Q: 3
A security consultant has been hired by a company to establish its vulnerability management
program. The consultant is now in the deployment phase. Which of the following tasks is part of this
process?
Options
Discussion
A. saw a similar question in a practice set and deployment is all about getting those tools in place.
A (not D), . Deployment is mostly about getting the right tools in place, training usually happens after. D can be a trap if you mix up rollout steps, at least in CISSP context.
Seriously wish ISC2 would make these deployment phase definitions less fuzzy. A
Ugh, ISC2 always overcomplicates with their phases. A
A is the best fit for what deployment means in CISSP context, since it’s about getting the actual tools and systems in place. Training stakeholders (D) usually comes later once the supporting tech is running. Pretty sure about this one, but let me know if you see it differently.
ISC2 loves making deployment phase stuff confusing, but A imo.
A , deployment phase is all about selecting and buying the right tools, not training folks.
A or D? Not totally sure since training can overlap with rollout, but pretty sure A matches typical deployment steps.
Deployment phase is about putting tools into production, so A. Budgeting and training come before or after, not during deployment.
B for me. Had something like this in a mock and it focused on budgeting during deployment. Pretty sure that financial planning happens here too, not just tech setup.
Be respectful. No spam.
