Your organization schedules a quarterly tabletop exercise for the incident-response team. In a conference room, a facilitator presents a ransomware scenario, then asks each functional lead to describe the first-hour actions they would take, the stakeholders they would notify, and which steps in the existing playbook need revision. No live systems are touched during the drill. Which activity best describes what the participants are primarily doing in this tabletop exercise?
Writing new security policies for immediate executive approval
Discussing a hypothetical incident to validate and refine response procedures
Executing a full-scale live cyber-range simulation with production traffic
Deploying and tuning endpoint detection tools in a lab environment
A tabletop exercise is a discussion-based drill in which stakeholders walk through a hypothetical scenario to validate roles, responsibilities, and documented procedures. They do not deploy tools, change firewall rules, or conduct live simulations; those tasks might be scheduled later based on the lessons learned. Drafting new security policies can be an outcome of the exercise but is not the core activity performed during the session itself.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why are tabletop exercises important for cybersecurity incident response?
Open an interactive chat with Bash
What is the difference between a tabletop exercise and a live simulation?
Open an interactive chat with Bash
Who are the key stakeholders involved in a tabletop exercise?