Exam OG0-092 All QuestionsBrowse all questions from this exam
Go to Exam
Question 3

Scenario: AGEX Inc.

AGEX is a large, global commodities trading company which has been growing rapidly through a series of acquisitions.

Each new business is performing well in its markets. However, the lack of integration between headquarters and the business units has increasingly caused problems in the handling of customer and financial information. The inability to share information across businesses has resulted in lost opportunities to "leverage the synergies" that had been intended when the businesses were acquired. At present, each business unit maintains its own applications. Despite an earlier initiative to install a common application to manage customer, products, supplier, and inventory information, each business unit has different ways of defining each of these core elements and has customized the common application to the point where the ability to exchange information is difficult, costly, and error-prone.

As a result, AGEX has begun implementing a single Enterprise Resource Planning (ERP) system to consolidate information from several applications that exist across the lines of business. The Corporate Board is concerned that the new ERP system must be able to manage and safeguard customer information in a manner that meets or exceeds the legal requirements of the countries in which the company operates. This will be an increasingly important capability as the company expands its online services offered to clients and trading partners.

The CIO has formed an Enterprise Architecture department, and one of the primary goals in its charter is to coordinate efforts between the ERP implementation team and the business unit personnel who will be involved in the migration process. The CIO has also formed a cross-functional Architecture Review Board to oversee and govern the architecture.

After reviewing the available alternatives, and based on recommendations from the ERP vendor, AGEX has selected TOGAF 9 as the basis for its Enterprise

Architecture program.

The CIO has endorsed this choice with the full support of top management.

You are serving as the Chief Architect.

You have been asked to recommend the approach to take in the Preliminary Phase to ensure that the Corporate Board's concern is addressed.

Based on TOGAF 9, which of the following is the best answer?

    Correct Answer: C

    In the Preliminary Phase of TOGAF 9, it is essential to understand the specific concerns of the Corporate Board and to comprehend their implications for regulatory requirements and business objectives. Clarifying the Board's intent helps identify the potential impacts and ensures that the architecture responds effectively to those concerns. Allocating a security architect or team to develop a comprehensive security architecture addresses the need to manage and safeguard customer information in compliance with legal requirements. This approach ensures a thorough understanding and appropriate action to meet the Board's concerns, which is a fundamental step before proceeding with any architectural development. This makes option C the best answer.

Discussion
sudhimenonOption: A

Business goals and objectives comes in Phase - A, A should be the right answer.

rbaggio

Since when does an Enterprise Architect update a security policy?

ADR_SA_21

Principle 9: Protection of Intellectual Property

venksfcOption: C

C seems correct to me. It is given as answer in another portal too.

modsjunkOption: C

A and D are out B is out because of this line You allocate a security architect to oversee the implementation of the solution in the ERP system that is being developed. you don't ask security architect to oversee the implementation of the solution in the ERP system

mesteritOption: B

B is correct - You then update the Global Traders security policy to reflect the concern,... You allocate a security architecture team - Ent. Arch would just propose don't change or allocate ... therefore seems A is incorrect. - Request for Architecture Work is not raised by Ent. Arch. - therefore seems C incorrect. - You can't just change a security policy on your understanding. therefore seems D is incorrect. - And the Request for Architecture Work is issued by the sponsor - The question asks for "Recommendations", but other answers are simply taking some actions which are not even in the scope of the Chief Architect.

93madox

B says that Security Architect should oversee the implementation. Standard says Architecture Board does oversee the implementation. I think it is C

miche_s87

I don't agree since the "Request for Architecture Work" are sent from the sponsoring organization to the architecture organization (32.2.17 Request for Architecture Work). In answer B it says that you (as an EA) sents the Request for Architects. I go for C as well.

crimemasternogoOption: A

This is what I found: "The security policy should be examined to find relevant sections, and "updated" if necessary. Architecture constraints established in the "security policy must be communicated to the other members of the architecture team"." So, the answer A makes sense.

MackDOption: C

Anwser C. In my opinion: A: Chief Architect is not responsible for updating a security policy. B: Request for Architecture Work is not issued by an Chief Architect. C: This is the only one that makes sense. D: As mentioned before "based on your understanding". https://pubs.opengroup.org/architecture/togaf9-doc/arch/chap46.html

HN6366

Agreed, C is the best option here.

PratsMicOption: A

A coz its about communication across the Org too ( that other options lacked)

Qman2022Option: C

Architecture team do not allocate resource we propose/recommend that takes A and D out. Now between B and C, Architecture team do not issue Request for architecture. this strike out B. This is done mostly in phase H to activate a change request since we are in preliminary phase. Hence we are left we C that is correct answer.

cbgrapeOption: A

A and D are similar, but A is better because it includes the assessment of impacts on business units and third parties (assess the security implications and agreements within the AGEX businesses and their suppliers), which is a part of "Scope the Enterprise Organizations Impacted" step.

EsoEsoOption: A

A is the best answer refer to: https://pubs.opengroup.org/architecture/togaf91-doc/arch/chap21.html#tag_21 Section: 21.5 Preliminary Phase

HN6366Option: C

C is the correct answer.

th_melOption: A

ChatGPT says: A Bard AI says: C

red_pandaOption: C

I think that the correct answer is the C because the Chief Architect don't allocate the resources.

RACHIT0412Option: A

Chatgpt says A

PratsMic

Chatgpt just look at the answer provided here and cert library to get to the conclusion ...

el3ctronick

If you noticed, there is no clear answer here. we are all looking for the correct one and we all see gaps in every possible answer. have you managed to find the right one? please explain if it is that clear to you. thanks!

miche_s87Option: C

see my comment below.

saurabhparveenOption: A

I will go with A, security policy is updated in preliminary phase https://pubs.opengroup.org/architecture/togaf91-doc/arch/chap21.html Also,as per step3 ■ Allocate key roles and responsibilities for Enterprise Architecture Capability management and governance

JKLExTopOption: C

The EA doesn't - Update the AGEX security policy to reflect the concern - Assess the security And it's too early in the preliminary phase to update any policy Therefore, C is the correct answer