SABSA Enterprise Security Architect
Questions And Answers Rated A+ New
Update Assured Satisfaction
What does the attribute profiling technique do? - CORRECT ANSWER-Enables
any unique set of business reqs to be engineered as a standardized and reusable
set of specifications
How must attributes be modeled? - CORRECT ANSWER-Attributes are modeled
into a normalised language that articulates reqs and measures performance
indicators in a way that is instinctive to all stakeholders
What 2 things come after business requirements? (at the contextual layer) -
CORRECT ANSWER-Business drivers for security, then attributes (conceptual
layer)
ICT stands for: - CORRECT ANSWER-Information and Communication
Technology
List SABSA drivers &constraints - CORRECT ANSWER-Drivers and Constraints:
overall business goals for the system
the functional requirements of the system - what should it do?
The materials and/or components avail. For constructing systems
the env. In which the system will be built and used
the skills of the people who build the system
the skills of the people who will use the system
the costs incurred and benefits delivered
Identify how SABSA resolves the historical, tactical & silo-ed approach to
security - CORRECT ANSWER-ensures the holistic, biggest picture is taken into
account and how and why they work together towards common business goals
List the 7 primary features & advantages of the SABSA approach to Enterprise
Security Architecture - CORRECT ANSWER-Feature - Advantage
o Business Driven - value assured
o risk focused - prioritized and proportional
o comprehensive - scalable scope
o modular - agility
o open source - free use, standard
o auditable - demonstrates compliance
, o transparent - two way traceability
List the benefits of an Architecture Framework - CORRECT ANSWER-Managing
Complexity
Maintaining integrity of design in large complex developments
providing a roadmap for all to follow
lowering the TCO
good integration of technical and procedural solutions to business problems
attaining an appropriate balance between strategy, tactics, and operations
resolving conflicting objectives and priorities
predictability, flexibility, and agility
List SABSA guiding principles - CORRECT ANSWER-Arch must not presuppose
any particular:
-cultures or operating regimes
-management style
-set of management processes
-management standards
-technical standards
-technology platforms
***Because all of these will change over time
Is this architecture compatible with/compliant with _______ - CORRECT
ANSWER-a good framework will answer YES
Architecture must meet _____ business requirements - CORRECT ANSWER-Your
own unique business reqs
Architecture must provide ______ to incorporate choice and change of policy,
standards, practices, or legislation - CORRECT ANSWER-Flexibility to
incorporate and pivot in these areas
A layered Framework is: - CORRECT ANSWER-a framework within which many
people can work harmoniously and all act toward the goal of a SINGLE design
authority (NASCAR)
ESA Scope - CORRECT ANSWER-Must never happen bottoms up
resolves problems caused by a long history of piecemeal implementations
business strategy for security is closely linked to the goals of operational risk
mgmt
Deals with conflicting objectives
As part of a business strategy, ESA must balance these: - CORRECT ANSWER-
Usability, interoperability, integration, supportability
Fast time to market, scalability, reusability,
Cost effectiveness
Questions And Answers Rated A+ New
Update Assured Satisfaction
What does the attribute profiling technique do? - CORRECT ANSWER-Enables
any unique set of business reqs to be engineered as a standardized and reusable
set of specifications
How must attributes be modeled? - CORRECT ANSWER-Attributes are modeled
into a normalised language that articulates reqs and measures performance
indicators in a way that is instinctive to all stakeholders
What 2 things come after business requirements? (at the contextual layer) -
CORRECT ANSWER-Business drivers for security, then attributes (conceptual
layer)
ICT stands for: - CORRECT ANSWER-Information and Communication
Technology
List SABSA drivers &constraints - CORRECT ANSWER-Drivers and Constraints:
overall business goals for the system
the functional requirements of the system - what should it do?
The materials and/or components avail. For constructing systems
the env. In which the system will be built and used
the skills of the people who build the system
the skills of the people who will use the system
the costs incurred and benefits delivered
Identify how SABSA resolves the historical, tactical & silo-ed approach to
security - CORRECT ANSWER-ensures the holistic, biggest picture is taken into
account and how and why they work together towards common business goals
List the 7 primary features & advantages of the SABSA approach to Enterprise
Security Architecture - CORRECT ANSWER-Feature - Advantage
o Business Driven - value assured
o risk focused - prioritized and proportional
o comprehensive - scalable scope
o modular - agility
o open source - free use, standard
o auditable - demonstrates compliance
, o transparent - two way traceability
List the benefits of an Architecture Framework - CORRECT ANSWER-Managing
Complexity
Maintaining integrity of design in large complex developments
providing a roadmap for all to follow
lowering the TCO
good integration of technical and procedural solutions to business problems
attaining an appropriate balance between strategy, tactics, and operations
resolving conflicting objectives and priorities
predictability, flexibility, and agility
List SABSA guiding principles - CORRECT ANSWER-Arch must not presuppose
any particular:
-cultures or operating regimes
-management style
-set of management processes
-management standards
-technical standards
-technology platforms
***Because all of these will change over time
Is this architecture compatible with/compliant with _______ - CORRECT
ANSWER-a good framework will answer YES
Architecture must meet _____ business requirements - CORRECT ANSWER-Your
own unique business reqs
Architecture must provide ______ to incorporate choice and change of policy,
standards, practices, or legislation - CORRECT ANSWER-Flexibility to
incorporate and pivot in these areas
A layered Framework is: - CORRECT ANSWER-a framework within which many
people can work harmoniously and all act toward the goal of a SINGLE design
authority (NASCAR)
ESA Scope - CORRECT ANSWER-Must never happen bottoms up
resolves problems caused by a long history of piecemeal implementations
business strategy for security is closely linked to the goals of operational risk
mgmt
Deals with conflicting objectives
As part of a business strategy, ESA must balance these: - CORRECT ANSWER-
Usability, interoperability, integration, supportability
Fast time to market, scalability, reusability,
Cost effectiveness
