An organization’s Chief Security Officer (CSO) wants to validate the business’s involvement in the incident response plan to ensure its validity and thoroughness.
Which of the following will the CSO MOST likely use?
A . An external security assessment
B . A bug bounty program
C . A tabletop exercise
D . A red-team engagement
Answer: C