CompTIA SecurityX (CAS-005) — Question 284

The ISAC for the retail industry recently released a report regarding social engineering tactics in which small groups create distractions for employees while other malicious individuals install advanced card skimmers on the payment systems. The Chief Information Security Officer (CISO) thinks that security awareness training, technical control implementations, and governance already in place is adequate to protect from this threat. The board would like to test these controls. Which of the following should the CISO recommend?

Answer options

• A. Dark web monitoring
• B. Adversary emulation engagement
• C. Supply chain risk consultation
• D. Tabletop exercises

Correct answer: B

Explanation

The correct answer, B, Adversary emulation engagement, is appropriate as it involves simulating real-world attack scenarios to test the effectiveness of security measures. This directly assesses the organization's defenses against the specific threat described. The other options, while valuable, do not specifically focus on testing the current controls against the described adversarial tactics.