CEA CEA - Certified Enterprise Architect EA Risk and Security Architecture Questions and Answers

Question 1

Which enterprise architecture layer is PRIMARILY responsible for defining security policies, access controls, and identity management requirements?

Accepted Answer

Security Architecture within the Technology Architecture domain

Answer

Application Architecture

Answer

Data Architecture

Answer

Business Architecture

Question 2

What is the PRIMARY purpose of a threat modeling exercise in enterprise architecture?

Accepted Answer

To identify potential security threats, vulnerabilities, and corresponding mitigation strategies across the architecture

Answer

To estimate project costs

Answer

To create network diagrams

Answer

To define software development standards

Question 3

Which NIST framework is MOST commonly referenced when building a security architecture in US federal or enterprise environments?

Accepted Answer

NIST SP 800-53 (Security and Privacy Controls)

Answer

NIST SP 500-292 (Cloud Computing Reference Architecture)

Answer

NIST SP 800-145 (Cloud Computing Definition)

Answer

NIST SP 800-61 (Incident Handling Guide)

Question 4

In enterprise architecture, what does the term 'defense in depth' mean?

Accepted Answer

Layering multiple security controls so that if one fails, others continue to protect the asset

Answer

Using a single strong firewall to protect all systems

Answer

Focusing security resources on the most critical application only

Answer

Encrypting all data at rest

Question 5

An enterprise architect is designing a cloud migration strategy. Which security principle requires that each component only has access to the resources it needs?

Accepted Answer

Principle of least privilege

Answer

Separation of duties

Answer

Defense in depth

Answer

Non-repudiation

Question 6

What is an Architecture Risk Register used for in enterprise architecture practice?

Accepted Answer

Documenting identified architectural risks, their likelihood, impact, and mitigation actions

Answer

Tracking employee vacation schedules

Answer

Managing vendor invoice payments

Answer

Recording software bug reports