The Open Group OGEA-102 Dumps - Pass TOGAF Enterprise Architecture Part 2 Exam in 2026

The Open Group OGEA-102 - TOGAF Enterprise Architecture Part 2 Exam is part of the TOGAF Certifications track and is designed for candidates who want to demonstrate a stronger understanding of enterprise architecture concepts and the TOGAF framework. It is relevant for professionals working with architecture governance, ADM phases, deliverables, and stakeholder alignment. Passing this exam supports your ability to apply TOGAF knowledge in real-world architecture scenarios and strengthens your certification profile.

#	Exam Topics	Sub-Topics	Approximate Weightage (%)
1	Introduction to Enterprise Architecture	EA purpose, business alignment, architecture value	8%
2	The TOGAF Framework Overview	Framework structure, core concepts, TOGAF components	8%
3	Architecture Development Method (ADM) Phases	Phase flow, iteration, inputs and outputs, phase objectives	14%
4	ADM Application and Tailoring	Tailoring approach, applying ADM in context, iteration decisions	10%
5	Stakeholder Roles	Stakeholder identification, responsibilities, concerns	8%
6	Governance Considerations	Governance principles, controls, compliance alignment	8%
7	Architecture Governance	Governance process, review cycles, decision support	10%
8	Business Architecture Fundamentals	Business capabilities, value streams, business structure	9%
9	Key ADM Deliverables	Deliverable types, documentation purpose, outputs by phase	8%
10	Architecture Views and Viewpoints	Viewpoint purpose, stakeholder communication, view selection	7%
11	Architecture Patterns and Reference Models	Pattern usage, reference model role, reuse and consistency	6%
12	Techniques and Deliverables	Technique application, deliverable support, practical usage	4%

This exam tests more than memorization. Candidates must understand TOGAF concepts, recognize how ADM phases work together, and apply architecture knowledge to practical scenarios. It also checks your ability to connect governance, stakeholders, business architecture, and deliverables in a structured way.

How QA4Exam.com Helps You Pass

QA4Exam.com offers Exam PDF materials with actual questions and answers, along with an Online Practice Test designed to match the OGEA-102 exam style. These resources help you experience a realistic exam simulation, review verified answers, and focus on the most relevant topics before test day. The practice format also helps you improve time management and reduce exam pressure. With up-to-date questions and structured preparation, you can study with more confidence and aim to pass on your first attempt.

Frequently Asked Questions

1. Is the The Open Group OGEA-102 exam difficult?

It can be challenging if you are not familiar with TOGAF concepts, ADM phases, and architecture governance. Focused preparation makes a big difference.

2. Who should take the TOGAF Enterprise Architecture Part 2 Exam?

It is intended for candidates pursuing TOGAF Certifications who want to validate their understanding of enterprise architecture and the TOGAF framework.

3. Can I pass OGEA-102 with only braindumps?

Braindumps alone are not the best approach. You should use them with practice and review so you understand how the exam topics are applied.

4. Do I need hands-on experience with TOGAF to pass?

Hands-on exposure can help, but a strong study plan with exam-focused materials can still prepare you well for the questions and concepts covered.

5. Are QA4Exam.com dumps and practice test enough for first-attempt success?

They are designed to give you a strong preparation base by combining actual questions and answers with an online practice test, which supports first-attempt readiness.

6. What format do the QA4Exam.com study materials use?

QA4Exam.com provides an Exam PDF and an Online Practice Test, so you can study offline and also practice in a test-like environment.

7. How do the practice questions help with time management?

The practice test helps you get used to answering questions under exam-style timing, which can improve pacing and reduce last-minute stress.

The questions for OGEA-102 were last updated on Jun 3, 2026.

Viewing page 1 out of 7 pages.
Viewing questions 1-5 out of 34 questions

Get All 34 Questions & Answers

Question No. 1

Please read this scenario prior to answering the question

You are employed as an Enterprise Architect in a team at a large company. The

company sells luxury food and drinks in more than 10,000 stores worldwide. The

company is a leader in using technology to connect with its customers. This includes

online ordering, mobile apps, and rewards programs. The company is also famous for

bringing new ideas to the market, like ordering through apps, using Al to suggest

personalized options, self-service pickup stations, and changing prices based on

demand.

