The Open Group OGEA-103 Exam - Topic 1 Question 26 Discussion

Actual exam question for The Open Group's OGEA-103 exam

Question #: 26
Topic #: 1

Please read this scenario prior to answering the question

You have been appointed as senior architect working for an autonomous driving technology development company. The mission of the company is to build an industry leading unified technology and software platform to support connected cars and autonomous driving.

The company uses the TOGAF Standard as the basis for its Enterprise Architecture (EA) framework. Architecture development within the company follows the purpose-based EA Capability model as described in the TOGAF Series Guide: A Practitioners'Approach to Developing Enterprise Architecture Following the TOGAF ADM.

An architecture to support strategy has been completed defining a long-range Target Architecture with a roadmap spanning five years. This has identified the need for a portfolio of projects over the next two years. The portfolio includes development of travel assistance systems using swarm data from vehicles on the road.

The current phase of architecture development is focused on the Business Architecture which needs to support the core travel assistance services that the company plans to provide. The core services will manage and process the swarm data generated by vehicles, paving the way for autonomous driving in the future.

The presentation and access to different variations of data that the company plans to offer through its platform poses an architecture challenge. The application portfolio needs to interact securely with various third-party cloud services, and V2X (Vehicle-to-Everything) service providers in many countries to be able to manage the data at scale. The security of V2X is a key concern for the stakeholders. Regulators have stated that the user's privacy be always protected, for example, so that the drivers' journey cannot be tracked or reconstructed by compiling data sent or received by the car.

Refer to the scenario

You have been asked to describe the risk and security considerations you would include in the current phase of the architecture development?

Based on the TOGAF standard which of the following is the best answer?

AYou will focus on the relationship with the third parties required for the travel assistance systems and define a trust framework. This will describe the relationship with each party. Digital certificates are a key part of the framework and will be used to create trust between parties. You will monitor legal and regulatory changes across all the countries to keep the trust framework in compliance.

BYou will perform a qualitative risk assessment for the data assets exchanged with partners. This will deliver a set of priorities, high to medium to low, based on identified threats, the likelihood of occurrence, and the impact if it did occur. Using the priorities, you would then develop a Business Risk Model which will detail the risk strategy including classifications to determine what mitigation is enough.

CYou will focus on data quality as it is a key factor in risk management. You will identify the datasets that need to be safeguarded. For each dataset, you will assign ownership and responsibility for the quality of data needs. A security classification will be defined and applied to each dataset. The dataset owner will then be able to authorize processes that are trusted for a certain activity on the dataset under certain circumstances.

DYou will create a security domain model so that assets with the same level can be managed under one security policy. Since data is being shared across partners, you will establish a security federation to include them. This would include contractual arrangements, and a definition of the responsibility areas for the data exchanged, as well as security implications. You would undertake a risk assessment determining risks relevant to specific data assets.

Show Suggested Answer

Suggested Answer: D

A security domain model is a technique that can be used to define the security requirements and policies for the architecture. A security domain is a grouping of assets that share a common level of security and trust. A security policy is a set of rules and procedures that govern the access and protection of the assets within a security domain.A security domain model can help to identify the security domains, the assets within each domain, the security policies for each domain, and the relationships and dependencies between the domains1

Since the data is being shared across partners, a security federation is needed to establish a trust relationship and a common security framework among the different parties. A security federation is a collection of security domains that have agreed to interoperate under a set of shared security policies and standards. A security federation can enable secure data exchange and collaboration across organizational boundaries, while preserving the autonomy and privacy of each party.A security federation requires contractual arrangements, and a definition of the responsibility areas for the data exchanged, as well as security implications2

A risk assessment is a process that identifies, analyzes, and evaluates the risks that may affect the architecture. A risk assessment can help to determine the likelihood and impact of the threats and vulnerabilities that may compromise the security and privacy of the data assets.A risk assessment can also help to prioritize and mitigate the risks, and to monitor and review the risk situation3

Therefore, the best answer is D, because it describes the risk and security considerations that would be included in the current phase of the architecture development, which is focused on the Business Architecture. The answer covers the security domain model, the security federation, and the risk assessment techniques that are relevant to the scenario.

by Alex at May 30, 2024, 02:52 AM

Limited Time Offer

25%

Off

Get Premium OGEA-103 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Titus

3 months ago

Wait, can we really ensure user privacy with all this data sharing?

upvoted 0 times

...

Peggie

3 months ago

I agree, the qualitative risk assessment seems like the best approach.

upvoted 0 times

...

Lyla

3 months ago

Not sure if a security federation is enough for all those partners.

upvoted 0 times

...

Roxane

4 months ago

I think focusing on data quality is crucial too.

upvoted 0 times

...

