Anonymizing personal data in non-production environments means replacing the real data with fictitious but realistic data that does not allow identification of the individuals. This is a good way to mitigate the risk of sensitive personal data leakage from a software development environment, as it reduces the exposure of the data to unauthorized access or misuse. Tokenizing personal data only in test environments is not sufficient, as the data may still be exposed in other non-production environments, such as development or staging. Data loss prevention tools (DLP) installed in passive mode may detect and report data leakage incidents, but they do not prevent them from happening. Multi-factor authentication for access to non-production environments may enhance the security of the access, but it does not protect the data from being leaked by authorized users or compromised by other means. References = CRISC Review Manual (Digital Version), page 226; CRISC Review Questions, Answers & Explanations Database, question 195.