Certificate of Cloud Auditing Knowledge (CCAK) — Question 157

Which of the following configuration change controls is acceptable to a cloud auditor?

Answer options

• A. Development, test and production are hosted in the same network environment.
• B. Programmers have permanent access to production software.
• C. The Head of Development approves changes requested to production.
• D. Programmers cannot make uncontrolled changes to the source code production version.

Correct answer: D

Explanation

The correct answer is D because it ensures that only authorized changes are made to the production version, maintaining the integrity and stability of the software. Options A and B pose risks by allowing uncontrolled access and changes, while C, despite being a controlled process, does not prevent unauthorized changes from being made.