The use of production data during testing is allowed anytime for as long as all security controls implemented in production are applied to the test environment.

True or False

The application's Directly Responsible Individual is responsible for reviewing and monitoring users who have access to an application.

True or False

Cloud Engineers are primarily responsible for managing and monitoring application deployments.

True or False

Security protocols and controls are only required to be analysed, identified and executed for new systems.

True or False

A security test of all applications must be conducted every quarter.

True or False

All applications must have a security seal of Protected or better.

True or False

System capacity requirements need to be reviewed only before the introduction of a new critical business application.

True or False

The review of the Application Development Policy must be done at least once a year.

True or False

The need to maintain the security and integrity of all applications takes precedence over user accessibility.

True or False

All Cloudstaff applications should have a product description containing, among others, a description of what the application is about, what it does and its target users.

Authorised developers shall have access to the testing and production environment's backend codes for products that have an automated deployment pipeline.

True or False

The Technology Leadership shall define, document, maintain and implement principles for engineering secure systems for all layers of their architectural design.

Multiple choice

HTTP/SSL are required to be used only for Cloudstaff web applications that are available to the public.

True or False

All software build and its associated package must be labelled with the appropriate version number.

True or False

The Application Development Policy applies to all Cloudstaff employees.

True or False

The archiving of unused and irrelevant data must be evaluated annually and coordinated with whom?

Multiple choice

The testing environment must be totally separated from the production environment for all applications.

True or False

Violations of the Application Development Policy due to ignorance or by accident will not result in any disciplinary action. Only intentional violations will be subject to disciplinary action.

True or False

Commercial off-the-shelf software (COTS) can be modified in extraordinary circumstances, e.g., when needed for a critical business requirement.

True or False

When it comes to outsourced developments, the contractual requirements for secure design, coding and testing practices must be the same as or more stringent than the ones used by Cloudstaff.

True or False