OGEA-103 Sample Questions Answers

A Request for Architecture Work is a document that describes the scope, approach, and expected outcomes of an architecture project. A Request for Architecture Work is usually initiated by the sponsor or client of the architecture work, and approved by the Architecture Board, which is a governance body that oversees the architecture work and ensures compliance with the architecture principles, standards, and goals. A Request for Architecture Work triggers a new cycle of the Architecture Development Method (ADM), which is the core process of the TOGAF standard that guides the development and management of the enterprise architecture12

An Architecture Vision is a high-level description of the desired outcomes and benefits of the proposed architecture. An Architecture Vision is the output of Phase A: Architecture Vision of the ADM cycle, which is the first phase of the architecture development. An Architecture Vision defines the scope and approach of the architecture work, and establishes the business goals and drivers that motivate the architecture work. An Architecture Vision also involves obtaining the approval and commitment of the sponsors and other key stakeholders, and initiating the Architecture Governance process3

A trade-off analysis is a technique that can be used to evaluate and compare different architecture alternatives and select the most suitable one. A trade-off analysis involves identifying the criteria and factors that are relevant to the decision, such as costs, benefits, risks, and opportunities, and assessing the strengths and weaknesses of each alternative. A trade-off analysis also involves balancing and reconciling the multiple, often conflicting, requirements and concerns of the stakeholders, and ensuring alignment with the Architecture Vision and the Architecture Principles.

Therefore, the best answer is D, because it proposes the best approach for architecture development to realize the CEO’s change in direction for the company. The answer covers the Request for Architecture Work, the Architecture Vision, and the trade-off analysis techniques that are relevant to the scenario.

 1: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 7: Request for Architecture Work 2: The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 50: Architecture Governance 3: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18: Phase A: Architecture Vision : The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 30: Trade-Off Analysis

According to the TOGAF Standard, 10th Edition, architecture governance is “the practice by which enterprise architectures and other architectures are managed and controlled at an enterprise-wide level” 1. Architecture governance ensures that the architecture development and implementation are aligned with the strategic objectives, principles, standards, and requirements of the enterprise, and that they deliver the expected value and outcomes. Architecture governance also involves establishing and maintaining the architecture framework, repository, board, contracts, and compliance reviews 1. The other options are not correct, as they are not the term used by the TOGAF Standard to describe the practice by which the enterprise architecture is managed and controlled at an enterprise-wide level. Corporate governance is “the system by which an organization is directed and controlled” 2, and it covers aspects such as leadership, strategy, performance, accountability, and ethics. IT governance is “the system by which the current and future use of IT is directed and controlled” 2, and it covers aspects such as IT strategy, policies, standards, and services. Technology governance is “the system by which the technology decisions and investments are directed and controlled” 3, and it covers aspects such as technology selection, acquisition, deployment, and maintenance. References: 1: TOGAF Standard, 10th Edition, Part VI: Architecture Governance, Chapter 44: Introduction. 2: TOGAF Standard, 10th Edition, Part I: Introduction, Chapter 3: Definitions. 3: TOGAF Series Guide: Using the TOGAF Framework to Define and Govern Service-Oriented Architectures, Part II: Using the TOGAF Framework to Define and Govern Service-Oriented Architectures, Chapter 5: Technology Governance.

In this scenario you are right at the start of an ADM cycle: a Request for Architecture Work has been approved to investigate AI, and there are strong stakeholder concerns and risk questions. According to the TOGAF standard, the correct place to start is Phase A: Architecture Vision, with a strong focus on stakeholder management and capturing their concerns and required views.

Option A is the only answer that correctly reflects this:

Stakeholder analysis & Stakeholder Map (Phase A core task)TOGAF explicitly states that in Phase A you must:

Identify stakeholders

Analyze and group them by common concerns

Use a Stakeholder Map to understand their influence, interest, and required engagement

Determine which views/viewpoints are needed to address their concerns in the architecture description coe.qualiware.com+1

Option A says:

“analysis of the stakeholders … define groups of stakeholders who have common concerns and include development of a Stakeholder Map. The concerns and relevant views should then be defined for each group and recorded in the Architecture Vision document.”

