CompTIA CASP+ (CAS-004) — Question 276

A security manager has written an incident response play book for insider attacks and is ready to begin testing it. Which of the following should the manager conduct to test the playbook?

Answer options

• A. Automated vulnerability scanning
• B. Centralized logging, data analytics, and visualization
• C. Threat hunting
• D. Threat emulation

Correct answer: D

Explanation

Threat emulation is the correct choice as it involves simulating insider threats to test the effectiveness of the incident response playbook. The other options, while important for overall security, do not specifically assess the response to insider attacks as effectively as threat emulation does.