Q: 3
A security consultant has been hired by a company to establish its vulnerability management
program. The consultant is now in the deployment phase. Which of the following tasks is part of this
process?
Options
Discussion
A. saw a similar question in a practice set and deployment is all about getting those tools in place.
Option A, but if the org had pre-approved tech and skipped procurement, this could shift.
A tbh. D looks tempting but training usually follows after the tech is actually in place so watch for that trap.
A (not D), . Deployment is mostly about getting the right tools in place, training usually happens after. D can be a trap if you mix up rollout steps, at least in CISSP context.
Seriously wish ISC2 would make these deployment phase definitions less fuzzy. A
Ugh, ISC2 always overcomplicates with their phases. A
C or D. I remember seeing a similar exam question where measuring effectiveness (C) was treated like a deployment metric, since you need to validate things are set up right. But D training stakeholders also feels like it fits the rollout piece. Not totally sure which ISC2 expects here, anyone else see this?
Makes sense to me, this phase is about getting the tech in place so it's A.
A is the best fit for what deployment means in CISSP context, since it’s about getting the actual tools and systems in place. Training stakeholders (D) usually comes later once the supporting tech is running. Pretty sure about this one, but let me know if you see it differently.
ISC2 loves making deployment phase stuff confusing, but A imo.
Be respectful. No spam.
