FEDVTE CYBER RISK MANAGEMENT
FOR MANAGERS EXAM 2025
QUESTIONS AND ANSWERS
Of the risk mitigation steps, in which step does management determine the most cost-
effective control(s) for reducing risk to the organization's mission? -
....ANSWER ...-Step 4: Select Controls
Which site is fully equipped, requiring only a short setup time due to restoring data
backups and configurations? - ....ANSWER ...-Hot
Data classification directly impacts which of the following? - ....ANSWER ...-All of
the above
A self-replicating program that requires user intervention to spread, and is typically
comprised of a replication element and a payload is a(n)? - ....ANSWER ...-Virus
In managing risks, eliminating the asset's exposure to risk, or eliminating the asset
altogether, describes which one of the following? - ....ANSWER ...-Avoid
Which type of analysis is often expressed as: annual loss expectancy = (asset value x
exposure factor) x annual rate of occurrence? - ....ANSWER ...-Quantitative
Analysis
...©️ 2025, ALL RIGHTS RESERVED 1
, Covert security testing (white hat testing) involves testing without the knowledge of the
organization's IT staff. - ....ANSWER ...-False
People, information, and technology are examples of? - ....ANSWER ...-Assets
Providing a basis for trust between organizations that depend on the information
processed, stored, or transmitted by those systems is an Assurance "Expectation." -
....ANSWER ...-False
Judgmental Valuation is considering variables such as technical complexity, control
procedures in place, and financial loss. - ....ANSWER ...-False
Low humidity within a server room could result in a static electricity build-up/discharge.
- ....ANSWER ...-True
Network architecture and configurations are part of which category of vulnerabilities? -
....ANSWER ...-Design Vulnerabilities
Which of the following does an effective monitoring program NOT include? -
....ANSWER ...-Security impact analyses on proposed or actual changes to the
information system and its environment of operation
Which of the following technical controls place servers that are accessible to the public
in a special network? - ....ANSWER ...-De-Militarized Zone
A locking mechanism which is controlled by a mechanical key pad is known as? -
....ANSWER ...-Cipher lock
The risk equation is Risk = Threat x (Likelihood + Impact) x Vulnerability? -
....ANSWER ...-False
...©️ 2025, ALL RIGHTS RESERVED 2
FOR MANAGERS EXAM 2025
QUESTIONS AND ANSWERS
Of the risk mitigation steps, in which step does management determine the most cost-
effective control(s) for reducing risk to the organization's mission? -
....ANSWER ...-Step 4: Select Controls
Which site is fully equipped, requiring only a short setup time due to restoring data
backups and configurations? - ....ANSWER ...-Hot
Data classification directly impacts which of the following? - ....ANSWER ...-All of
the above
A self-replicating program that requires user intervention to spread, and is typically
comprised of a replication element and a payload is a(n)? - ....ANSWER ...-Virus
In managing risks, eliminating the asset's exposure to risk, or eliminating the asset
altogether, describes which one of the following? - ....ANSWER ...-Avoid
Which type of analysis is often expressed as: annual loss expectancy = (asset value x
exposure factor) x annual rate of occurrence? - ....ANSWER ...-Quantitative
Analysis
...©️ 2025, ALL RIGHTS RESERVED 1
, Covert security testing (white hat testing) involves testing without the knowledge of the
organization's IT staff. - ....ANSWER ...-False
People, information, and technology are examples of? - ....ANSWER ...-Assets
Providing a basis for trust between organizations that depend on the information
processed, stored, or transmitted by those systems is an Assurance "Expectation." -
....ANSWER ...-False
Judgmental Valuation is considering variables such as technical complexity, control
procedures in place, and financial loss. - ....ANSWER ...-False
Low humidity within a server room could result in a static electricity build-up/discharge.
- ....ANSWER ...-True
Network architecture and configurations are part of which category of vulnerabilities? -
....ANSWER ...-Design Vulnerabilities
Which of the following does an effective monitoring program NOT include? -
....ANSWER ...-Security impact analyses on proposed or actual changes to the
information system and its environment of operation
Which of the following technical controls place servers that are accessible to the public
in a special network? - ....ANSWER ...-De-Militarized Zone
A locking mechanism which is controlled by a mechanical key pad is known as? -
....ANSWER ...-Cipher lock
The risk equation is Risk = Threat x (Likelihood + Impact) x Vulnerability? -
....ANSWER ...-False
...©️ 2025, ALL RIGHTS RESERVED 2