ISC2 CISSP Practice Question

The correct answer is to prevent untested code and configuration changes from affecting production systems. Separate environments allow changes to be developed and tested in isolation before being deployed to production, reducing the risk of service disruptions and security issues in systems serving real users.

Reducing the ability of developers to use sensitive data in development environments can be a benefit of separating environments. However, good security practices would make it difficult for developers to access and retrieve sensitive data regardless of the environment, as they should develop using artificial data sets.

**Enforcing separation of duties among development teams may be a secondary benefit **but is not the primary purpose of environment separation. Separation of duties can be implemented through access controls and organizational structure even within a single environment.

Enabling different access control policies for different user groups can be accomplished without completely separate environments. While access controls are important, the main purpose of environment separation is to isolate changes and provide a progression for testing and validation.