PrepAway - Latest Free Exam Questions & Answers

which of the following is the best answer?

Scenario
Please read this scenario prior to answering the Question
You are serving as the Lead Architect for an insurance company, which has been formed through the merger of
three previously independent companies. The company now consists of three divisions with the same names
and division headquarters as their predecessors.
The lack of integration between the three divisions has increasingly caused problems in the handling of
customer and financial information. The inability to share information has resulted in lost opportunities to
“leverage the synergies” that had been intended when the company was formed. At present, each division
maintains its own applications. Despite an earlier initiative to install a common application to manage customer,
products, and claims Information, each division has different ways of defining these core elements and has
customized the common application to the point where the ability to exchange information is difficult, costly, and
error-prone.
As a result, the company has made the decision to introduce a common web portal, contact center software
suite, and document management system. Also the company has selected a single enterprise-wide customer
relationship management (CRM) application to consolidate information from several applications that exist
across the divisions. The application will be used by each of the divisions and accessed by third party partners
through well defined interfaces.
The Corporate Board is concerned that the new application must be able to manage and safeguard confidential
customer information in a secure manner that meets or exceeds the legal requirements of the countries in
which the company operates. This will be an increasingly important capability as the company expands its
online services in cooperation with its partners.
The CIO has formed an Enterprise Architecture department, and one of the primary goals in its charter is to
coordinate efforts between the implementation team and the migration teams in each division. The CIO has
also formed a cross-functional Architecture Board to oversee and govern the architecture. The company has an
existing team of security architects.
TOGAF 9 has been selected as the core framework for use for the Enterprise Architecture program. The CIO
has endorsed this choice with the full support of top management.
Refer to the Scenario
In the Preliminary Phase you need to define suitable policies and ensure that the company has the appropriate
capability to address the concerns of the Corporate Board.
Based on TOGAF, which of the following is the best answer?

PrepAway - Latest Free Exam Questions & Answers

A.
You evaluate the implications of the concerns raised by the Corporate Board in terms of regulatory
requirements and their impact on business goals and objectives. Based on this understanding, you then
issue a Request for Architecture Work to commence an architecture development project to develop a
solution that will address the concerns. You allocate a security architect to oversee the implementation of
the new application that is being developed.

B.
You start by clarifying the intent that the Board has for raising these concerns. This enables you to
understand the implications of the concerns in terms of regulatory requirements and the potential impact on
current business goals and objectives. You propose that a security architect or security architecture team beallocated to develop a comprehensive security architecture and that this be considered an additional domain
architecture.

C.
You evaluate the implications of the Board’s concerns by examining the security and regulatory impacts on
business goals, business drivers and objectives. Based on your understanding, you then update the current
security policy to include an emphasis on the concerns. You define architecture principles to form
constraints on the architecture work to be undertaken in the project. You then allocate a security architect to
ensure that security considerations are included in the architecture planning for all domains.

D.
You identify and document the security and regulatory requirements for the application and the data being
collected. You ensure that written policies are put in place to address the requirements, and that they are
communicated across the organization, together with appropriate training for key employees. You identify
constraints on the architecture and communicate those to the architecture team. You establish an
agreement with the security architects defining their role within the ongoing architecture project.


Leave a Reply

Your email address will not be published. Required fields are marked *