[&] Why is testing an incident response plan important in cybersecurity management?
- To reduce employee workload
- To ensure the plan functions as intended during actual incidents
- To guarantee 100% security for the organization
- To understand employee roles better

[&] Why is it important for an incident response plan to be consistent with an organization's existing capacity, resources, and infrastructure?
- To adhere to all governmental regulations
- To maintain employee job satisfaction
- To ensure effective incident management and quick recovery
- To allow integration with social media platforms

[&] Which phase of the incident response process involves removing threats such as malware?
- Containment
- Recovery
- Eradication
- Detection and analysis

[&] What is the difference between an incident response policy and an incident response plan?
- A policy is tactical; a plan is a strategic directive.
- A policy is strategic; a plan is a tactical execution guide.
- A policy includes playbooks; a plan outlines policies.
- A policy is operational; a plan is strategic.

[&] What is the primary purpose of an incident response plan?
- To direct all IT operations of an organization
- To outline procedures to detect, respond to, and recover from cybersecurity incidents
- To outline how to acquire new security tools
- To list all employees' contact information