This is exactly how TOGAF describes stakeholder management and views in Phase A:

Stakeholder Map to classify and prioritize stakeholders

Concerns and required views captured and traced

These elements feeding into the Architecture Vision deliverable Visual Paradigm TOGAF+1

Concerns, views, and Architecture VisionTOGAF emphasizes that architecture views are constructed to address specific stakeholder concerns; you do not just build generic models. opengroup.org+1

Option A explicitly links concerns → views → Architecture Vision, which aligns with TOGAF guidance for early phases.

Capturing this in the Architecture Vision provides a high-level, shared understanding of what the AI initiative is trying to achieve and how stakeholder issues (e.g., responsible AI, risk processes, change in way of working) will be addressed.

Risk management and “architecting with agility”In the scenario, the CIO has encouraged architecting with agility. TOGAF is compatible with incremental and iterative development of the target architecture, especially when there is high uncertainty and risk. conexiam.com

Option A includes:

“a requirement that there be progressive development of the target architecture to ensure there is regular feedback.”

This “progressive development” and frequent feedback loop is exactly how you mitigate risk in an AI-heavy, change-sensitive initiative:

Frequent stakeholder feedback

Early validation of assumptions

Ability to adjust scope, constraints, and principles as risk and understanding evolve

This directly addresses management’s worry about the change in the way of working and whether risk management and responsible AI policies are adequate: these become explicit stakeholder concerns and requirements that are iteratively refined.

Why the other options are weaker / not TOGAF-aligned as a starting point

Option B

Focuses mainly on a Communications Plan and powerful stakeholders.

While TOGAF does expect a stakeholder communications plan, it is derived from a proper stakeholder analysis and Stakeholder Map, not a substitute for it.

It also treats risk as a “component of the architecture” rather than something to be addressed early through stakeholder concerns, principles, and iteration.

Option C

Jumps straight to a solution concept diagram and benefits diagram and defers risk evaluation to when the Architecture Roadmap is defined (Phase E).

In TOGAF, risk and stakeholder concerns must be addressed already in Phase A and refined throughout, not postponed to roadmap development.

Option D

Proposes creating draft Business, Data, Application, and Technology models and putting them into the Architecture Vision.

This is too detailed for the starting point: Phase A is about high-level vision, not full draft core architecture models (those belong in Phases B, C, D).

It also doesn’t emphasize Stakeholder Mapping and grouping by concerns, which is central to resolving the worries about way of working, risk, and responsible AI.

In summary, Option A is the best and TOGAF-consistent way to begin:

Start in Phase A: Architecture Vision

Perform stakeholder analysis and create a Stakeholder Map

Define stakeholder concerns and relevant views

Record them in the Architecture Vision

Add an explicit requirement for progressive (iterative) development of the target architecture for continuous feedback and risk mitigation

The Business Transformation Readiness Assessment is a technique that can be used to evaluate the readiness of the organization to undergo change and to identify the actions needed to increase the likelihood of a successful business transformation. This technique can help to address the concerns of the key stakeholders about the risks and value of the proposed reorganization. The technique involves assessing the following aspects of the organization: vision, commitment, capacity, capability, culture, and communication. Based on the assessment, the risks associated with the transformations can be identified, classified, and mitigated for. The technique also helps to identify the dependencies between the set of changes, including gaps and work packages, and the improvement actions to be worked into the Implementation and Migration Plan. The technique also supports the determination of the business value, effort, and risk associated for each transformation, which can be used to prioritize and sequence the work packages and the Transition Architectures1 References: 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 27: Business Transformation Readiness Assessment

Risk Management is the process of identifying, assessing, and responding to risks that may affect the achievement of the enterprise’s objectives. Risk Management involves balancing positive and negative outcomes resulting from the realization of either opportunities or threats. Reference: The TOGAF® Standard | The Open Group Website, Section 3.3.3 Risk Management.

Comprehensive and Detailed In-Depth Explanation from Expert in Enterprise Architecture, guiding in TOGAF and ArchiMate:

TOGAF adopts a formal risk management perspective aligned with widely accepted enterprise risk management practices. Within the ADM, risks are identified, analyzed, treated, and monitored throughout all phases, particularly during Architecture Governance and Implementation Governance.

TOGAF explicitly distinguishes between:

Initial Risk:The level of risk identified before any mitigation actions are applied. This represents the inherent exposure associated with an architecture decision, solution, or implementation approach.

