Which term describes the selection of items included in the risk activities based on understanding the full risk universe and down-selecting the specific part of the enterprise to which the risk activities will be applied?

The idea being tested is how a risk program is bounded and directed across an organization. The full set of risks an organization could face is the risk universe, while the boundary of what will be assessed and where in the business risk activities will be applied is the scope. But pulling these pieces together—deciding what to include, how to apply risk activities across the enterprise, and coordinating the overall effort—belongs to risk management. It’s the overarching process that defines how risks are identified, evaluated, and addressed within the defined boundaries of the organization. So this term best describes the activity described in the question. The other terms describe parts of that picture: the risk universe is the complete set of risks, risk scope is the boundary of the assessment, and an asset is a thing that may be affected by risk.