TOGAF TOGAF Security and Risk Architecture

Question 1

How does TOGAF approach security architecture in the ADM?

Accepted Answer

Security concerns are integrated across all ADM phases as a pervasive concern affecting business, data, application, and technology domains

Answer

Security is addressed only in Phase D (Technology Architecture)

Answer

Security is handled separately outside the ADM

Answer

Security is only relevant in Phase G (Implementation Governance)

Question 2

What is 'Risk Management' in the context of TOGAF Architecture Development?

Accepted Answer

Identifying, classifying, and mitigating risks to the successful development and implementation of the target architecture

Answer

Managing the financial risk of the architecture project budget

Answer

Managing vendor contract risks

Answer

Assessing the risk of technology obsolescence only

Question 3

In TOGAF, what is an 'Initial Risk Assessment' conducted during the ADM?

Accepted Answer

An assessment identifying risks to the architecture engagement conducted in Phase A before detailed architecture work begins

Answer

A security penetration test

Answer

A financial risk assessment for the project

Answer

A vendor risk assessment

Question 4

What are 'Architecture Principles' related to security, and where do they come from in TOGAF?

Accepted Answer

Enduring guidelines derived from business principles that guide security architecture decisions throughout the ADM

Answer

Rules created ad hoc by the security team for each project

Answer

Hardware security specifications

Answer

Vendor security product recommendations

Question 5

How does TOGAF recommend handling 'residual risk' after mitigation strategies are applied?

Accepted Answer

Residual risk is formally accepted and documented with approval from appropriate governance authorities

Answer

Residual risk is always eliminated through further mitigation

Answer

Residual risk is ignored if below a certain threshold

Answer

Residual risk is transferred to the vendor

Question 6

Which TOGAF concept describes the classification of information assets by sensitivity to support security architecture decisions?

Accepted Answer

Information Classification

Answer

Architecture Principles

Answer

Architecture Compliance

Answer

Security Baseline