CompTIA CASP+ (CAS-004) — Question 315

A Chief Information Security Officer (CISO) reviewed data from a cyber exercise that examined all aspects of the company’s response plan. Which of the following best describes what the CISO reviewed?

Answer options

• A. An after-action report
• B. A tabletop exercise
• C. A system security plan
• D. A disaster recovery plan

Correct answer: A

Explanation

The correct answer is A, as an after-action report summarizes the findings and lessons learned from an exercise. The other options are not accurate in this context; a tabletop exercise is a type of drill, a system security plan outlines security controls, and a disaster recovery plan focuses on restoring operations after a disruption.