Which of the following statements is true about how Risk Statements relate to Entity Types?

When a Risk Statement is linked to an Entity Type, the system uses that type as a scope for the risk. It automatically creates a separate risk instance for every Entity that belongs to that type, turning a single statement into per-entity risks you can assess and manage individually. This lets you apply the same risk description across all related entities while tracking likelihood, impact, and mitigations at the entity level. For example, if you have an Entity Type called Vendor and a Risk Statement like "Sensitive data exposed through vendor portal," assigning the Vendor type to that statement seeds a risk for each vendor in your catalog. This provides broad coverage without manual entry, and you can tailor risk details per vendor as needed. The other options would imply automatic assessments, policy changes, or no automatic impact, which do not reflect how the linkage creates per-entity risk records.