Before launch, the security team will ___ a thorough security review of the new payment flow.
To conduct a security review means to carry out a formal security assessment. Conduct is the precise term for running a structured process. Do up, run over, and make are informal or imprecise. Security teams "conduct a security review before release," so conduct a security review is the correct collocation.
2 / 5
The penetration test aims to ___ vulnerabilities before attackers can exploit them.
To identify vulnerabilities means to discover and document security weaknesses. Identify is the precise term, behind "vulnerability identification." Find out, spot up, and see are informal or grammatically odd. Pentesters "identify vulnerabilities in the application," so identify vulnerabilities is the correct collocation.
3 / 5
When a critical CVE is disclosed, the team must ___ the affected systems as quickly as possible.
To patch the system means to apply a security update that fixes a known vulnerability. Patch is the precise term, behind "security patch" and "patch management." Fix up, mend, and repair out are informal. Teams "patch the affected systems immediately," so patch the system is the correct collocation.
4 / 5
To reduce the attack surface, the engineer will ___ the server configuration by disabling unused services.
To harden the configuration means to make a system more secure by removing weaknesses (closing ports, disabling defaults, enforcing least privilege). Harden is the precise security term, behind "system hardening" and "hardening guide." Toughen up, strengthen out, and firm are informal. Engineers "harden the server configuration," so harden the configuration is the correct collocation.
5 / 5
Where a vulnerability cannot be fixed immediately, the team will ___ the risk with a compensating control.
To mitigate the risk means to reduce its likelihood or impact, often with a temporary control while a full fix is pending. Mitigate is the precise term, behind "risk mitigation" and "compensating control." Lower down, cut back, and ease off are informal. Security teams "mitigate the risk with a WAF rule," so mitigate the risk is the correct collocation.