Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

The Open Group Exam OGEA-103 Topic 1 Question 19 Discussion

Actual exam question for The Open Group's OGEA-103 exam
Question #: 19
Topic #: 1
[All OGEA-103 Questions]

Please read this scenario prior to answering the question

You have been appointed as senior architect working for an autonomous driving technology development company. The mission of the company is to build an industry leading unified technology and software platform to support connected cars and autonomous driving.

The company uses the TOGAF Standard as the basis for its Enterprise Architecture (EA) framework. Architecture development within the company follows the purpose-based EA Capability model as described in the TOGAF Series Guide: A Practitioners'Approach to Developing Enterprise Architecture Following the TOGAF ADM.

An architecture to support strategy has been completed defining a long-range Target Architecture with a roadmap spanning five years. This has identified the need for a portfolio of projects over the next two years. The portfolio includes development of travel assistance systems using swarm data from vehicles on the road.

The current phase of architecture development is focused on the Business Architecture which needs to support the core travel assistance services that the company plans to provide. The core services will manage and process the swarm data generated by vehicles, paving the way for autonomous driving in the future.

The presentation and access to different variations of data that the company plans to offer through its platform poses an architecture challenge. The application portfolio needs to interact securely with various third-party cloud services, and V2X (Vehicle-to-Everything) service providers in many countries to be able to manage the data at scale. The security of V2X is a key concern for the stakeholders. Regulators have stated that the user's privacy be always protected, for example, so that the drivers' journey cannot be tracked or reconstructed by compiling data sent or received by the car.

Refer to the scenario

You have been asked to describe the risk and security considerations you would include in the current phase of the architecture development?

Based on the TOGAF standard which of the following is the best answer?

Show Suggested Answer Hide Answer
Suggested Answer: D

A security domain model is a technique that can be used to define the security requirements and policies for the architecture. A security domain is a grouping of assets that share a common level of security and trust. A security policy is a set of rules and procedures that govern the access and protection of the assets within a security domain.A security domain model can help to identify the security domains, the assets within each domain, the security policies for each domain, and the relationships and dependencies between the domains1

Since the data is being shared across partners, a security federation is needed to establish a trust relationship and a common security framework among the different parties. A security federation is a collection of security domains that have agreed to interoperate under a set of shared security policies and standards. A security federation can enable secure data exchange and collaboration across organizational boundaries, while preserving the autonomy and privacy of each party.A security federation requires contractual arrangements, and a definition of the responsibility areas for the data exchanged, as well as security implications2

A risk assessment is a process that identifies, analyzes, and evaluates the risks that may affect the architecture. A risk assessment can help to determine the likelihood and impact of the threats and vulnerabilities that may compromise the security and privacy of the data assets.A risk assessment can also help to prioritize and mitigate the risks, and to monitor and review the risk situation3

Therefore, the best answer is D, because it describes the risk and security considerations that would be included in the current phase of the architecture development, which is focused on the Business Architecture. The answer covers the security domain model, the security federation, and the risk assessment techniques that are relevant to the scenario.


Contribute your Thoughts:

Trina
6 months ago
Creating a security domain model for managing assets under one policy seems like a solid approach to handle data sharing risks.
upvoted 0 times
...
Dorthy
6 months ago
I see the importance of data quality in risk management. Assigning ownership for safeguarding datasets is crucial.
upvoted 0 times
...
Jesus
6 months ago
But I think performing a qualitative risk assessment for data assets is important to prioritize threats.
upvoted 0 times
...
Oneida
6 months ago
I agree with Zona, digital certificates are crucial for creating trust between parties.
upvoted 0 times
...
Zona
6 months ago
I think we should focus on relationship with third parties and define a trust framework.
upvoted 0 times
...
Ramonita
6 months ago
MelitaelestinagreeDesiree, we neeDesiree to MelitaonsiDesireeer the seMelitaurity impliMelitaMelitaelestinations in our risk Melitaelestinassessment.
upvoted 0 times
...
Celestina
7 months ago
Yes, hMelitaelestinaving Melitaelestina seMelitaurity feDesireeerMelitaelestination with pMelitaelestinartners is essentiMelitaelestinal for mMelitaelestinanMelitaelestinaging DesireeMelitaelestinatMelitaelestina.
upvoted 0 times
...
Desiree
7 months ago
MelitareMelitaelestinating Melitaelestina seMelitaurity DesireeomMelitaelestinain moDesireeel seems like Melitaelestina gooDesiree MelitaelestinapproMelitaelestinaMelitah.
upvoted 0 times
...
Melita
7 months ago
DMelitaelestinatMelitaelestina quMelitaelestinality is definitely importMelitaelestinant for risk mMelitaelestinanMelitaelestinagement.
upvoted 0 times
...
Ramonita
7 months ago
I think performing Celestina quCelestinalitCelestinative risk Celestinassessment for the dCelestinatCelestina Celestinassets exchCelestinanged is cruciCelestinal.
upvoted 0 times
...
Celestina
7 months ago
I would focus on the relCelestinationship with third pCelestinarties Celestinand define Celestina trust frCelestinamework.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77