CompTIA Security+ (SY0-601) — Question 748

A company needs to validate its updated incident response plan using a real-world scenario that will test decision points and relevant incident response actions without interrupting daily operations. Which of the following would BEST meet the company's requirements?

Answer options

• A. Red-team exercise
• B. Capture-the-flag exercise
• C. Tabletop exercise
• D. Phishing exercise

Correct answer: C

Explanation

A tabletop exercise is ideal for discussing and validating an incident response plan in a controlled environment, allowing for a thorough examination of decision points without disrupting normal activities. In contrast, a red-team exercise involves active testing against adversaries, a capture-the-flag exercise focuses on skill challenges, and a phishing exercise targets user awareness, all of which could interrupt daily business functions.