Before production activation, what must happen to test data and test accounts?

• A. Nothing.
• B. Test data may be retained but not test accounts.
• C. Test data and test accounts must be removed before production activation.
• D. Only test data must be removed.

Answer: (C)

The main idea is keeping test artifacts out of the production environment. Before production activation, all test data and test accounts should be removed to prevent security risks and ensure the live system only contains real production information and legitimate production credentials. If test data or test accounts remain, they could be exploited to access production or cause data leakage, undermining security and compliance. Removing both ensures a clean boundary between testing and live operation. Leaving anything behind—whether data, accounts, or both—creates avoidable risk, while removing only one of them does not fully eliminate the potential pathways for misuse.