An incident response manager wants to hold an exercise to validate the procedures in the incident response plan (IRP). The primary goal is to ensure all team members understand their roles, responsibilities, and the established communication channels in a data breach scenario, without impacting live systems. Which of the following activities would be MOST appropriate to achieve this objective?
A tabletop exercise is the most appropriate activity for the stated goal. Tabletop exercises are discussion-based sessions where team members walk through a simulated incident to review and validate the incident response plan. Their main focus is on communication, roles, responsibilities, and decision-making processes in a low-stress environment, without using live systems. A full-scale simulation involves a much more hands-on approach in a live or simulated environment to test technical capabilities. A penetration test is designed to find and exploit vulnerabilities, not primarily to test the IRP. A red team exercise is an adversarial simulation designed to test an organization's overall defensive and response capabilities against a real-world attacker, which is broader and more technical than the described goal.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Tabletop exercise?
Open an interactive chat with Bash
What is an incident response plan?
Open an interactive chat with Bash
What are the main goals of conducting a Tabletop exercise?