The stores are open every day. They send timely sales data to a central system that

manages inventory. This system can predict what products are needed, adjust how

much stock there is, and order more stock automatically. The stores and the main

inventory system work directly with the mobile apps, allowing orders to be made

online. The central inventory system is located at the company's main data center.

The company will merge with a major competitor. This competitor has a synergistic

business. Leaders from both companies have told shareholders that the merger will

happen fast. There will be minimal impact for customers. All stores will keep the

current brand names. They will combine their systems, choosing the best ones to use.

This means their store management and back-office systems will become one. They

will stop using duplicate systems and use one main system to manage the stores.

They will also cut down on the number of back-office applications they use.

The Request for Architecture Work to oversee the merger has been approved.

Stakeholders, concerns, and business requirements have been identified. The

stakeholders have made it clear that they expect to continue to be able to innovate

quickly, and that changes should not restrict that capability. The scope of what is

inside and what is outside the architecture efforts has been confirmed. The next step

is to revisit and review the Architecture Principles, as they form part of the constraints

on architecture work.

Business Continuity is essential given that the business depends on real-time

ordering and automated inventory management. During the systems integration,

maintaining service for customers and inventory operations must be prioritized

Refer to the scenario

You have been asked to identify the most relevant Architecture Principles for the

merger besides Business Continuity.

Based on the TOGAF standard, which of the following is the best answer?

[Note: You should assume that the company follows the example set of Architecture

Principles provided in the TOGAF standard, ADM Techniques, Architecture Principles

chapter.]

AControl Technical Diversity will help by standardizing technology platforms aspart of the integration process. This will be vital for standardizing the appintegration for digital orders with the back-office systems, and will reducecomplexity and costs during integration. Data Trustee will establish owners tomanage the shared data across the company, thereby assuring data quality.Ease-of-Use is needed to make sure that new user interfaces for the appscontinue to be easy to use.

BPrimacy of Principles will make sure that the same principles apply to bothorganizations of the newly merged operation, creating consistency acrosslocations. Data as an Asset is critical. Since you're maintaining separate mobileapps but consolidating back-end systems, treating data as an asset becomesessential. This principle helps ensure that customer data, and inventoryinformation from both brands are properly integrated and managed.Technology Independence is important when consolidating the back-officeapplications and order processing systems.

CCompliance with the Law makes sure that all company activities comply withrelevant laws and regulations. This principle provides the foundation forensuring the merger meets all legal requirements. Requirements-BasedChange will make sure that when combining systems, changes to applicationsand technology are only made if required by business needs. ResponsiveChange Management focuses on the speed needed to achieve the goals setby the leaders for a quick merger. We are committed to quickly blending thecompanies as planned.

DService orientation will speed up the merger and make it easier to integratesystems while maintaining business operations. Maximize Benefit to theEnterprise will make sure that merger decisions prioritize the overall benefit tothe combined company. Common Use Applications across the mergedcompany is preferred over the use of similar or duplicative applications forcertain parts of the company. This help supports the goal of merging back-office systems to reduce duplication.

Show Answer

Correct Answer: D

You are asked to identify the most relevant Architecture Principles, besides Business Continuity, that apply to a rapid merger, where:

Back-office and store management systems will be consolidated

Duplicate applications will be eliminated

Innovation must remain fast

Customer experience must remain uninterrupted

Combined enterprise value is the priority

TOGAF's example Architecture Principles include four main categories:

Business Principles

Data Principles

Application Principles

Technology Principles

Option D contains the principles that best support the specific needs of the merger as described.

Why Option D is correct

1. Service Orientation (Business Principle)

This principle states that architecture should be organized around services, enabling flexibility, loose coupling, and ease of integration.

For the merger:

Integrating two companies' store systems, mobile apps, and inventory platforms requires modular, interoperable services.

Service orientation directly supports the requirement that innovation must not slow down.

It allows systems to be merged with minimal disruption.

This principle supports fast integration + ongoing innovation --- exactly what stakeholders demand.

2. Maximize Benefit to the Enterprise (Business Principle)

This principle ensures decisions are made from an enterprise-wide (not departmental or local) perspective.

In the scenario:

Two companies are merging.

Decisions must prioritize combined enterprise value, not local optimizations by either company.

System consolidation and elimination of duplicates requires an enterprise-first mindset.

This principle aligns perfectly with a merger that aims to unify operations and reduce redundancy.

