Exam OG0-092 All QuestionsBrowse all questions from this exam
Go to Exam
Question 18

Scenario:

You are serving as the Chief Architect for a large, global commodities trading company which has been growing rapidly through a series of acquisitions.

Each business is performing well in its markets. However, the lack of integration between headquarters and the business units has increasingly caused problems in the handling of customer and financial information. The inability to share information across businesses has resulted in lost opportunities to "leverage the synergies" that had been intended when the businesses were acquired. At present, each business unit maintains its own applications. Despite an earlier initiative to install a common application to manage customer, products, supplier, and inventory information, each business unit has different ways of defining each of these core elements and has customized the common application to the point where the ability to exchange information is difficult, costly, and error-prone.

As a result, the company has made the decision to introduce a single enterprise-wide application to consolidate information from several applications that exist across the lines of business. The application will be used by all business units and accessed by suppliers through well defined interfaces.

The Corporate Board is concerned that the new application must be able to manage and safeguard confidential customer information in a secure manner that meets or exceeds the legal requirements of the countries in which the company operates. This will be an increasingly important capability as the company expands its online services in cooperation with its trading partners.

The CIO has formed an Enterprise Architecture department, and one of the primary goals in its charter is to coordinate efforts between the implementation team and the business unit personnel who will be involved in the migration process. The CIO has also formed a cross-functional Architecture Board to oversee and govern the architecture. The company has an existing team of security architects.

TOGAF 9 has been selected for use for the Enterprise Architecture program. The CIO has endorsed this choice with the full support of top management.

In the Preliminary Phase you need to define suitable policies and ensure that the company has the appropriate capability to address the concerns of the Corporate

Board.

Based on TOGAF 9, which of the following is the best answer?

    Correct Answer: B

    To address the concerns of the Corporate Board effectively, it is crucial to evaluate the security and regulatory impacts on business goals, drivers, and objectives. Updating the current security policy to emphasize these concerns ensures alignment with regulatory requirements and business goals. Defining architecture principles provides constraints on the architecture work specific to the project, aligning with the Preliminary Phase goals of TOGAF 9. Allocating a security architect ensures that all security considerations are integrated into the architecture planning for all domains, safeguarding confidential customer information.

Discussion
SVGNROption: C

Here is how you decipher the right answer for this question Option A is not correct - This answer is very light on Architecture principles which is what the ASK of the question. While the answer as a general approach is not wrong ,but does nor address the key question around “ Suitable Policies” – So not a right answer .. Option B is not correct because of the following sentence.."Based on your understanding,...." -It’s never on the basis of your understanding …) Option D is not correct because - Request for Architecture Work should come from the sponsoring Organization and not from the Architecture function ..So not the right answer " Option C is the correct answer ..

Prince_COption: B

Ans is B

rbaggio

Cannot be B. Enterprise Architects do not update current security policy.

scuzzy2010

Architecture team (specifically the Security Architect) is responsible for the security policy. Refer to https://pubs.opengroup.org/architecture/togaf91-doc/arch/chap21.html 21.5 Preliminary Phase " The security policy should be examined to find relevant sections, and updated if necessary. Architecture constraints established in the security policy must be communicated to the other members of the architecture team."

Red8aronOption: C

In this scenario, the Corporate Board is concerned about the management and safeguarding of confidential customer information in a secure manner, while meeting or exceeding legal requirements. Option B talks about evaluating the implications of the concerns and updating the security policy, but it does not explicitly mention the need to identify and document specific security and regulatory requirements. Option C, on the other hand, directly addresses the concern by stating that you should identify and document the security and regulatory requirements for the application and data being collected. This is a crucial step in understanding the specific security needs and legal requirements related to the new application. Option C also emphasizes the importance of written policies to address the requirements and communicating them across the organization, along with appropriate training for key employees. This ensures that everyone involved understands the security measures and complies with them.

el3ctronick

C describes in detail the requirements management phase steps

LunchTimeOption: B

B is correct. A is incorrect as security needs to be built into each domain. B is correct. Rbaggio seems caught up in “Enterprise Architectures do not update current security policy”. The spec makes no mention of an EA not doing this. C is incorrect as it only addresses security in the Information System phase (data and applications). D is incorrect as security should not be a separate project.

Edgarrt

The concern is about an application and customer data so i think is valid to focus on phase C

Qman2022Option: C

Allocation of resource is not part of Architecture team. so B and D is not relevant here. now have A and C both can be potential to good answer. the reason I chose C is since company is worried about the security impact so it also needs to train this employee on the new principles . Hence D is correct.

Qman2022

I mean C is correct

HD15Option: B

If the security architect team is already allocated, why do we need to allocate again.. that will filter down the answers.

Victor6510Option: B

Ans B should be more correct as it includes the architecture principles which is a key activity in Preliminary phase

Divya07

Architecture principles are created in line with Business strategy and goals and not vis versa

rbaggio

Cannot be B. Enterprise Architects do not update current security policy.

Bhendi1

.........

WatadOption: C

Answer is C, since B has "based on your understanding", which should never be in TOGAF

rkustagiOption: C

C is best answer

rumnetOption: B

this is another version of a similar question , but with the difference that the company already has a team of security architects. the answer should still be B because the EA will still need to allocate a security architect. the allocation just comes from an internal resource. Nothing changes.

mrg998Option: C

The answer is C, security policy needs to be communicated with the entire org.

hou0220Option: B

Answer is B Can't find "updating security policy" in TOGAF 9.2 Book. Other than this, the rest make sense. Defining architecture principles is an activity in preliminary phase. TOGAF 9.2 Chap 20.5 Point 6 "The Implications statements within an Architecture Principle provide an outline of the key tasks, resources, and potential costs to the enterprise of following the principle;" --> address the primary goals in coordinating efforts between the implementation team and the business unit personnel who will be involved in the migration process. TOGAF 9.2 Chap 20.5 Point 7 "Support the Architecture Governance activities - Architecture Compliance" --> Address Corporate Board concern about meeting legal requirements security is a cross-cutting concern --> security considerations are included in the architecture planning for all domains

moshosOption: B

Correct answer: B

BuggieOption: D

Should be D. This is preliminary stage

sks414Option: B

Answer should be B , security and regulatory impact assessment should be across enterprise and its scope . Tailor the TOGAF and integrate security layer framework then EA should be able to onboard security architect skills capability to update security policy and define security principle. Not making sense applying security and regulatory requirements in information systems layer and leaving out Business and technology layer.

mericovOption: C

- Update Security Policy based on regulatory and security policy requirements and communicate across the organization - Define and establish Enterprise Architecture team and organization: "agreement with the security architects defining their role within the ongoing architecture project"

EdgarrtOption: D

Must be D, we are in preliminary phase so there arent business goals

Edgarrt

i mean must be C. sorry