Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam OG0-092 All Questions

View all questions & answers for the OG0-092 exam

Exam OG0-092 topic 1 question 18 discussion

Actual exam question from The Open Group's OG0-092
Question #: 18
Topic #: 1
[All OG0-092 Questions]

Scenario:
You are serving as the Chief Architect for a large, global commodities trading company which has been growing rapidly through a series of acquisitions.
Each business is performing well in its markets. However, the lack of integration between headquarters and the business units has increasingly caused problems in the handling of customer and financial information. The inability to share information across businesses has resulted in lost opportunities to "leverage the synergies" that had been intended when the businesses were acquired. At present, each business unit maintains its own applications. Despite an earlier initiative to install a common application to manage customer, products, supplier, and inventory information, each business unit has different ways of defining each of these core elements and has customized the common application to the point where the ability to exchange information is difficult, costly, and error-prone.
As a result, the company has made the decision to introduce a single enterprise-wide application to consolidate information from several applications that exist across the lines of business. The application will be used by all business units and accessed by suppliers through well defined interfaces.
The Corporate Board is concerned that the new application must be able to manage and safeguard confidential customer information in a secure manner that meets or exceeds the legal requirements of the countries in which the company operates. This will be an increasingly important capability as the company expands its online services in cooperation with its trading partners.
The CIO has formed an Enterprise Architecture department, and one of the primary goals in its charter is to coordinate efforts between the implementation team and the business unit personnel who will be involved in the migration process. The CIO has also formed a cross-functional Architecture Board to oversee and govern the architecture. The company has an existing team of security architects.
TOGAF 9 has been selected for use for the Enterprise Architecture program. The CIO has endorsed this choice with the full support of top management.
In the Preliminary Phase you need to define suitable policies and ensure that the company has the appropriate capability to address the concerns of the Corporate
Board.
Based on TOGAF 9, which of the following is the best answer?

