exam questions

Exam OGEA-103 All Questions

View all questions & answers for the OGEA-103 exam

Exam OGEA-103 topic 1 question 42 discussion

Actual exam question from The Open Group's OGEA-103
Question #: 42
Topic #: 1
[All OGEA-103 Questions]

Please read this scenario prior to answering the question.
You have been appointed as senior architect working for an autonomous driving technology development company. The mission of the company is to build an industry leading unified technology and software platform to support connected cars and autonomous driving.
The company uses the TOGAF Standard as the basis for its Enterprise Architecture (EA) framework. Architecture development within the company follows the purpose-based EA Capability model as described in the TOGAF Series Guide: A Practitioners' Approach to Developing Enterprise Architecture Following the TOGAF® ADM.
An architecture to support strategy has been completed defining a long-range Target Architecture with a roadmap spanning five years. This has identified the need for a portfolio of projects over the next two years. The portfolio includes development of travel assistance systems using swarm data from vehicles on the road.
The current phase of architecture development is focused on the Business Architecture which needs to support the core travel assistance services that the company plans to provide. The core services will manage and process the swarm data generated by vehicles paving the way for autonomous driving in the future.
The presentation and access to different variations of data that the company plans to offer through its platform poses an architecture challenge. The application portfolio needs to interact securely with various third-party cloud services, and V2X (Vehicle-to-Everything) service providers in many countries to be able to manage the data at scale. The security of V2X is a key concern for the stakeholders. Regulators have stated that the user's privacy be always protected, for example, so that the drivers' journey cannot be tracked or reconstructed by compiling data sent or received by the car.
Refer to the scenario.
You have been asked to describe the risk and security considerations you would include in the current phase of the architecture development?
Based on the TOGAF standard which of the following is the best answer?

  • A. You will create a security domain model so that assets with the same level can be managed under one security policy. Since data is being shared across partners, you will establish a security federation to include them. This would include contractual arrangements, and a definition of the responsibility areas for the data exchanged, as well as security implications. You would undertake a risk assessment determining risks relevant to specific data assets.
  • B. You will perform a qualitative risk assessment for the data assets exchanged with partners. This will deliver a set of priorities high to medium to low, based on identified threats, the likelihood of occurrence, and the impact if it did occur. Using the priorities, you would then develop a Business Risk Model which will detail the risk strategy including classifications to determine what mitigation is enough.
  • C. You will focus on data quality as it is a key factor in risk management. You will identify the datasets that need to be safeguarded. For each dataset, you will assign ownership and responsibility for the quality of data needs. A security classification will be defined and applied to each dataset. The dataset owner will then be able to authorize processes that are trusted for a certain activity on the dataset under certain circumstances.
  • D. You will focus on the relationship with the third parties required for the travel assistance systems and define a trust framework. This will describe the relationship with each party. Digital certificates are a key part of the framework and will be used to create trust between parties. You will monitor legal and regulatory changes across all the countries to keep the trust framework in compliance.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
KCjoe
2 weeks, 1 day ago
Selected Answer: A
Breakdown of Option A: 1. Security Domain Model: o Grouping assets under a single security policy ensures consistency in how security is applied to data with similar protection needs. o This is critical for managing the diverse datasets and interactions between internal systems and external providers. 2. Security Federation: o Establishing a federation is vital when data is shared across organizational boundaries. o Contractual arrangements and clear definitions of roles and responsibilities are essential for regulatory compliance and operational clarity. 3. Risk Assessment: o A targeted assessment of risks specific to data assets enables the company to focus its resources effectively on critical threats, ensuring robust security.
upvoted 1 times
...
Certsfds
4 months, 2 weeks ago
Selected Answer: A
correct answer is A
upvoted 1 times
...
Jeenia
9 months ago
A is the correct answer. It considers both risk and security as asked in the question. The trick is to read the question first (at the last, after the description) & match with the options given & try to read and relate the scenario accordingly. It helps in solving the question faster and efficiently.
upvoted 3 times
...
Yann13
11 months ago
The current phase of the architecture developmentcurent B (Business Architecture). "security domain model ", "security policy" and "risk assessment" used in solution A comes from the illustration "Figure 1: Essential Security and Risk Concepts and their Position in the TOGAF ADM" @ https://pubs.opengroup.org/togaf-standard/integrating-risk-and-security/
upvoted 3 times
...
MMStrong
11 months ago
A - because answer B does not cover Security assessment at all, where as answer A does
upvoted 2 times
...
hkwong
11 months, 4 weeks ago
Selected Answer: A
A. https://pubs.opengroup.org/togaf-standard/integrating-risk-and-security/integrating-risk-and-security_5.html D. Not correct - Digital certificate cannot create trust
upvoted 3 times
...
hkwong
11 months, 4 weeks ago
Selected Answer: B
B. https://pubs.opengroup.org/togaf-standard/integrating-risk-and-security/integrating-risk-and-security_5.html D. Not correct - Digital certificate cannot create trust
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago