A security team has begun updating the risk management plan, incident response plan, and system security plan to ensure compliance with security review guidelines. Which of the following can be executed by internal managers to simulate and validate the proposed changes?

A. Internal management review
B. Control assessment
C. Tabletop exercise
D. Peer review