Why is a cyber tabletop exercise used?

• A. To test physical security measures.
• B. To implement software patches in production.
• C. To identify threat vectors and risks, categorize consequences by likelihood and impact, and inform mitigations.
• D. To train on hardware repair.

Answer: (C)

A cyber tabletop exercise is a discussion-based review of how an organization would respond to a hypothetical cyber incident. It focuses on identifying potential threat vectors, assessing risks by considering likelihood and impact, and deciding on mitigations and response actions. This format emphasizes decision-making, roles, communication, and governance, helping teams practice coordination without making live changes to systems.

That’s why this option is the best fit: it explicitly covers identifying threat vectors and risks, and mapping them to consequences and mitigations. The other activities describe hands-on tasks—testing physical security, applying patches in production, or repairing hardware—which are not the purpose of a tabletop exercise.