CISSP · Question #574
A security consultant has been hired by a company to establish its vulnerability management program. The consultant is now in the deployment phase. Which of the following tasks is part of this process
The correct answer is A. Select and procure supporting technologies.. Vulnerability management program deployment involves implementing the technical infrastructure and tools needed to operationalize the program. Selecting and procuring supporting technologies is a core deployment-phase activity.
Question
A security consultant has been hired by a company to establish its vulnerability management program. The consultant is now in the deployment phase. Which of the following tasks is part of this process?
Options
- ASelect and procure supporting technologies.
- BDetermine a budget and cost analysis for the program.
- CMeasure effectiveness of the program's stated goals.
- DEducate and train key stakeholders.
How the community answered
(54 responses)- A89% (48)
- B6% (3)
- C2% (1)
- D4% (2)
Why each option
Vulnerability management program deployment involves implementing the technical infrastructure and tools needed to operationalize the program. Selecting and procuring supporting technologies is a core deployment-phase activity.
During the deployment phase of a vulnerability management program, the focus shifts to operationalizing the program by selecting, procuring, and configuring the actual technologies (e.g., scanners, SIEM integrations, patch management tools) that will execute the defined processes. This phase translates planning decisions into working infrastructure, making technology procurement a defining deployment task.
Determining a budget and cost analysis is a planning/pre-deployment phase activity, performed before deployment begins, to secure funding and define the program's scope.
Measuring the effectiveness of the program's stated goals is a post-deployment or operations/review phase activity, conducted after the program is running to assess outcomes.
Educating and training key stakeholders is typically associated with the awareness or rollout phase that follows deployment, ensuring personnel can use and support the implemented tools and processes.
Concept tested: Vulnerability management program deployment phase tasks
Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r4.pdf
Topics
Community Discussion
No community discussion yet for this question.