  • A. You start by clarifying the intent that the Board has for raising these concerns. This enables you to understand the implications of the concern in terms of regulatory requirements and the potential impact on current business goals and objectives. You propose that a security architect or security architecture team be allocated to develop a comprehensive security architecture and that this be considered an additional domain architecture.
  • B. You evaluate the implications of the Board's concerns by examining the security and regulatory impacts on business goals, business drivers and objectives. Based on your understanding, you then update the current security policy to include an emphasis on the concerns. You define architecture principles to form constraints on the architecture work to be undertaken in the project. You then allocate a security architect to ensure that security considerations are included in the architecture planning for all domains.
  • C. You identify and document the security and regulatory requirements for the application and the data being collected. You ensure that written policies are put in place to address the requirements, and that they are communicated across the organization, together with appropriate training for key employees. You identify constraints on the architecture and communicate those to the architecture team. You establish an agreement with the security architects defining their role within the ongoing architecture project.
  • D. You evaluate the implications of the concerns raised by the Corporate Board in terms of regulatory requirements and their impact on business goals and objectives. Based on this understanding, you then issue a Request for Architecture Work to commence an architecture development project to develop a solution that will address the concerns. You allocate a security architect to oversee the implementation of the new application that is being developed.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Prince_C
Highly Voted 4 years, 2 months ago
Ans is B
upvoted 10 times
rbaggio
3 years, 10 months ago
Cannot be B. Enterprise Architects do not update current security policy.
upvoted 4 times
scuzzy2010
3 years, 1 month ago
Architecture team (specifically the Security Architect) is responsible for the security policy. Refer to https://pubs.opengroup.org/architecture/togaf91-doc/arch/chap21.html 21.5 Preliminary Phase " The security policy should be examined to find relevant sections, and updated if necessary. Architecture constraints established in the security policy must be communicated to the other members of the architecture team."
upvoted 3 times
...
...
...
SVGNR
Highly Voted 2 years, 6 months ago
Here is how you decipher the right answer for this question Option A is not correct - This answer is very light on Architecture principles which is what the ASK of the question. While the answer as a general approach is not wrong ,but does nor address the key question around “ Suitable Policies” – So not a right answer .. Option B is not correct because of the following sentence.."Based on your understanding,...." -It’s never on the basis of your understanding …) Option D is not correct because - Request for Architecture Work should come from the sponsoring Organization and not from the Architecture function ..So not the right answer " Option C is the correct answer ..
upvoted 10 times
...
Red8aron
Most Recent 1 year, 4 months ago
Selected Answer: C
In this scenario, the Corporate Board is concerned about the management and safeguarding of confidential customer information in a secure manner, while meeting or exceeding legal requirements. Option B talks about evaluating the implications of the concerns and updating the security policy, but it does not explicitly mention the need to identify and document specific security and regulatory requirements. Option C, on the other hand, directly addresses the concern by stating that you should identify and document the security and regulatory requirements for the application and data being collected. This is a crucial step in understanding the specific security needs and legal requirements related to the new application. Option C also emphasizes the importance of written policies to address the requirements and communicating them across the organization, along with appropriate training for key employees. This ensures that everyone involved understands the security measures and complies with them.
upvoted 4 times
el3ctronick
9 months ago
C describes in detail the requirements management phase steps
upvoted 1 times
...
...
hou0220
1 year, 7 months ago
Selected Answer: B
Answer is B Can't find "updating security policy" in TOGAF 9.2 Book. Other than this, the rest make sense. Defining architecture principles is an activity in preliminary phase. TOGAF 9.2 Chap 20.5 Point 6 "The Implications statements within an Architecture Principle provide an outline of the key tasks, resources, and potential costs to the enterprise of following the principle;" --> address the primary goals in coordinating efforts between the implementation team and the business unit personnel who will be involved in the migration process. TOGAF 9.2 Chap 20.5 Point 7 "Support the Architecture Governance activities - Architecture Compliance" --> Address Corporate Board concern about meeting legal requirements security is a cross-cutting concern --> security considerations are included in the architecture planning for all domains
upvoted 1 times
...
moshos
1 year, 7 months ago
Selected Answer: B
Correct answer: B
upvoted 1 times
...
Buggie
1 year, 7 months ago
Should be D. This is preliminary stage
upvoted 1 times
...
Watad
1 year, 8 months ago
Selected Answer: C
Answer is C, since B has "based on your understanding", which should never be in TOGAF
upvoted 2 times
...
sks414
1 year, 10 months ago
Answer should be B , security and regulatory impact assessment should be across enterprise and its scope . Tailor the TOGAF and integrate security layer framework then EA should be able to onboard security architect skills capability to update security policy and define security principle. Not making sense applying security and regulatory requirements in information systems layer and leaving out Business and technology layer.
upvoted 1 times
...
Qman2022
1 year, 11 months ago
Allocation of resource is not part of Architecture team. so B and D is not relevant here. now have A and C both can be potential to good answer. the reason I chose C is since company is worried about the security impact so it also needs to train this employee on the new principles . Hence D is correct.
upvoted 3 times
Qman2022
1 year, 11 months ago
I mean C is correct
upvoted 1 times
...
...
mericov
2 years, 2 months ago
Selected Answer: C
- Update Security Policy based on regulatory and security policy requirements and communicate across the organization - Define and establish Enterprise Architecture team and organization: "agreement with the security architects defining their role within the ongoing architecture project"
upvoted 1 times
...
rkustagi
2 years, 6 months ago
Selected Answer: C
C is best answer
upvoted 2 times
...
Edgarrt
2 years, 8 months ago
Selected Answer: D
Must be D, we are in preliminary phase so there arent business goals
upvoted 1 times
Edgarrt
2 years, 8 months ago
i mean must be C. sorry
upvoted 1 times
...
...
rumnet
3 years ago
this is another version of a similar question , but with the difference that the company already has a team of security architects. the answer should still be B because the EA will still need to allocate a security architect. the allocation just comes from an internal resource. Nothing changes.
upvoted 2 times
...
LunchTime
3 years, 4 months ago
B is correct. A is incorrect as security needs to be built into each domain. B is correct. Rbaggio seems caught up in “Enterprise Architectures do not update current security policy”. The spec makes no mention of an EA not doing this. C is incorrect as it only addresses security in the Information System phase (data and applications). D is incorrect as security should not be a separate project.
upvoted 4 times
Edgarrt
2 years, 8 months ago
The concern is about an application and customer data so i think is valid to focus on phase C
upvoted 2 times
...
...
mrg998
3 years, 5 months ago
The answer is C, security policy needs to be communicated with the entire org.
upvoted 2 times
...
HD15
3 years, 6 months ago
If the security architect team is already allocated, why do we need to allocate again.. that will filter down the answers.
upvoted 3 times
...
Victor6510
4 years, 2 months ago
Ans B should be more correct as it includes the architecture principles which is a key activity in Preliminary phase
upvoted 3 times
Divya07
4 years ago
Architecture principles are created in line with Business strategy and goals and not vis versa
upvoted 1 times
...
rbaggio
3 years, 10 months ago
Cannot be B. Enterprise Architects do not update current security policy.
upvoted 4 times
Bhendi1
3 years, 9 months ago
.........
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...