In MDO risk assessment, which domains are typically considered?

• A. Only information.
• B. Only cyber.
• C. Only combat.
• D. Combat, cyber, information, and legitimacy.

Answer: (D)

Risk assessment in Multi-Domain Operations looks across all domains that shape mission success. The combat domain covers physical force, maneuver, and kinetic effects; cyber encompasses disruption of networks, sensors, and command-and-control. The information domain accounts for messaging, perception, and the spread of propaganda or misinformation that can influence decision-making and stability. Legitimacy considers political, legal, and normative constraints—domestic support, alliance cohesion, and international perception—that can enable or restrict actions. These domains are interdependent; a setback in one can ripple into others—cyber or information problems can degrade combat effectiveness, while compromised legitimacy can limit access or escalation tolerance. So a comprehensive risk assessment evaluates threats, vulnerabilities, and potential consequences across all four domains, making the full set the best choice.