WGU D373 CHAPTER 6 RISK MANAGEMENT EXAM
178 QUESTIONS WITH VERIFIED ANSWERS
2025/2026
False - CORRECT ANSWER Having an established risk management program means
that an organization's assets are completely protected. T/F
False - CORRECT ANSWER The IT community often takes on the leadership role in
addressing risk. T/F
False - CORRECT ANSWER MAC addresses are considered a reliable identifier for
devices with network interfaces because they are essentially foolproof. T/F
True - CORRECT ANSWER Likelihood is the overall rating of the probability that a
specific vulnerability will be exploited or attacked. T/F
True - CORRECT ANSWER Some threats can manifest in multiple ways, yielding
multiple vulnerabilities for an asset-threat pair. T/F
True - CORRECT ANSWER When operating any kind of organization, a certain
amount of risk is always involved. T/F
Assessment - CORRECT ANSWER Risk identification, risk analysis, and risk
evaluation are part of a single function known as risk __
,Vulnerabilities - CORRECT ANSWER Some threats can manifest in multiple ways,
yielding multiple __ for an asset-threat pair.
Identification - CORRECT ANSWER The recognition, enumeration, and
documentation of risks to an organization's information assets is known as risk __
Threat - CORRECT ANSWER An evaluation of the threats to information assets,
including a determination of their potential to endanger the organization, is
known as __ assessment.
Data classification scheme - CORRECT ANSWER A formal access control
methodology used to assign a level of confidentiality to an information asset and
thus restrict the number of people who can access it is known as a __ __ __
Likelihood - CORRECT ANSWER The probability that a specific vulnerability within
an organization will be the target of an attack is known as __
Information Security - CORRECT ANSWER The __ __ management community of
interest often takes on the leadership role in addressing risk.
True - CORRECT ANSWER A prioritized list of assets and threats can be combined
with vulnerabilities information into a specialized report known as a TVA
worksheet. T/F
Estimation - CORRECT ANSWER The degree to which a current control can reduce
risk is also subject to __ error.
, Collected, processed, transmitted - CORRECT ANSWER For an organization to
manage its InfoSec risk properly, managers should understand how information is
__, __ , and __
True - CORRECT ANSWER The Risk Management Framework includes executive
governance and support. T/F
False - CORRECT ANSWER The Risk Management Framework includes process
contingency planning. T/F
True - CORRECT ANSWER The Risk Management Framework includes framework
design and continuous improvement. T/F
RM framework - CORRECT ANSWER What denotes the overall structure of the
strategic planning and design for the entirety of the organization's RM efforts?
RM process - CORRECT ANSWER What denotes the identification, analysis,
evaluation, and treatment of risk to information assets?
legal, business, threat - CORRECT ANSWER Factors that affect the external context
and impact the RM process, its goals, and its objectives include the __, __, and __
environments.
c - CORRECT ANSWER Which of the following is not a role of managers within the
communities of interest in controlling risk?
a. general management must structure the IT and InfoSec functions
178 QUESTIONS WITH VERIFIED ANSWERS
2025/2026
False - CORRECT ANSWER Having an established risk management program means
that an organization's assets are completely protected. T/F
False - CORRECT ANSWER The IT community often takes on the leadership role in
addressing risk. T/F
False - CORRECT ANSWER MAC addresses are considered a reliable identifier for
devices with network interfaces because they are essentially foolproof. T/F
True - CORRECT ANSWER Likelihood is the overall rating of the probability that a
specific vulnerability will be exploited or attacked. T/F
True - CORRECT ANSWER Some threats can manifest in multiple ways, yielding
multiple vulnerabilities for an asset-threat pair. T/F
True - CORRECT ANSWER When operating any kind of organization, a certain
amount of risk is always involved. T/F
Assessment - CORRECT ANSWER Risk identification, risk analysis, and risk
evaluation are part of a single function known as risk __
,Vulnerabilities - CORRECT ANSWER Some threats can manifest in multiple ways,
yielding multiple __ for an asset-threat pair.
Identification - CORRECT ANSWER The recognition, enumeration, and
documentation of risks to an organization's information assets is known as risk __
Threat - CORRECT ANSWER An evaluation of the threats to information assets,
including a determination of their potential to endanger the organization, is
known as __ assessment.
Data classification scheme - CORRECT ANSWER A formal access control
methodology used to assign a level of confidentiality to an information asset and
thus restrict the number of people who can access it is known as a __ __ __
Likelihood - CORRECT ANSWER The probability that a specific vulnerability within
an organization will be the target of an attack is known as __
Information Security - CORRECT ANSWER The __ __ management community of
interest often takes on the leadership role in addressing risk.
True - CORRECT ANSWER A prioritized list of assets and threats can be combined
with vulnerabilities information into a specialized report known as a TVA
worksheet. T/F
Estimation - CORRECT ANSWER The degree to which a current control can reduce
risk is also subject to __ error.
, Collected, processed, transmitted - CORRECT ANSWER For an organization to
manage its InfoSec risk properly, managers should understand how information is
__, __ , and __
True - CORRECT ANSWER The Risk Management Framework includes executive
governance and support. T/F
False - CORRECT ANSWER The Risk Management Framework includes process
contingency planning. T/F
True - CORRECT ANSWER The Risk Management Framework includes framework
design and continuous improvement. T/F
RM framework - CORRECT ANSWER What denotes the overall structure of the
strategic planning and design for the entirety of the organization's RM efforts?
RM process - CORRECT ANSWER What denotes the identification, analysis,
evaluation, and treatment of risk to information assets?
legal, business, threat - CORRECT ANSWER Factors that affect the external context
and impact the RM process, its goals, and its objectives include the __, __, and __
environments.
c - CORRECT ANSWER Which of the following is not a role of managers within the
communities of interest in controlling risk?
a. general management must structure the IT and InfoSec functions
