Certified Information Systems Security Professional (CISSP) — Question 200

A security consultant has been hired by a company to establish its vulnerability management program. The consultant is now in the deployment phase. Which of the following tasks is part of this process?

Answer options

• A. Educate and train key stakeholders.
• B. Measure effectiveness of the program’s stated goals.
• C. Determine a budget and cost analysis for the program.
• D. Select and procure supporting technologies.

Correct answer: D

Explanation

Selecting and procuring supporting technologies is essential during the deployment phase as it ensures that the necessary tools are in place to implement the vulnerability management program effectively. The other options relate to training, evaluation, and budgeting, which are typically addressed in earlier phases of program development rather than during deployment.