Makeda

4 months ago

Sounds like a solid plan with the trust framework!

upvoted 0 times

...

Thora

4 months ago

I recall the concept of security domain models from our TOGAF review, but I wonder if establishing a security federation is too complex for this phase of development.

upvoted 0 times

...

Helene

4 months ago

I’m a bit confused about whether focusing on data quality is enough. I feel like there are broader security implications we need to consider, especially with V2X.

upvoted 0 times

...

Jenise

4 months ago

I think option B sounds familiar; we practiced a similar question about qualitative risk assessments and prioritizing threats. It seems like a solid approach here too.

upvoted 0 times

...

Dona

5 months ago

I remember we discussed the importance of trust frameworks in our last study session, but I'm not entirely sure how to apply that to this scenario.

upvoted 0 times

...

Beula

5 months ago

The data quality and security classification approach in option C sounds interesting, but I'm not sure if that fully addresses the security and privacy concerns mentioned in the scenario. I might need to dig deeper into the TOGAF guidance to see if that's the best fit.

upvoted 0 times

...

Velda

5 months ago

Hmm, I'm a bit unsure about this one. The risk assessment and business risk model in option B could be a good approach, but I'm not sure if that's the "best" answer based on the TOGAF standard. I'll have to think this through carefully.

upvoted 0 times

...

Ben

5 months ago

This question seems pretty straightforward. I think I'll focus on the trust framework and digital certificates as outlined in option A. That seems like the best way to address the security concerns with the third-party partners.

upvoted 0 times

...

Dylan

5 months ago

Option D seems to cover a lot of the key points - the security domain model, security federation, and risk assessment. That feels like a more comprehensive approach that aligns well with the TOGAF standard. I think I'll go with that one.

upvoted 0 times

...

Evangelina

5 months ago

Hmm, I'm a bit confused about the different options. I'll need to review my notes on the Deming cycle to make sure I understand how it's used.

upvoted 0 times

...

Rosalyn

5 months ago

This seems like a straightforward stakeholder identification question. I'll focus on thinking through the different types of stakeholders that might be overlooked in a portfolio management role.

upvoted 0 times

...

Patti

5 months ago

I'm feeling a bit lost here. The calculation matrix is throwing me off, and I'm not sure I fully grasp how it's supposed to work. I'll need to review the concepts again before attempting this.

upvoted 0 times

...

Lawana

2 years ago

Ooh, option D sounds like it's got all the bases covered. Security federation, risk assessment, the whole nine yards. That's my pick!

upvoted 0 times

Arletta

2 years ago

Hildegarde: It's important to have clear responsibilities and security implications defined when sharing data with partners. Option D seems to address that well.

upvoted 0 times

...

Hildegarde

2 years ago

Definitely, having a security domain model and a security federation in place seems like a comprehensive approach.

upvoted 0 times

...

Brett

2 years ago

Option D sounds like it covers everything we need for security. I agree with you.

upvoted 0 times

...

Noel

2 years ago

Ha! I bet the developers are cringing at the thought of all this security stuff. But hey, gotta do what ya gotta do, right?

upvoted 0 times

Stevie

2 years ago

D) You will create a security domain model so that assets with the same level can be managed under one security policy. Since data is being shared across partners, you will establish a security federation to include them. This would include contractual arrangements, and a definition of the responsibility areas for the data exchanged, as well as security implications. You would undertake a risk assessment determining risks relevant to specific data assets.

upvoted 0 times

...

Johnetta

2 years ago

B) You will perform a qualitative risk assessment for the data assets exchanged with partners. This will deliver a set of priorities, high to medium to low, based on identified threats, the likelihood of occurrence, and the impact if it did occur. Using the priorities, you would then develop a Business Risk Model which will detail the risk strategy including classifications to determine what mitigation is enough.

upvoted 0 times

...

Eric

2 years ago

A) You will focus on the relationship with the third parties required for the travel assistance systems and define a trust framework. This will describe the relationship with each party. Digital certificates are a key part of the framework and will be used to create trust between parties. You will monitor legal and regulatory changes across all the countries to keep the trust framework in compliance.

upvoted 0 times

...

Colette

2 years ago

I disagree, I believe option D is more comprehensive in addressing the security considerations.

upvoted 0 times

...

Dorsey

2 years ago

Option C with the data quality and security classification seems like a good way to keep things organized and under control. Definitelyworthconsidering.

upvoted 0 times

...

Willow

2 years ago

Hmm, I don't know, the security federation in option D sounds pretty solid too. Gotta make sure that data's locked down tight, you know?

upvoted 0 times

...

Rhea

2 years ago

This looks like a tricky one. I think I'd go with option B - the risk assessment seems like the way to go, gotta cover those potential threats and impacts.

upvoted 0 times