nerdexam
(ISC)2

CISSP · Question #574

A security consultant has been hired by a company to establish its vulnerability management program. The consultant is now in the deployment phase. Which of the following tasks is part of this process

The correct answer is A. Select and procure supporting technologies.. Vulnerability management program deployment involves implementing the technical infrastructure and tools needed to operationalize the program. Selecting and procuring supporting technologies is a core deployment-phase activity.

Submitted by akirajp· Mar 5, 2026Security Assessment and Testing

Question

A security consultant has been hired by a company to establish its vulnerability management program. The consultant is now in the deployment phase. Which of the following tasks is part of this process?

Options

  • ASelect and procure supporting technologies.
  • BDetermine a budget and cost analysis for the program.
  • CMeasure effectiveness of the program's stated goals.
  • DEducate and train key stakeholders.

How the community answered

(54 responses)
  • A
    89% (48)
  • B
    6% (3)
  • C
    2% (1)
  • D
    4% (2)

Why each option

Vulnerability management program deployment involves implementing the technical infrastructure and tools needed to operationalize the program. Selecting and procuring supporting technologies is a core deployment-phase activity.

ASelect and procure supporting technologies.Correct

During the deployment phase of a vulnerability management program, the focus shifts to operationalizing the program by selecting, procuring, and configuring the actual technologies (e.g., scanners, SIEM integrations, patch management tools) that will execute the defined processes. This phase translates planning decisions into working infrastructure, making technology procurement a defining deployment task.

BDetermine a budget and cost analysis for the program.

Determining a budget and cost analysis is a planning/pre-deployment phase activity, performed before deployment begins, to secure funding and define the program's scope.

CMeasure effectiveness of the program's stated goals.

Measuring the effectiveness of the program's stated goals is a post-deployment or operations/review phase activity, conducted after the program is running to assess outcomes.

DEducate and train key stakeholders.

Educating and training key stakeholders is typically associated with the awareness or rollout phase that follows deployment, ensuring personnel can use and support the implemented tools and processes.

Concept tested: Vulnerability management program deployment phase tasks

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r4.pdf

Topics

#Vulnerability management program#Program deployment#Security controls procurement

Community Discussion

No community discussion yet for this question.

Full CISSP Practice