CompTIA CySA+ (CS0-002) — Question 79

A company recently hired a new SOC provider and implemented new incident response procedures. Which of the following conjoined approaches would MOST likely be used to evaluate the new implementations for monitoring and incident response at the same time? (Choose two.)

Answer options

• A. Blue-team exercise
• B. Disaster recovery exercise
• C. Red-team exercise
• D. Gray-box penetration test
• E. Tabletop exercise
• F. Risk assessment

Correct answer: A, E

Explanation

The correct answers, A (Blue-team exercise) and E (Tabletop exercise), are effective because they involve active participation in evaluating the response and monitoring capabilities in a simulated environment. The other options either focus on specific scenarios (like disaster recovery) or do not directly assess both monitoring and incident response together.