A security team needs to demonstrate how prepared the team is in the event of a cyberattack. Which of the following would best demonstrate a real-world incident without impacting operations?
A.
Review lessons-learned documentation and create a playbook.
B.
Gather all internal incident response party members and perform a simulation.
C.
Deploy known malware and document the remediation process.
D.
Schedule a system recovery to the DR site for a few applications.
B. Gather all internal incident response party members and perform a simulation.
A simulation exercise is the best way to test the team's preparedness and response capabilities in a controlled environment. It allows the team to practice:
Communication and coordination: How well team members work together
Incident handling procedures: Following established protocols
Decision-making: Making timely and effective decisions under pressure
Tool usage: Effectively utilizing security tools and technologies
Incident documentation: Recording actions and lessons learned
upvoted 4 times
...
This section is not available anymore. Please use the main Exam Page.CS0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ChopSNap
5 months, 2 weeks ago