is the term used in audit reports, SOC2 reviews, and ISO controls documentation.
3 / 5
The GRC team uses a controls matrix to ___ which security controls are in place.
Track controls is the governance collocation for maintaining an up-to-date inventory of security measures and their implementation status. 'Monitor' implies real-time alerting. 'Record' is a one-time action. 'List' is too passive. Track controls implies ongoing, version-controlled management of the control framework.
4 / 5
To pass the SOC 2 audit, the team had to ___ compliance with detailed logs and screenshots.
Evidence compliance is the professional audit collocation where 'evidence' is used as a verb, meaning to provide artifacts that prove a control is operating effectively. 'Prove' and 'demonstrate' are generic. 'Show' is too informal. Evidencing compliance is the precise term used by auditors and compliance managers in formal GRC workflows.
5 / 5
Security architects regularly ___ risk to prioritise which vulnerabilities to fix first.
Assess risk is the fixed security collocation for the process of identifying, evaluating, and quantifying threats to systems or data. 'Evaluate' is close but implies a judgment after the fact. 'Analyse' is a step within assessment. 'Rate' is too narrow. Assess risk is the universal term in ISO 31000, NIST, and SOC frameworks.