Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
The-Open-Group Discussions
exam questions

Exam OG0-092 All Questions

View all questions & answers for the OG0-092 exam
Go to Exam

Exam OG0-092 topic 1 question 56 discussion

Actual exam question from The Open Group's OG0-092
Question #: 56
Topic #: 1
[All OG0-092 Questions]

Scenario -
You are serving as the Lead Architect for an insurance company, which has been formed through the merger of three previously independent companies. The company now consists of three divisions with the same names and division headquarters as their predecessors.
The lack of integration between the three divisions has increasingly caused problems in the handling of customer and financial information. The inability to share information has resulted in lost opportunities to "leverage the synergies" that had been intended when the company was formed. At present, each division maintains its own applications. Despite an earlier initiative to install a common application to manage customer, products, and claims information, each division has different ways of defining these core elements and has customized the common application to the point where the ability to exchange information is difficult, costly, and error-prone.
As a result, the company has made the decision to introduce a common web portal, contact center software suite, and document management system. Also the company has selected a single enterprise-wide customer relationship management (CRM) application to consolidate information from several applications that exist across the divisions. The application will be used by each of the divisions and accessed by third party partners through well defined interfaces.
The Corporate Board is concerned that the new application must be able to manage and safeguard confidential customer information in a secure manner that meets or exceeds the legal requirements of the countries in which the company operates. This will be an increasingly important capability as the company expands its online services in cooperation with its partners.
The CIO has formed an Enterprise Architecture department, and one of the primary goals in its charter is to coordinate efforts between the implementation team and the migration teams in each division. The CIO has also formed a cross-functional Architecture Board to oversee and govern the architecture. The company has an existing team of security architects.
TOGAF 9 has been selected as the core framework for use for the Enterprise Architecture program. The CIO has endorsed this choice with the full support of top management.
In the Preliminary Phase you need to define suitable policies and ensure that the company has the appropriate capability to address the concerns of the Corporate
Board.
Based on TOGAF, which of the following is the best answer?

  • A. You evaluate the implications of the concerns raised by the Corporate Board in terms of regulatory requirements and their impact on business goals and objectives. Based on this understanding, you then issue a Request for Architecture Work to commence an architecture development project to develop a solution that will address the concerns. You allocate a security architect to oversee the implementation of the new application that is being developed.
  • B. You start by clarifying the intent that the Board has for raising these concerns. This enables you to understand the implications of the concerns in terms of regulatory requirements and the potential impact on current business goals and objectives. You propose that a security architect or security architecture team be allocated to develop a comprehensive security architecture and that this be considered an additional domain architecture.
  • C. You evaluate the implications of the Board's concerns by examining the security and regulatory impacts on business goals, business drivers and objectives. Based on your understanding, you then update the current security policy to include an emphasis on the concerns. You define architecture principles to form constraints on the architecture work to be undertaken in the project. You then allocate a security architect to ensure that security considerations are included in the architecture planning for all domains.
  • D. You identify and document the security and regulatory requirements for the application and the data being collected. You ensure that written policies are put in place to address the requirements, and that they are communicated across the organization, together with appropriate training for key employees. You identify constraints on the architecture and communicate those to the architecture team. You establish an agreement with the security architects defining their role within the ongoing architecture project.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by tomvik at July 6, 2020, 3:12 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
tomvik
Highly Voted 4 years, 4 months ago
answer is C
upvoted 11 times
rbaggio
3 years, 10 months ago
It cannot be C. Enterprise Architects don't update security policy. "The company has an existing team of security architects."
upvoted 5 times
Shalini8
2 years, 1 month ago
read comment from LunchTime, answer is C ( though poorly explained)
upvoted 1 times
...
...
...
el3ctronick
Most Recent 8 months, 4 weeks ago
Selected Answer: D
its D because the other three don't make sense
upvoted 1 times
...
bbcc
10 months, 3 weeks ago
Selected Answer: D
D should be
upvoted 1 times
...
red_panda
1 year, 6 months ago
Selected Answer: C
Answer C is more correct than answer D because answer C highlights that security is a fundamental issue for all domains and not just for the application and the data domains.
upvoted 2 times
...
Watad
1 year, 8 months ago
Selected Answer: D
repeated, see Question #18
upvoted 1 times
...
scuzzy2010
3 years ago
I think it's C too. This is the Preliminary Phase and it's the only option which mentions architecture principles - "You define architecture principles"
upvoted 2 times
...
LunchTime
3 years, 4 months ago
C is correct. Folks are getting way too hung up on “enterprise architectures don’t update security policy”. Updating the security policy in “C” is no different than “you ensure that written policies are put in place…” which is the wording in “D”. Most importantly, C provides the correct process  the business objectives drive the requirements. Architecture principles are put in place to guide decisions and security is embedded in all phases via security architects. This process addresses new security requirements or changes in the future. Answer D does not.
upvoted 3 times
repudis
3 years, 1 month ago
https://pubs.opengroup.org/architecture/togaf9-doc/arch/chap46.html The Solution Architect has the responsibility for architectural design and documentation at a system or subsystem level, such as management or security A Solution Architect may shield the Enterprise/Segment Architect from the unnecessary details of the systems, products, and/or technologies. The focus of the Solution Architect is on system technology solutions; for example, a component of a solution such as enterprise data warehousing. he Enterprise Architect has the responsibility for architectural design and documentation at a landscape and technical reference model level The Enterprise Architect often leads a group of the Segment Architects and/or Solution Architects related to a given program. The focus of the Enterprise Architect is on enterprise-level business functions required.
upvoted 1 times
Fumoffuu
3 years ago
I second that. Ans is "C" Check "20.6.1 Business Principles", Principle 9. Security policy is clearly mentioned. Business Principles are part of Architecture Principle applicable at the Preliminary Phase.
upvoted 1 times
...
...
repudis
3 years, 1 month ago
Are you really sure about this? if so please provide official togaf documentation that really backs up your statements, otherwise this will be non-sense. Please, check the link I provided down.
upvoted 1 times
...
...
susridey
3 years, 4 months ago
Answer is D, it is more comprehensive than B, A&C are out because of obvious reasons that others in this forum have mentioned.
upvoted 3 times
...
mrg998
3 years, 5 months ago
Ans is D
upvoted 3 times
...
CloudTrip
3 years, 7 months ago
Sorry the choice was between B & D. Wish there was an edit button here. Answer D looks fine because of the reasons mentioned earlier.
upvoted 3 times
...
CloudTrip
3 years, 7 months ago
Answer D is correct. You don't define the architecture principles or issue request for architecture yourself so A & C straightway out of the window. Among A,D read the requirement is question again i.e. one of the primary goals in its charter is to coordinate efforts between the implementation team and the migration teams in each division which is what clearly articulated in Answer D.
upvoted 4 times
...
rbaggio
3 years, 10 months ago
Answer is B. Preliminary Phase is about intent, the "Why?". It can't be A, as Enterprise Architects don't issue Request for Architecture Work. It can't be C, as Enterprise Architects don't update security policy.
upvoted 3 times
...
aaa111222
4 years, 1 month ago
Answer is C. D is describing "Requirement management" phase
upvoted 4 times
rbaggio
3 years, 10 months ago
It cannot be C. Enterprise Architects don't update security policy. "The company has an existing team of security architects."
upvoted 3 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel