CompTIA CySA+ (CS0-002) — Question 299

A security team has begun updating the risk management plan, incident response plan, and system security plan to ensure compliance with security review guidelines. Which of the following can be executed by internal managers to simulate and validate the proposed changes?

Answer options

• A. Internal management review
• B. Control assessment
• C. Tabletop exercise
• D. Peer review

Correct answer: C

Explanation

The correct answer is C, as a tabletop exercise allows internal managers to simulate scenarios and evaluate the effectiveness of proposed changes in a controlled environment. Options A, B, and D do not provide the same interactive simulation and validation opportunity that a tabletop exercise offers.