Exam SY0-601 topic 1 question 148 discussion

A Cyber Security tabletop exercise is a discussion-based event (not real). If they are looking for "real world" solution to validate their IRP then the best option would be a "Red Team" as they can simulate a real-world event testing your organizations IRP. let me know If I am missing something.

A tabletop exercise (also called a desktop exercise) is discussionbased. A coordinator gathers participants in a classroom or conference room and leads them through one or more hypothetical scenarios such as a cyberattack or a natural disaster. As the coordinator introduces each stage of the scenario, the participants identify how they would respond based on an organization’s plan. This generates discussion about team members’ roles and responsibilities and the decision-making process during an incident. During a tabletop exercise, the coordinator may inject additional information. As an example, imagine the initial scenario is about a wildfire threatening a remote office. As participants discuss their responses, the coordinator may announce that the winds shifted and the wildfire is now threatening the organization’s main location. This additional scenario is planned in advance and mimics potential events that may occur in a real-life situation.

Red team may not led to system failure but still have some affected to the daily operations through their actions, while tabletop (desktop exercise) is purely similate the incident in the meeting room, that complete has no affect to any systems

A tabletop exercise is a type of scenario-based simulation that allows organizations to validate their incident response plan without executing the plan in a real-world environment. It involves a discussion-based approach, where key stakeholders come together in a controlled environment to walk through a hypothetical incident and discuss their responses, decision points, and actions. This exercise allows the organization to identify areas of improvement, test communication and coordination, and assess the effectiveness of their incident response procedures without disrupting regular operations.

Guys a Tabletop exercise would still interrupt daily operations, whereas a red team would usually be subbed to a third party.

key point- test decision points and relevant incident response actions without interrupting daily operations "A tabletop exercise (also called a desktop exercise) is discussion-based. A coordinator gathers participants in a classroom or conference room and leads them through one or more hypothetical scenarios such as a cyberattack or a natural disaster. As the coordinator introduces each stage of the scenario, the participants identify how they would respond based on an organization’s plan. This generates discussion about team members’ roles and responsibilities and the decision-making process during an incident." -Security+ Get Certified Get Ahead SY0-601 by Darril Gibson

A tabletop exercise would BEST meet the company’s requirements as it is designed to simulate an incident in a low-risk environment, such as a conference room, where participants discuss and walk through the response plan and identify gaps and opportunities for improvement1. This type of exercise tests decision points and relevant incident response actions without interrupting daily operations

It's table top. The other activities, even a phishing exercise, interrupts daily activities. For the phishing activity, you receive a non-work related email, that interrupts your daily activities.

A tabletop exercise would BEST meet the company's requirements as it is designed to simulate an incident in a low-risk environment, such as a conference room, where participants discuss and walk through the response plan and identify gaps and opportunities for improvement. It would allow decision points to be tested, relevant incident response actions to be evaluated, and facilitate discussion of response and recovery procedures without interrupting daily operations. Red-team exercises, capture-the-flag exercises, and phishing exercises are all designed to simulate real-world attacks and test specific security controls, and may not be suitable for validating an incident response plan.

The tabletop exercise is a verbally-simulated scenario that mimics a real cybersecurity incident which could have a damaging impact on your business continuity.

We're testing decision points and incident response actions. The answer is A. It's definitely not capture the flag. It's not TTXs. Those take away from daily ops. Phishing exercises isn't wrong, but red-table exercises would be the most correct fit since the network is being attacked and we're testing out our current incident response.

I'll go with phishing

Answer is Red team exercise. The actions are real world and intended to simulate the operational approach of a ransomware-style attack without overwriting sensitive files.

Red Team exercises differ from penetration testing in that they don’t focus on a single application or system, but instead set out to exploit multiple systems and potential avenues of attack. The gloves are off, and “Think like an attacker” is the rule of play. Usually, Red Teams are part of your internal security team, though sometimes they can be from external or dedicated agencies. While thinking like an attacker, a Red Team group acts as (and provides security feedback from the perspective of) a malicious threat or challenger. It’s up to the business’s dedicated security team – the Blue Team – to provide a suitable response in detecting, combating, and weakening their opposition. Prior to the Red Team exercise, it’s usual that the Blue Team won’t know the plan or what is coming. This is in order to make the exercise as realistic as possible. https://www.imperva.com/blog/what-are-red-team-exercises-and-why-are-they-important/

Although table top is a the most voted answer , "without interruping daily operations" leads me to think D would be correct. Tabletops involve physical participants to sit down and talk through incidents. This would take time and people away from daily operations. A phishing tactic could be done by 1 security officer and sent out as a daily email. Correct me if I'm wrong.

C is correct

C is the correct answer