3. Common Use Applications (Application Principle)

This is one of the MOST relevant principles in any merger.

TOGAF defines this principle as:

''Applications should be shared across the enterprise and not duplicated.''

In the scenario:

Back-office systems and store management tools must be consolidated.

Duplicate applications are explicitly to be reduced.

One main system will be used across stores.

This principle directly matches the merger's objectives.

Summary

Option D contains the three principles that best support:

A major merger

System consolidation

Reduction of duplication

Enterprise-wide benefit

Flexible, service-oriented integration

Continued innovation

Therefore, Option D is the most appropriate selection according to TOGAF's example Architecture Principles.

Question No. 2

Please read this scenario prior to answering the question

You are the Chief Enterprise Architect at a large food service company specializing in sales to trade and

wholesale, for example, restaurants and other food retailers.

One of your company's competitors has launched a revolutionary product range and is running a very

aggressive marketing campaign. Your company's resellers are successively announcing that they are not

interested in your company's products and will sell your competitor's.

The CEO has stated there must be significant change to address the situation. He has made it clear that

new markets must be found for the company's products, and that the business needs to pivot, and address the retail market as well as the existing wholesale market.

A consideration is the company's ability and willingness to change its business model, and if it is a temporary or permanent change. An additional risk factor is one of culture. The company has been used to a stable business with a reasonably well known and settled client base - all with its own local understandings and practices.

The CEO is the sponsor of the EA program within the company. You have been engaged with the sales,

logistics, production, and marketing teams, enabling the architecture activity to start. An Architecture Vision, Architecture Principles, and Requirements have all been agreed. As you move forward to develop a possible Target Architecture you have identified that some of the key stakeholders' preferences are incompatible. The incompatibilities are focused primarily on time-to-market, cost savings, and the need to bring out a fully featured product range, but there are additional factors.

Refer to the scenario

You have been asked how you will address the incompatibilities between key stakeholder preferences.

Based on the TOGAF standard which of the following is the best answer?

AYou would seek to understand value preferences and priorities of the stakeholders. You woulddevelop alternative Target Architectures, highlighting the gaps between current state and thealternatives. You would consider combining features from one or more alternatives in collaborationwith the stakeholders. A formal stakeholder review should then be held to decide which alternative isfit for purpose and should be moved forward with. You will then secure the funding required.

BYou recommend that since the CEO has stated that the company must pivot, it is better tocompromise on a full product range rather than time-to-market. You would develop just enough of theTarget Architecture to demonstrate fitness of the proposed approach. You would limit the descriptionto just where there is a gap between the current baseline. You would seek approval by thestakeholders to move forward with developing the Target Architecture in detail.

CYou would use the Architecture Vision, Principles, and Requirements to define a set of criteria foralternatives and create a set of architecture views to illustrate the impact of the alternative TargetArchitectures. You would identify the impact on planned projects. You would understand the strengthsand weaknesses of the alternatives. You would conduct a formal stakeholder review to decide whichalternative to move forward with. You will determine the funding required.

DYou would review the Stakeholder Map and ensure that you have addressed and represented theconcerns of all department heads. You will involve them in resolving the incompatibilities. TheCommunications Plan should include a report that summarizes the key features of the architecturewith and how incompatibilities were resolved to reflects the stakeholders' requirements. You willcheck with each key stakeholder they are satisfied with how the incompatibilities have been resolved.

Show Answer

Correct Answer: C

According to the TOGAF standard, the Target Architecture is the description of a future state of the architecture being developed for an organization. It should be aligned with the Architecture Vision, Principles, and Requirements that have been agreed with the stakeholders. To address the incompatibilities between key stakeholder preferences, the TOGAF standard recommends creating and evaluating multiple alternative Target Architectures that meet different sets of criteria. These criteria should reflect the value preferences and priorities of the stakeholders, as well as the business drivers and objectives. The alternative Target Architectures should be illustrated using a set of architecture views that show the impact of each alternative on the business, data, application, and technology domains. The impact on planned projects should also be identified and analyzed. The strengths and weaknesses of each alternative should be understood and documented. A formal stakeholder review should then be conducted to decide which alternative is the most fit for purpose and should be moved forward with. The funding required for implementing the chosen alternative should also be determined and secured.Reference:

