Certified Information Security Manager (CISM) — Question 827

Which of the following is the BEST way to determine the effectiveness of an incident response plan?

Answer options

• A. Reviewing previous audit reports
• B. Benchmarking the plan against best practices
• C. Performing a penetration test
• D. Conducting a tabletop exercise

Correct answer: D

Explanation

Conducting a tabletop exercise is the best way to assess an incident response plan as it allows teams to simulate real scenarios and evaluate their responses in a controlled environment. While reviewing audit reports and benchmarking against best practices can provide insights, they do not test the plan's effectiveness in action. Penetration tests focus on vulnerabilities rather than the response process itself.