FEDVTE FUNDAMENTALS OF
CYBER RISK MANAGEMENT EXAM
2025 QUESTIONS AND ANSWERS
Which of the following families of controls belong to the technical class of controls? -
....ANSWER ...-Identification and Authentication
Which of the following is a management strategy for addressing risk? -
....ANSWER ...-Accept
Cyber risk management solutions are typically done through which categories of security
controls? - ....ANSWER ...-Technical, Physical, Administrative
There are agreements organizations may enter into where one party is willing to accept
an amount of risk from another. That transfer is a strategy for managing risk. -
....ANSWER ...-TRUE
Which security principle is concerned with the unauthorized modification of important
or sensitive information? - ....ANSWER ...-Integrity
Simulating attack from a malicious source could be part of penetration testing. -
....ANSWER ...-TRUE
Which of the following is an example of a physical control? - ....ANSWER ...-
Security guard
...©️ 2025, ALL RIGHTS RESERVED 1
, Incident response planning phase 1 (preparation) calls for: - ....ANSWER ...-Not B
or C
The inputs (threat source motivation, threat capacity, nature of vulnerability, and current
controls) will aid in generating output used in which step of the NIST SP risk
assessment guidance? - ....ANSWER ...-Likelihood Determination
The threat-source is motivated and capable, but controls are in place that may impede
successful exercise of the vulnerability. Which likelihood rating does this describe? -
....ANSWER ...-Medium
Which technical control places publicly accessible servers in a special network separated
from the internal network? - ....ANSWER ...-De-militarized Zone
Establishing the context and providing common perspective on how organizations
manage risk is the goal of: - ....ANSWER ...-Risk Framing
In the event of a major disaster, which of the following is a fully equipped alternate site,
requiring the shortest setup time to resume full business operations? -
....ANSWER ...-Hot
Methods of response for managing risks are: - ....ANSWER ...-Accept, Transfer,
Mitigate, Avoid
All of the following business assets have threats that would be included for consideration
as a part of threat analysis EXCEPT: - ....ANSWER ...-All of the above would be
included
...©️ 2025, ALL RIGHTS RESERVED 2
CYBER RISK MANAGEMENT EXAM
2025 QUESTIONS AND ANSWERS
Which of the following families of controls belong to the technical class of controls? -
....ANSWER ...-Identification and Authentication
Which of the following is a management strategy for addressing risk? -
....ANSWER ...-Accept
Cyber risk management solutions are typically done through which categories of security
controls? - ....ANSWER ...-Technical, Physical, Administrative
There are agreements organizations may enter into where one party is willing to accept
an amount of risk from another. That transfer is a strategy for managing risk. -
....ANSWER ...-TRUE
Which security principle is concerned with the unauthorized modification of important
or sensitive information? - ....ANSWER ...-Integrity
Simulating attack from a malicious source could be part of penetration testing. -
....ANSWER ...-TRUE
Which of the following is an example of a physical control? - ....ANSWER ...-
Security guard
...©️ 2025, ALL RIGHTS RESERVED 1
, Incident response planning phase 1 (preparation) calls for: - ....ANSWER ...-Not B
or C
The inputs (threat source motivation, threat capacity, nature of vulnerability, and current
controls) will aid in generating output used in which step of the NIST SP risk
assessment guidance? - ....ANSWER ...-Likelihood Determination
The threat-source is motivated and capable, but controls are in place that may impede
successful exercise of the vulnerability. Which likelihood rating does this describe? -
....ANSWER ...-Medium
Which technical control places publicly accessible servers in a special network separated
from the internal network? - ....ANSWER ...-De-militarized Zone
Establishing the context and providing common perspective on how organizations
manage risk is the goal of: - ....ANSWER ...-Risk Framing
In the event of a major disaster, which of the following is a fully equipped alternate site,
requiring the shortest setup time to resume full business operations? -
....ANSWER ...-Hot
Methods of response for managing risks are: - ....ANSWER ...-Accept, Transfer,
Mitigate, Avoid
All of the following business assets have threats that would be included for consideration
as a part of threat analysis EXCEPT: - ....ANSWER ...-All of the above would be
included
...©️ 2025, ALL RIGHTS RESERVED 2