The TOGAF Standard, Version 9.2 - Phase B: Business Architecture - The Open Group

The TOGAF Standard, Version 9.2 - Phase C: Information Systems Architectures - The Open Group

[The TOGAF Standard, Version 9.2 - Phase D: Technology Architecture - The Open Group]

[The TOGAF Standard, Version 9.2 - Phase E: Opportunities and Solutions - The Open Group]

[The TOGAF Standard, Version 9.2 - Phase F: Migration Planning - The Open Group]

Question No. 3

Please read this scenario prior to answering the question

You are working as Chief Enterprise Architect at a large Internet company. The company has many divisions, ranging from cloud to logistics. The company has grown rapidly, expanding from initially selling physical books and media to a range of services including an online marketplace, live-streaming. eBooks. and cloud services.

Overall management of the numerous divisions has become challenging. Recent high-profile projects have overrun on budget and under delivered, damaging the company's reputation, and adversely impacting its share price. There is a widely held view within the executive management that the organization structure has played a major role in these project failures.

The company has an established Enterprise Architecture program based on the TOGAF standard, sponsored jointly by the Chief Executive Officer (CEO) and Chief Information Officer (CIO). The CEO has decided that the company needs to reorganize its divisions around artificial intelligence and machine learning with a focus on automation. The CEO has worked with the Enterprise Architects to create a strategic architecture for the reorganization, including an Architecture Vision, together with definitions for the four domain architectures. This sets out an ambitious vision of the future of the company over a three-year period. This includes a set of work packages and includes three distinct transformations.

The CIO has made it clear that prior to the approval of the detailed Implementation and Migration plan, the EAteam will need to assess the risks associated with the proposed architecture. He has received concerns from key stakeholders across the company that the proposed reorganization may be too ambitious and there is doubt whether it can produce sufficient value to warrant the risks.

Refer to the scenario

You have been asked to recommend an approach to satisfy these concerns. Based on the TOGAF Standard, which of the following is the best answer?

AThe Enterprise Architects should evaluate the organization's readiness to undergo change. This will allow the risks associated with the transformations to be identified, classified, and mitigated for. This should include identifying dependencies between the set of changes, including gaps and work packages. It will also identify improvement actions to be worked into the Implementation and Migration Plan. The business value, effort, and risk associated for each transformation should be determined.

BThe Enterprise Architects should bring together information about potential approaches and produce several alternative target transition architectures. They should then investigate the different architecture alternatives and discuss these with stakeholders using the Architecture Alternatives and Trade-offs technique. Once the target architecture has been selected, it should be analyzed using a state evolution table to determine the Transition Architectures. A value realization process should then be established to ensure that the concerns raised are addressed.

CEstablishing interoperability in alignment with the corporate operating model will ensure risks are minimized. The Enterprise Architects should apply an interoperability analysis to evaluate any potential issues across the architecture. This should include the development of a matrix showing the interoperability requirements. These can then be included within the transformation strategy embedded in the target transition architectures. The Enterprise Architects should then finalize the Architecture Roadmap and the Implementation and Migration Plan.

DBefore preparing the detailed Implementation and Migration plan, the EnterpriseArchitects should review and consolidate the gap analysis results from Phases B toThis will identify the transformations required to achieve the proposed TargetArchitecture. The Enterprise Architects should then assess the readiness of theorganization to undergo change and determine an overall direction to address andmitigate risks identified. The Transition Architecture should then be planned to use astate evolution table.

Show Answer

Correct Answer: A

The Business Transformation Readiness Assessment is a technique that can be used to evaluate the readiness of the organization to undergo change and to identify the actions needed to increase the likelihood of a successful business transformation. This technique can help to address the concerns of the key stakeholders about the risks and value of the proposed reorganization. The technique involves assessing the following aspects of the organization: vision, commitment, capacity, capability, culture, and communication. Based on the assessment, the risks associated with the transformations can be identified, classified, and mitigated for. The technique also helps to identify the dependencies between the set of changes, including gaps and work packages, and the improvement actions to be worked into the Implementation and Migration Plan.The technique also supports the determination of the business value, effort, and risk associated for each transformation, which can be used to prioritize and sequence the work packages and the Transition Architectures1Reference:1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 27: Business Transformation Readiness Assessment

Question No. 4

Please read this scenario prior to answering the question

You have been appointed as Chief Enterprise Architect (CEA). reporting to the Chief Technical Officer (CTO), of a company established as a separate operating entity by a major automotive manufacturer. The mission of the company is to build a new industry leading unified technology and software platform for electric vehicles.

