CompTIA SecurityX (CAS-005) — Question 159

During an audit at an organization, auditors find that developers are able to promote code to production. The auditors request a full review of all production changes. Which of the following should the organization implement to prevent a full review in the future?

Answer options

• A. Branch protection
• B. Centralized code repositories
• C. Interactive application security testing
• D. Change control board

Correct answer: D

Explanation

Implementing a Change Control Board (CCB) ensures that all changes are reviewed and approved before being deployed, which minimizes the need for post-deployment audits. Branch protection and centralized code repositories enhance security and control but do not directly address the need for review processes. Interactive application security testing is focused on security rather than change management, making it less relevant for this scenario.