CompTIA CySA+ (CS0-003) — Question 192

A security team needs to demonstrate how prepared the team is in the event of a cyberattack. Which of the following would best demonstrate a real-world incident without impacting operations?

Answer options

• A. Review lessons-learned documentation and create a playbook.
• B. Gather all internal incident response party members and perform a simulation.
• C. Deploy known malware and document the remediation process.
• D. Schedule a system recovery to the DR site for a few applications.

Correct answer: B

Explanation

The correct answer is B because conducting a simulation allows the team to practice their response to a cyberattack in a controlled environment without affecting actual operations. The other options do not provide the same level of practical experience; A focuses on documentation, C involves introducing actual malware which could disrupt operations, and D is about recovery which doesn't simulate an attack scenario.