Security engineering has a precise, non-negotiable vocabulary. These exercises cover the collocations security engineers and DevSecOps teams use when patching vulnerabilities, rotating credentials, and enforcing least privilege.
0 / 5 completed
1 / 5
The security team was asked to ___ in all third-party libraries before the next release.
Patch vulnerabilities is the standard security engineering collocation for applying fixes to known security flaws. 'Patch' has a specific technical meaning: applying a targeted code fix. 'Fix' is informal; 'close' and 'address' are broader terms used in risk management.
2 / 5
Before going to production, the DevOps team must ___ of the Kubernetes cluster by removing unnecessary permissions.
Harden the configuration is the canonical security collocation for reducing the attack surface of a system by tightening settings. 'Harden' is the technical term from CIS Benchmarks and security frameworks. 'Secure' is broader; 'fix' implies errors; 'improve' lacks the security-specific meaning.
3 / 5
The CI pipeline is configured to ___ on every pull request to catch known CVEs early.
Scan dependencies is the standard DevSecOps collocation for running automated tools (e.g., Snyk, Dependabot) to detect vulnerabilities in third-party packages. 'Scan' implies automated, systematic inspection. 'Audit' is also used; 'check' and 'review' are too manual in connotation.
4 / 5
As part of the incident response, the team was required to ___ and update the secrets manager.
Rotate credentials is the security engineering collocation for periodically replacing secrets, keys, and passwords to limit exposure. 'Rotate' is the specific technical term used in secrets management and compliance documentation. 'Change', 'update', and 'replace' are general terms that lack this periodic, policy-driven connotation.
5 / 5
All IAM policies were rewritten to ___ and grant only the permissions each service needed.
Enforce least privilege is the standard information security collocation for ensuring that each entity has only the minimum permissions required. 'Enforce' implies active, systematic application of the principle. 'Apply' and 'implement' are also common; 'follow' implies passive adherence.