A tabletop exercise is a useful tool for testing the functionality of a firm’s incident response plan and identifying gaps and other weaknesses in the firm’s cyber preparedness. This article, the second in a two-part series, outlines ways to successfully conduct tabletop exercises, including their content and scope, participant engagement, common errors and follow-up. The first article addressed how to effectively develop tabletop exercises, including whether they should be conducted in-house or externally, who should participate, what role counsel should play and how frequent and long it should be. See “Reacting Quickly With a Nimble Incident Response Plan” (May 31, 2017).