CompTIA CASP+ (CAS-004) — Question 389

An organization is working to secure its development process to ensure developers cannot deploy artifacts directly into the production environment. Which of the following security practice recommendations would be the best to accomplish this objective?

Answer options

• A. Implement least privilege access to all systems.
• B. Roll out security awareness training for all users.
• C. Set up policies and systems with separation of duties.
• D. Enforce job rotations for all developers and administrators.
• E. Utilize mandatory vacations for all developers.
• F. Review all access to production systems on a quarterly basis.

Correct answer: C

Explanation

The correct answer is C because separation of duties helps ensure that no single individual can execute all phases of a task, reducing the risk of unauthorized deployments. While least privilege access (A) is important, it does not specifically address the deployment process. Other options like security awareness training (B) and job rotations (D) provide general security benefits but do not directly prevent developers from deploying artifacts to production.