CompTIA
CAS-003 · Question #583
CAS-003 Question #583: Real Exam Question with Answer & Explanation
The correct answer is D: a guided tabletop exercise.. A guided tabletop exercise lets the new CISO observe CIRT decision-making and process flow through discussion-based simulation without executing any technical actions or touching live systems.
Question
A newly hired Chief Information Security Officer (CISO) wants to understand how the organization's CIRT handles issues brought to their attention, but needs to be very cautious about impacting any systems. The MOST appropriate method to use would be:
Options
- Aan internal vulnerability assessment.
- Ba red-team threat-hunt exercise.
- Ca white-box penetration test.
- Da guided tabletop exercise.
Explanation
A guided tabletop exercise lets the new CISO observe CIRT decision-making and process flow through discussion-based simulation without executing any technical actions or touching live systems.
Common mistakes.
- A. An internal vulnerability assessment actively probes and scans live systems, directly risking availability disruption and potentially triggering unplanned CIRT responses.
- B. A red-team threat-hunt exercise involves active adversarial simulation against live infrastructure, which carries meaningful risk of service disruption.
- C. A white-box penetration test exploits the environment with full system knowledge, representing the highest likelihood of impacting production systems.
Concept tested. Tabletop exercise for CIRT process evaluation
Reference. https://www.cisa.gov/resources-tools/services/exercise-program
Community Discussion
No community discussion yet for this question.