Please read this scenario prior to answering the question.

The Open Group OG0-093 Full Course Access

The Open Group OG0-093 View All Questions

The Open Group OG0-093 Question Answer

You are employed as an Enterprise Architect working within the Enterprise Architecture team at an electric vehicle manufacturer. The company focuses on designing, manufacturing, and advancing battery technology for sustainable transportation. The goal of the company is to build the best technology and software platform to support self-driving cars.

An architecture to support strategy has been completed, defining a long-term Target Architecture with a roadmap over five years. This has identified the need for a portfolio of projects over the next two years. The portfolio includes development of an advanced driver assistance system using data gathered from multiple vehicles on the road.

The design of the presentation and accessibility of different types of data that the company plans to offer through its platform is challenging. It is important for the application portfolio to work securely with third-party cloud services and V2X Vehicle-to-Everything service providers across many countries in order to effectively manage large amounts of data. Stakeholders are particularly concerned about the security of V2X. Regulations in various markets mandate that user privacy must always be safeguarded to prevent tracking and compiling of data that could reveal the drivers’ journeys.

The company follows the TOGAF standard as the basis for its Enterprise Architecture practice and uses the purpose-based EA Capability model as described in the TOGAF Series Guide: A Practitioners’ Approach to Developing Enterprise Architecture Following the TOGAF ADM . The EA team reports to the Chief Information Officer, who is the sponsor of the EA program.

You have been assigned to lead the architecture development effort for the driver assistance system. A security resource plan and a vision for a security-specific architecture design have been completed. You have a meeting with the EA team leader to talk about the progress of your work.

Refer to the scenario.

You have been asked how you will address risk and security at this stage of the architecture project.

Based on the TOGAF standard, which of the following is the best answer?

Data quality is a key factor in risk management. The datasets that need to be safeguarded should be identified. For each dataset, ownership and responsibility for the quality of data should be assigned. A security classification will be defined and applied to each dataset. The dataset owner will then be able to authorize processes that are trusted for a certain activity on the dataset under specific circumstances.

A trust framework should be established with the third parties required for the travel assistance systems. This will describe the relationship with each party and establish the foundation for secure cloud operations. Digital certificates should be a key part of the framework and will be used to create trust between the parties. Regular monitoring for legal and regulatory changes across all the countries should occur to keep the trust framew

Since data is being shared across multiple service providers, a security federation should be established. This includes contractual arrangements and a definition of the responsibility areas for the data exchanged, as well as security implications. Assets with the same security criteria should be grouped together so they can be managed under one security policy. A risk assessment should be carried out to determine the risks relevant to spec

A qualitative risk assessment should be carried out for the data assets exchanged with the service providers. This will deliver a set of priorities, high to medium to low, based on identified threats, the likelihood of occurrence, and the impact. Using the priorities, a Business Risk Model can then be developed detailing the risk strategy, including classifications to determine what mitigation is sufficient. This model can then be used to d

Explanation:

The best answer is C .

The scenario states that the security resource plan and security-specific Architecture Vision have already been completed. That places the work after the early security planning and vision activities and into the development of security-related architecture content. The scenario also emphasizes that data will be shared across third-party cloud services and V2X service providers in many countries. This makes security federation , security domains , responsibility boundaries , security policy , and risk assessment especially relevant.

Option C is the best answer because it matches the TOGAF security guidance most directly. The TOGAF security guidance explains that a security domain groups assets with the same security level under the jurisdiction of one security policy. It also states that the security domain model helps define responsibility areas where responsibility is exchanged with external parties. In this scenario, the company is exchanging and processing vehicle and journey-related data across external V2X and cloud service providers, so defining those responsibility areas is essential.

Option C also correctly addresses security federation . The TOGAF security guidance states that, where the business model includes federation with other organizations and where organizations have data objects or activities in common, the extent of the security federation should be established. It also states that contractual federation agreements should be examined for their security implications. This aligns closely with the scenario because the driver assistance system must operate with multiple third-party service providers and across multiple regulatory jurisdictions.

Option C further includes carrying out a risk assessment for the relevant data assets. TOGAF security guidance defines risk assessment as the activity of determining risks relevant to an asset or objective. In this scenario, the data assets are highly sensitive because they may reveal drivers’ journeys and raise privacy and regulatory concerns. Therefore, the architecture work must identify the relevant risks to those assets and define appropriate security controls and governance.

Option A is not the best answer. It focuses mainly on data quality, dataset ownership, and classification. These are relevant topics, and TOGAF security guidance does recognize data quality and classification as part of security requirements. However, this option does not sufficiently address the key scenario issue: multiple external service providers sharing data through a federated security environment.

Option B is not the best answer. A trust framework is relevant because the scenario involves third parties, but the option overstates the role of digital certificates. The TOGAF security guidance specifically notes that technology such as digital certificates cannot create trust; it can only convey trust that already exists through real-world business relationships, legal agreements, and security policy consistency. For that reason, Option B is weaker than Option C.

Option D is partially correct because qualitative risk assessment and the Business Risk Model are valid TOGAF security concepts. However, it is too narrow for this scenario because it focuses mainly on risk assessment and risk strategy. It does not address the important federated security structure, contractual responsibility boundaries, external service provider relationships, and shared security-policy domains that are central to the problem described.

Therefore, the correct answer is C .

[References:TOGAF Standard, Version 9.2, Part II: Architecture Development Method, Phase A: Architecture Vision and Phase B: Business Architecture.TOGAF Series Guide: Integrating Risk and Security within a TOGAF Enterprise Architecture, Chapter 5: Security Architecture Concepts in the ADM, especially Security Resource Plan, Security Domain Model, Security Federation, Trust Framework, and Risk Assessment., , ]

OG0-093 PDF/Engine

Printable Format
Value of Money
100% Pass Assurance
Verified Answers
Researched by Industry Experts
Based on Real Exams Scenarios
100% Real Questions

Get 65% Discount on All Products, Use Coupon: "ac4s65"

Scenario:Please read this scenario prior to answering the Question.

Please read this scenario prior to answering the question.

Pre-Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac4s65

Please read this scenario prior to answering the question.

The Answer Is:

Explanation:

Quick Links