The company uses the TOGAF Standard as the basis for its Enterprise Architecture (EA) framework, and architecture development follows the purpose-based EA Capability model as described in the TOGAF Series Guide: A Practitioners'Approach to Developing Enterprise Architecture Following the TOGAF ADM.

An end-to-end Target Architecture has been completed with a roadmap for change over a five-year period. The new platform will be a cross-functional effort between hardware and software teams, with significant changes over the old platform. It is expected to be developed in several stages over three years. The EA team has inherited the architecture for the previous generation hardware and software automotive platform, some of which can be carried over to the new unified platform. The EA team has started to define the new platform, including defining which parts of the architecture to carry forward.

Enough of the Business Architecture has been defined, so that work can commence on the Information Systems and Technology Architectures. Those need to be defined to support the core business services that the company plans to provide. The core services will feature an innovative approach with swarm data generated by vehicles, paving the way for autonomous driving in the future.

The presentation and access to different variations of data that the company plans to offer through its platform pose an architecture challenge. The application portfolio and supporting infrastructure need to interact with various existing cloud services and data-

Refer to the scenario

You have been asked what approach should be taken to determine and organize the work to deliver the requested architectures?

Based on the TOGAF standard which of the following is the best answer?

AYou would look outside the enterprise to research data models and application portfolios of leading big data businesses. You would develop just enough applications, data, and technology architecture to identify options. For each project this should include identification of candidate architecture and solution building blocks. You will identify solution providers, perform a readiness assessment, and assess the viability and fitness of the solution options. You will then document the draft Implementation and Migration plan.

BYou would refer to the end-to-end Target Architecture for guidance and direction. The first objective should be to identify projects, dependencies and synergies, then prioritize before initiating the projects. You will develop high-level architecture descriptions. For each project you would estimate effort size, identify reference architectures, and candidate building blocks. You will identify the resource needs considering cost and value. You will document options, risks, and controls to enable viability analysis and trade-off with the stakeholders.

CYou will revisit ADM Phase A. identifying the stakeholders and creating a new Architecture Vision. You will update the Stakeholder map produced for the strategic architecture so it reflects the stakeholders who are now the most relevant to the projects that are to be developed. You would then ask the CTO to make some decisions about the Architecture Roadmap, and update the Implementation and Migration Plan to reflect the decisions.

DYou will research leading data businesses, developing high-level Target Data, Application and Technology Architectures. You would review the Architecture Vision in order to estimate the level of detail, time, and breadth of the ADM cycle phases that will be needed to develop the architecture. You will identify and cost major work packages, and then develop an Architecture Roadmap. You would then seek approval by the Architecture Board and initiate the project.

Show Answer

Correct Answer: B

The Target Architecture is a description of the future state of the architecture that addresses the business goals and drivers, and satisfies the stakeholder requirements and concerns. The Target Architecture is developed through the Architecture Development Method (ADM), which is the core process of the TOGAF standard that guides the development and management of the enterprise architecture. The Target Architecture is typically divided into four domains: Business, Data, Application, and Technology.The Target Architecture also includes a roadmap for change, which defines the Transition Architectures, the Capability Increments, and the work packages that enable the transition from the Baseline Architecture to the Target Architecture12

The best answer is B, because it describes the approach that should be taken to determine and organize the work to deliver the requested architectures, which are the Information Systems and Technology Architectures. The answer covers the following steps:

Refer to the end-to-end Target Architecture for guidance and direction. The end-to-end Target Architecture provides the overall vision, scope, and objectives of the architecture work, and the alignment with the business strategy and goals. The end-to-end Target Architecture also provides the high-level definitions and principles for the four architecture domains, and the roadmap for change that outlines the major milestones and deliverables.

Identify projects, dependencies and synergies, then prioritize before initiating the projects. Projects are the units of work that implement the architecture work packages, which are the sets of actions or tasks that are required to implement a specific part of the architecture. Dependencies are the relationships and constraints that affect the order or priority of the projects, such as logical, temporal, or resource dependencies. Synergies are the benefits or advantages that result from the combination or coordination of the projects, such as cost savings, efficiency gains, or innovation opportunities. Prioritization is the process of ranking the projects according to their importance, urgency, or value, and assigning resources and schedules accordingly.

