Zero-trust architecture requires precise language. Verify identity, authorise access, and revoke credentials are not interchangeable with their near-synonyms. These exercises train you to select the exact collocations used in security documentation, IAM policies, and incident reports.
0 / 5 completed
1 / 5
Every time a service calls another microservice, the gateway must ___ before processing the request.
Verify identity is the canonical zero-trust collocation. In zero-trust architecture, identity verification is the foundational principle — 'never trust, always verify'. 'Validate' is close but typically refers to format/schema checks; 'check' and 'confirm' are too informal.
2 / 5
The API gateway is configured to ___ using JWT tokens before forwarding it upstream.
Authenticate the request is the professional security collocation. Authentication specifically means confirming the identity of the caller. 'Verify' overlaps but is broader; 'validate' is used for schema/format validation; 'check' is too vague.
3 / 5
The IAM policy is evaluated on every call to ___ based on the user's role.
Authorise access is the standard security collocation in zero-trust systems. Authorisation (distinct from authentication) determines what an authenticated entity is allowed to do. 'Authorise' is the formal technical verb used in IAM and policy documentation.
4 / 5
Following the principle of least privilege, the system should only ___ necessary to complete the task.
Grant least privilege is the established security collocation. 'Grant' is the standard verb for bestowing permissions or access rights in IAM systems. The phrase 'principle of least privilege' uses 'grant' as the operational verb for its enforcement.
5 / 5
When an employee leaves the company, the security team must immediately ___ to prevent unauthorised access.
Revoke credentials is the formal security collocation. 'Revoke' specifically means withdrawing previously granted access rights or certificates. It is the standard term in PKI, OAuth, and identity management — 'delete' and 'remove' are too generic and may not convey the immediate invalidation implied.