CompTIA SecurityX (CAS-005) — Question 71

An organization is working to secure its development process to ensure developers cannot deploy artifacts directly into the production environment. Which of the following security practice recommendations would be the best to accomplish this objective?

Answer options

• A. Implement least privilege access to all systems.
• B. Roll out security awareness training for all users.
• C. Set up policies and systems with separation of duties.
• D. Enforce job rotations for all developers and administrators.
• E. Utilize mandatory vacations for all developers.
• F. Review all access to production systems on a quarterly basis.

Correct answer: C

Explanation

The correct answer is C because establishing separation of duties ensures that no single individual has control over the entire process, reducing the risk of unauthorized deployments. Options A and B, while important, do not specifically prevent direct deployment. Options D, E, and F are useful practices but do not directly address the issue of deployment control.