Develop high-level architecture descriptions. High-level architecture descriptions are the outputs of the architecture development phases (B, C, and D) of the ADM cycle, which describe the Business, Data, Application, and Technology Architectures in terms of the Architecture Building Blocks (ABBs) and the Solution Building Blocks (SBBs), which are reusable components of business, IT, or architectural capability. High-level architecture descriptions also include the Architecture Views, which are representations of the system of interest from the perspective of one or more stakeholders and their concerns.

For each project, estimate effort size, identify reference architectures, and candidate building blocks. Effort size is the measure of the amount of work, time, or resources required to complete a project. Effort size can be estimated using various techniques, such as analogy, expert judgment, parametric, or bottom-up. Reference architectures are standardized architectures that provide a common framework and vocabulary for a specific domain or industry. Reference architectures can be used as a source of best practices, patterns, and models for the architecture development. Candidate building blocks are the potential ABBs or SBBs that can be used to implement the architecture. Candidate building blocks can be identified from the Architecture Repository, which is a collection of architecture assets, such as models, patterns, principles, standards, and guidelines.

Identify the resource needs considering cost and value. Resource needs are the specifications and criteria that define the acceptable level and quality of the resources required to complete the project, such as human, financial, physical, or technological resources. Resource needs can be identified by analyzing the scope, complexity, and dependencies of the project, and the availability, capability, and suitability of the resources. Cost and value are the factors that influence the allocation and utilization of the resources, such as the budget, the return on investment, the benefits, or the risks.

Document options, risks, and controls to enable viability analysis and trade-off with the stakeholders. Options are the alternative ways of achieving the project objectives, such as different solutions, technologies, vendors, or approaches. Risks are the effects of uncertainty on the project objectives, such as threats or opportunities. Controls are the measures or actions that are taken to prevent, reduce, or mitigate the risks, such as policies, procedures, or standards. Viability analysis is the process of evaluating and comparing the options, risks, and controls, and determining the feasibility, suitability, and desirability of each option. Trade-off is the decision outcome that balances and reconciles the multiple, often conflicting, requirements and concerns of the stakeholders, and ensures alignment with the Architecture Vision and the Architecture Principles.

:1: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 5: Introduction to the ADM2: The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 36: Building Blocks : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18: Phase A: Architecture Vision : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 19: Phase B: Business Architecture : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 20: Phase C: Information Systems Architectures : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 21: Phase F: Migration Planning : The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 23: Architecture Principles : The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 30: Trade-Off Analysis : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 46: Tools for Architecture Development : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 47: Architecture Board : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 48: Architecture Compliance : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 49: Architecture Contract : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 50: Architecture Governance : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 51: Architecture Maturity Models : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 52: Architecture Skills Framework

Question No. 5

Please read this scenario prior to answering the question

You are employed as an Enterprise Architect at a technology company, reporting directly

to the Chief Enterprise Architect. The company supplies personnel and delivers cloud-

based solutions to numerous government agencies.

The nature of the business is such that the data and the information stored on the

company systems is the company's major asset and is highly confidential. The company

employees work remotely and need constant access to the company systems, which is

done by the public infrastructure. They use message encryption, secure internet

connections using Virtual Private Networks (VPNs), and other standard security

measures. The company provides computer security awareness training for all its staff.

The Chief Security Officer (CSO) has noted an increase in distributed denial of service

(DDoS) attacks on companies with a similar profile. The CSO understands that even

with thorough preparation, a major attack could stop employees from being able to do

their jobs. This could lead to a large financial loss, damage to the company's reputation

with customers, and employees being unable to work.

A risk assessment has been completed and the company has looked for cyber insurance

that covers such attacks. The price for this insurance is very high. The CTO has decided

not to get cyber insurance to cover such attacks.

The company follows the TOGAF standard as the method and guiding framework for its

Enterprise Architecture (EA) practice. The Chief Technology Officer (CTO) is the sponsor

of the activity. The practice uses an iterative approach for its architecture development.

This has enabled the decision makers to gain valuable insights into the different aspects

of the business

Please read this scenario prior to answering the question

You have been asked to describe the steps you would take to strengthen the current

architecture to improve data protection.

