Security professionals rely on specific collocations to communicate threats and remediation clearly. This quiz covers the key verb-noun pairs for audits, risk assessment, and hardening.
0 / 5 completed
1 / 5
Fill in: 'We are required to ___ a full security audit before the product can go live in the EU.'
We 'conduct an audit' — 'conduct' is the formal collocation for carrying out a structured, professional review process. 'Run an audit' is informal but common in practice; 'do an audit' is too casual for formal compliance language; 'perform an audit' is grammatically correct but 'conduct' is the dominant choice in security and compliance documentation.
2 / 5
Fill in: 'The security team uses a threat model to ___ the risk associated with each new integration.'
We 'assess risk' — 'assess' is the standard security collocation for making a qualitative or quantitative judgement about threat severity and likelihood. 'Measure risk' suits quantitative metrics; 'evaluate risk' is close but more common in financial contexts; 'calculate risk' implies a precise numerical model rather than a broader security judgement.
3 / 5
Fill in: 'Engineering must ___ all critical vulnerabilities identified in the penetration test within 72 hours.'
We 'remediate vulnerabilities' — 'remediate' is the security-specific term for taking corrective action to eliminate or mitigate a flaw. 'Fix' is informal; 'patch' refers specifically to applying a code or binary update, which is one type of remediation; 'resolve' is used in ticketing systems but lacks the deliberate security connotation of 'remediate'.
4 / 5
Fill in: 'The platform team is responsible for ___ MFA policies across all production environments.'
We 'enforce policies' — 'enforce' means not just implementing a policy but ensuring compliance and taking action when it is violated. 'Apply' implies a one-time configuration step; 'implement' covers the initial setup; 'set' is too simple and does not convey the ongoing compliance aspect.
5 / 5
Fill in: 'Before launch, DevSecOps will ___ the server configuration to reduce the attack surface.'
We 'harden a configuration' — 'harden' is the technical security term for applying a set of controls to minimise vulnerabilities in a system. 'Secure' is too broad; 'tighten' is informal; 'lock a configuration' suggests immutability rather than security hardening specifically.