CompTIA CySA+CS0-002 – Question160

As part of the senior leadership team's ongoing risk management activities, the Chief Information Security Officer has tasked a security analyst with coordinating the right training and testing methodology to respond to new business initiatives or significant changes to existing ones. The management team wants to examine a new business process that would use existing infrastructure to process and store sensitive data. Which of the following would be appropriate for the security analyst to coordinate?

A.
A black-box penetration testing engagement
B. A tabletop exercise
C. Threat modeling
D. A business impact analysis

Correct Answer: B