CompTIA CySA+ (CS0-003) — Question 240

A new SOC manager reviewed findings regarding the strengths and weaknesses of the last tabletop exercise in order to make improvements. Which of the following should the SOC manager utilize to improve the process?

Answer options

• A. The most recent audit report
• B. The incident response playbook
• C. The incident response plan
• D. The lessons-learned register

Correct answer: D

Explanation

The lessons-learned register is specifically designed to capture insights from past exercises and incidents, making it a valuable tool for improvement. The other options, while useful in different contexts, do not focus on the specific feedback and lessons derived from previous tabletop exercises.