Residual Risk:The level of risk that remains after mitigation measures have been applied. This residual risk must be explicitly accepted, monitored, or further treated by governance bodies.

Why Option D is correct:

TOGAF requires both Initial and Residual risks to be documented and monitored to ensure informed decision-making and effective governance throughout the ADM lifecycle.

Why the other options are incorrect:

A. Technical and Financial level: These are categories of risk, not the two monitoring levels defined by TOGAF.

B. Mitigated and Revised level: These terms are not used as formal risk levels in TOGAF.

C. Operational and Strategic level: These describe business risk domains, not TOGAF-defined monitoring levels.

Authoritative TOGAF References:

TOGAF Risk Management

TOGAF Architecture Governance

TOGAF ADM Guidelines and Techniques – Risk Management

============

The scenario clearly states that:

The overall objective is known,

BUT the EA team is expected to define the scope, shared vision, and requirements,

The company uses an iterative approach,

The CEO wants repurpose and reuse rather than replace,

This is a major strategic shift (new markets, new products, new crop mix).

According to the TOGAF standard, when the problem must be understood, and scope, vision, and requirements are not yet defined, the correct starting point is Phase A: Architecture Vision, using an iteration cycle.

This is also consistent with the “baseline-first” approach recommended in the TOGAF Series Guides for situations where:

the business direction is known but high-level,

detailed impacts must be discovered,

and the organization wants to reuse existing capabilities rather than replace them.

Option B is the only answer that:

Begins by understanding the problem,

Defines the structure of the change,

Uses iteration cycles starting with a baseline-first approach,

Leads into transition planning,

Supports clarification of the shared vision and requirements,

Fits the CIO’s instruction to “define the scope, shared vision, and requirements.”

This matches exactly what TOGAF prescribes in early-cycle Architecture Vision and initial iterations.

Option A best aligns with TOGAF Phase A: Architecture Vision, which is the starting phase for an architecture development cycle in TOGAF. This phase sets the foundation for the architecture engagement and ensures alignment with stakeholders and their concerns, especially when evaluating a major transformation like moving to a cloud-based planning and scheduling system.

???? Key TOGAF Concepts Supporting Option A:

1. Phase A: Architecture Vision Objectives

Establish the high-level scope, constraints, and expectations.

Identify stakeholders and define their concerns and business requirements.

Create the Architecture Vision, which includes:

Summary-level Baseline and Target Architecture views (business, data, application, and technology).

Initial requirements and key concerns.

Stakeholder buy-in and approval for moving forward.

2. Engagement with Stakeholders

In this case, the plant managers and local supply chain partners have concerns regarding safety and dependability.

TOGAF emphasizes early engagement with business stakeholders to ensure concerns are identified and incorporated into the vision.

3. Creating Architecture Vision Document

A deliverable of Phase A.

Includes high-level descriptions of the baseline and target architectures, initial business goals, and stakeholder viewpoints.

Used to build agreement and obtain formal approval to proceed with detailed architecture work in later phases (B–D).

❌ Why Other Options Are Incorrect:

B: Focuses on suppliers and not the actual stakeholders impacted by the architecture — i.e., plant managers and internal operations. This diverts from TOGAF’s stakeholder-driven approach in Phase A.

C: This reflects Phases B–D of the ADM (Business, Information Systems, and Technology Architecture). It is too detailed and premature for the start of the project. In Phase A, you don’t yet develop full baseline and target architectures or conduct a consolidated gap analysis.

D: While interviewing stakeholders is valid in Phase A, this option lacks a holistic view of the Architecture Vision development, and skips the TOGAF requirement to produce summary views of the baseline and target architectures and to use them to drive stakeholder buy-in. It is tactically correct, but strategically incomplete.

???? TOGAF Source References:

TOGAF 9.2 – Section 6.2 (Phase A: Architecture Vision)

"The Architecture Vision describes how the proposed architecture support the business goals, and the strategic direction. It also provides a high-level description of the baseline and target architectures and identifies key stakeholders and concerns."

TOGAF 9.2 – Part IV, Architecture Content Framework

"The Architecture Vision includes the scope, constraints, and expectations. It forms the basis for approval to proceed with further architecture development."

