CompTIA CASP+ (CAS-004) — Question 186

An enterprise is undergoing an audit to review change management activities when promoting code to production. The audit reveals the following:

• Some developers can directly publish code to the production environment.
• Static code reviews are performed adequately.
• Vulnerability scanning occurs on a regularly scheduled basis per policy.

Which of the following should be noted as a recommendation within the audit report?

Answer options

• A. Implement short maintenance windows.
• B. Perform periodic account reviews.
• C. Implement job rotation.
• D. Improve separation of duties.

Correct answer: D

Explanation

The correct answer is D because improving the separation of duties helps to mitigate risks associated with unauthorized changes and ensures that no single individual has control over the entire deployment process. Options A, B, and C do not directly address the identified issue of developers having direct access to production, which could lead to security vulnerabilities.