Based on the TOGAF standard which of the following is the best answer?

AYou would request technology updates from existing suppliers that improve thecompany's capabilities to detect, react, and recover from an incident. Youwould run a simulated ransomware attack to evaluate the current EnterpriseArchitecture's resilience and recovery capabilities. Using the findings, youwould perform a gap analysis of the current Enterprise Architecture, andprepare change requests to address identified gaps. You would document thechanges implemented and add to the Architecture Repository.

BYou would run a planning exercise to assess the business continuityrequirements and analyze the current Enterprise Architecture for gaps. Youcreate a formal change request related to business resilience and maintainingcritical business functions. You would arrange a meeting of the ArchitectureBoard to assess and approve the change request. Once approved you wouldcreate a new Request for Architecture Work to begin an ADM cycle toimplement the changes.

CYou would ensure that business value and cost of continuity measures areunderstood by key stakeholders, and that the company has in place up-to-dateprocesses for managing change to the current Enterprise Architecture. Yourecommend that DDoS mitigation be addressed at the infrastructure level toensure effective, scalable protection. Changes should be made to the baselinedescription of the Technology Architecture. The changes should be approvedby the Architecture Board and implemented by change managementtechniques.

DYou would hold an Architecture Compliance Review with the scope to examinethe company's ability to respond to such attacks. You would identify thedepartments involved and have them nominate representatives. You wouldthen tailor checklists to address the requirement for increased businesscontinuity and resilience. You would circulate the checklists to the nominatedrepresentatives for them to complete. You would review the completedchecklists, identifying and resolving issues. You would then determine andpresent your recommendations to the Architecture Board.

Show Answer

Correct Answer: B

In this scenario, the CTO has not purchased cyber-insurance, the CSO is concerned about increased DDoS risk, and YOU (the EA) are asked ''to describe the steps you would take to strengthen the current architecture to improve data protection.''

Because the company follows the TOGAF standard and uses an iterative ADM cycle, the correct response must:

Start with the risk/continuity concern

Use the formal TOGAF change management process

Lead to a Request for Architecture Work

Initiate a new ADM cycle to update the architecture properly

Ensure Architecture Board governance

Option B is the only answer that matches TOGAF's required process.

Why Option B is correct (TOGAF-aligned)

Option B follows TOGAF's Architecture Change Management (Phase H) process:

Assess the business continuity requirements-- Correct: Phase H requires evaluating change triggers such as new risks, threats, or incidents.-- DDoS risk business continuity concern legitimate architecture change trigger.

Analyze the current architecture for gaps-- Correct: TOGAF Phase H requires assessing whether the current baseline architecture can support required resilience.

Create a formal Change Request-- Exactly correct: Phase H outputs Architecture Change Requests (ACRs) for significant changes.-- ACR includes description, rationale, and impact (in this case: resilience, continuity, and data protection).

Architecture Board reviews/approves the change request-- Correct: All major architecture changes must go through Architecture Governance.

Create a new Request for Architecture Work (RFAW)-- Required when the change is significant and needs a new ADM cycle.-- Strengthening data protection and business continuity DEFINITELY qualifies as a major change.

Begin a new ADM cycle to implement the changes-- Perfectly aligned with TOGAF's iterative approach:Business continuity update Technology Architecture updated security patterns updated Target Architecture.

This is exactly the TOGAF-prescribed method to strengthen an architecture when significant new risks appear.

Therefore, Option B is the correct and TOGAF-compliant answer.

Why the other options are incorrect

A -- Not TOGAF-aligned

Starts with vendors and simulations (not TOGAF-first steps).

No mention of Architecture Board or Change Management.

No Request for Architecture Work.

Gap analysis alone is not the first step for significant architectural risk.

C -- Too narrow and skips TOGAF governance

Jumps straight to modifying the Technology Architecture baseline.

No Change Request, no RFAW, no ADM cycle initiation.

Recommends a solution (''DDoS mitigation at infrastructure level'') before architectural assessment.

D -- Misuses Architecture Compliance Review

Architecture Compliance Reviews check conformity to an existing architecture---not evaluate new risks or design resilience enhancements.

A compliance review is not the correct first step for addressing new threats.

Unlock All Questions for The Open Group OGEA-102 Exam

Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits

Get All 34 Questions & Answers