OGEA-103 Exam QuestionsBrowse all questions from this exam
Go to Exam

OGEA-103 Exam - Question 42

Please read this scenario prior to answering the question.

You have been appointed as senior architect working for an autonomous driving technology development company. The mission of the company is to build an industry leading unified technology and software platform to support connected cars and autonomous driving.

The company uses the TOGAF Standard as the basis for its Enterprise Architecture (EA) framework. Architecture development within the company follows the purpose-based EA Capability model as described in the TOGAF Series Guide: A Practitioners' Approach to Developing Enterprise Architecture Following the TOGAF® ADM.

An architecture to support strategy has been completed defining a long-range Target Architecture with a roadmap spanning five years. This has identified the need for a portfolio of projects over the next two years. The portfolio includes development of travel assistance systems using swarm data from vehicles on the road.

The current phase of architecture development is focused on the Business Architecture which needs to support the core travel assistance services that the company plans to provide. The core services will manage and process the swarm data generated by vehicles paving the way for autonomous driving in the future.

The presentation and access to different variations of data that the company plans to offer through its platform poses an architecture challenge. The application portfolio needs to interact securely with various third-party cloud services, and V2X (Vehicle-to-Everything) service providers in many countries to be able to manage the data at scale. The security of V2X is a key concern for the stakeholders. Regulators have stated that the user's privacy be always protected, for example, so that the drivers' journey cannot be tracked or reconstructed by compiling data sent or received by the car.

Refer to the scenario.

You have been asked to describe the risk and security considerations you would include in the current phase of the architecture development?

Based on the TOGAF standard which of the following is the best answer?

Show Answer
Correct Answer: A

The architecture development phase is focused on Business Architecture for a company using the TOGAF standard. Security and risk considerations are crucial aspects of this phase. Creating a security domain model allows management of assets under a unified security policy. Establishing a security federation addresses the need for data sharing across partners, ensuring contractual arrangements and responsibilities are clearly defined. This approach includes risk assessment to identify and mitigate risks related to specific data assets, aligning with both security and risk management needs.

Discussion

7 comments
Sign in to comment
Jeenia
Mar 30, 2024

A is the correct answer. It considers both risk and security as asked in the question. The trick is to read the question first (at the last, after the description) & match with the options given & try to read and relate the scenario accordingly. It helps in solving the question faster and efficiently.

hkwongOption: A
Jan 5, 2024

A. https://pubs.opengroup.org/togaf-standard/integrating-risk-and-security/integrating-risk-and-security_5.html D. Not correct - Digital certificate cannot create trust

Yann13
Jan 31, 2024

The current phase of the architecture developmentcurent B (Business Architecture). "security domain model ", "security policy" and "risk assessment" used in solution A comes from the illustration "Figure 1: Essential Security and Risk Concepts and their Position in the TOGAF ADM" @ https://pubs.opengroup.org/togaf-standard/integrating-risk-and-security/

MMStrong
Jan 29, 2024

A - because answer B does not cover Security assessment at all, where as answer A does

hkwongOption: B
Jan 5, 2024

B. https://pubs.opengroup.org/togaf-standard/integrating-risk-and-security/integrating-risk-and-security_5.html D. Not correct - Digital certificate cannot create trust

CertsfdsOption: A
Aug 15, 2024

correct answer is A

KCjoeOption: A
Dec 13, 2024

Breakdown of Option A: 1. Security Domain Model: o Grouping assets under a single security policy ensures consistency in how security is applied to data with similar protection needs. o This is critical for managing the diverse datasets and interactions between internal systems and external providers. 2. Security Federation: o Establishing a federation is vital when data is shared across organizational boundaries. o Contractual arrangements and clear definitions of roles and responsibilities are essential for regulatory compliance and operational clarity. 3. Risk Assessment: o A targeted assessment of risks specific to data assets enables the company to focus its resources effectively on critical threats, ensuring robust security.