FedVTE Fundamentals of Cyber
Risk Management Exam
Questions and Answers (Grade
A+)
Which of the following families of controls belong to the technical class of controls?—
ANSWER--Identification and Authentication
Which of the following is a management strategy for addressing risk?—ANSWER--Accept
Cyber risk management solutions are typically done through which categories of security
controls?—ANSWER--Technical, Physical, Administrative
There are agreements organizations may enter into where one party is willing to accept an
amount of risk from another. That transfer is a strategy for managing risk.—ANSWER--TRUE
Which security principle is concerned with the unauthorized modification of important or
sensitive information?—ANSWER--Integrity
Simulating attack from a malicious source could be part of penetration testing.—ANSWER--
TRUE
Which of the following is an example of a physical control?—ANSWER--Security guard
Incident response planning phase 1 (preparation) calls for:—ANSWER--Not B or C
, The inputs (threat source motivation, threat capacity, nature of vulnerability, and current
controls) will aid in generating output used in which step of the NIST SP risk assessment
guidance?—ANSWER--Likelihood Determination
The threat-source is motivated and capable, but controls are in place that may impede
successful exercise of the vulnerability. Which likelihood rating does this describe?—
ANSWER--Medium
Which technical control places publicly accessible servers in a special network separated
from the internal network?—ANSWER--De-militarized Zone
Establishing the context and providing common perspective on how organizations manage
risk is the goal of:—ANSWER--Risk Framing
In the event of a major disaster, which of the following is a fully equipped alternate site,
requiring the shortest setup time to resume full business operations?—ANSWER--Hot
Methods of response for managing risks are:—ANSWER--Accept, Transfer, Mitigate, Avoid
All of the following business assets have threats that would be included for consideration as
a part of threat analysis EXCEPT:—ANSWER--All of the above would be included
The threat source is highly motivated and sufficiently capable, and controls to prevent the
vulnerability from being exercised are ineffective. Which likelihood rating does this
describe?—ANSWER--High
Which tier of risk management is associated with Enterprise Architecture?—ANSWER--Not A
or D
© 2026 Copyright. All Rights Reserved. This document is
protected by copyright law, Copyrighted By Brittie Donald
Risk Management Exam
Questions and Answers (Grade
A+)
Which of the following families of controls belong to the technical class of controls?—
ANSWER--Identification and Authentication
Which of the following is a management strategy for addressing risk?—ANSWER--Accept
Cyber risk management solutions are typically done through which categories of security
controls?—ANSWER--Technical, Physical, Administrative
There are agreements organizations may enter into where one party is willing to accept an
amount of risk from another. That transfer is a strategy for managing risk.—ANSWER--TRUE
Which security principle is concerned with the unauthorized modification of important or
sensitive information?—ANSWER--Integrity
Simulating attack from a malicious source could be part of penetration testing.—ANSWER--
TRUE
Which of the following is an example of a physical control?—ANSWER--Security guard
Incident response planning phase 1 (preparation) calls for:—ANSWER--Not B or C
, The inputs (threat source motivation, threat capacity, nature of vulnerability, and current
controls) will aid in generating output used in which step of the NIST SP risk assessment
guidance?—ANSWER--Likelihood Determination
The threat-source is motivated and capable, but controls are in place that may impede
successful exercise of the vulnerability. Which likelihood rating does this describe?—
ANSWER--Medium
Which technical control places publicly accessible servers in a special network separated
from the internal network?—ANSWER--De-militarized Zone
Establishing the context and providing common perspective on how organizations manage
risk is the goal of:—ANSWER--Risk Framing
In the event of a major disaster, which of the following is a fully equipped alternate site,
requiring the shortest setup time to resume full business operations?—ANSWER--Hot
Methods of response for managing risks are:—ANSWER--Accept, Transfer, Mitigate, Avoid
All of the following business assets have threats that would be included for consideration as
a part of threat analysis EXCEPT:—ANSWER--All of the above would be included
The threat source is highly motivated and sufficiently capable, and controls to prevent the
vulnerability from being exercised are ineffective. Which likelihood rating does this
describe?—ANSWER--High
Which tier of risk management is associated with Enterprise Architecture?—ANSWER--Not A
or D
© 2026 Copyright. All Rights Reserved. This document is
protected by copyright law, Copyrighted By Brittie Donald
