CompTIACompTIA
SY0-501 · Question #113
SY0-501 Question #113: Real Exam Question with Answer & Explanation
The correct answer is A: Table top exercises. To establish incident response plans and procedures when a security team lacks prior incident experience, tabletop exercises are the most effective approach.
Submitted by eva_at· Mar 4, 2026
Question
A security team wants to establish an Incident Response plan. The team has never experienced an incident. Which of the following would BEST help them establish plans and procedures?
Options
- ATable top exercises
- BLessons learned
- CEscalation procedures
- DRecovery procedures
Explanation
To establish incident response plans and procedures when a security team lacks prior incident experience, tabletop exercises are the most effective approach.
Common mistakes.
- B. Lessons learned are derived from post-incident reviews, but since the team has never experienced an incident, there is no historical data or experience to draw 'lessons' from for establishing initial plans.
- C. Escalation procedures are a specific component within an incident response plan, defining who to notify and when, rather than the primary method for establishing the overall plan and its entire set of procedures from scratch.
- D. Recovery procedures are also a specific component within an incident response plan, focusing on restoring operations, and do not represent the best overarching method for establishing the entire plan and its initial procedures.
Concept tested. Establishing Incident Response plans with tabletop exercises
Community Discussion
No community discussion yet for this question.