Option C aligns best with TOGAF Phase F: Migration Planning, which deals with developing a detailed Implementation and Migration Plan, ensuring alignment with other enterprise frameworks, and assigning business value to work packages and projects.

???? TOGAF Phase F Activities (from the standard):

Confirm Management Framework Interactions:

Per TOGAF, Phase F ensures that the migration planning is aligned with the business planning, portfolio/project management, and operations management frameworks used by the enterprise (which are mentioned in the scenario).

TOGAF emphasizes coordination between EA and other enterprise governance processes.

Prioritize Projects:

TOGAF recommends using business value, resource availability, and strategic alignment to prioritize the various work packages and projects for implementation.

This is directly referenced in option C: "assign a business value to each project, considering the available resources and how well they align with the strategy."

Update Roadmaps and Implementation Plan:

After coordination and prioritization, the Architecture Roadmap and the Implementation and Migration Plan are updated.

This is essential before formal governance (Phase G).

❌ Why the Other Options Are Incorrect:

A: Incorrect focus on updating the Architecture Definition Document and lessons learned.

The Architecture Definition Document is mostly finalized in Phases B–E.

Lessons learned and governance modeling are more relevant to Phase G (Implementation Governance) and Phase H (Architecture Change Management), not Phase F.

B: Although it mentions the Business Value Assessment Technique (a valid tool in TOGAF), it includes Architecture Definition Increments Table, which is not a standard TOGAF artifact.

Also, "document the lessons learned" is premature in Phase F; these are more applicable in Phase H.

D: Focuses on Compliance Assessment, which is part of Phase G (Implementation Governance), not Phase F.

Changing performance requirements based on monitoring tools is handled during operations and change management, not during migration planning.

???? Source References from TOGAF:

TOGAF 9.2 – Section 11.3 (Phase F: Migration Planning)

"Activities include confirming the enterprise's capability for transition, prioritizing projects, identifying dependencies and resource availability, and co-ordinating with other management frameworks."

TOGAF 9.2 – Section 11.4 Outputs:

Architecture Roadmap (updated)

Implementation and Migration Plan (updated)

Business Value Assessment

Consolidated Gaps, Solutions, and Dependencies

In the TOGAF framework, understanding and addressing stakeholder concerns is crucial, particularly for complex projects with high stakes like the AI-first initiative described in the scenario. This approach aligns well with TOGAF’s ADM (Architecture Development Method) and its emphasis on effective stakeholder management and risk assessment. Here’s why this is the best course of action:

Stakeholder Analysis and Documentation:Conducting a stakeholder analysis is foundational in the early stages of any TOGAF project, particularly during the Preliminary and Architecture Vision phases. This process involves identifying the different stakeholders, understanding their positions, documenting their concerns, and considering any cultural factors that might influence their perspective on the AI-first initiative. Given the diverse concerns raised (such as job security, skill requirements, and cybersecurity), it’s essential to have a clear understanding of each stakeholder group’s priorities and fears.

Recording Concerns in the Architecture Vision Document:The Architecture Vision phase in TOGAF focuses on defining the high-level scope and objectives of the architecture project. By documenting stakeholder concerns and the corresponding views in the Architecture Vision document, the EA team ensures that these concerns are transparently acknowledged and addressed as part of the strategic direction. This step not only aligns with TOGAF best practices but also helps in building stakeholder buy-in and trust.

Architecture Requirements Specification and Risk Management:Risk management is a key aspect of TOGAF’s ADM, particularly in the Requirements Management and Implementation Governance phases. Documenting the requirements for addressing specific risks in the Architecture Requirements Specification provides a structured way to ensure that identified risks are acknowledged and managed throughout the transformation. Regular assessments and feedback loops ensure ongoing alignment and adaptability to emerging risks, which is particularly important given the dynamic nature of AI and its associated challenges.

Alignment with TOGAF ADM Phases:This approach follows the prescribed flow of TOGAF’s ADM, starting with stakeholder engagement in the Preliminary and Architecture Vision phases and progressing to risk assessment in the Requirements Management phase. By maintaining afocus on stakeholder needs and formalizing these into architecture requirements, the EA team can ensure that the architecture not only meets business objectives but also mitigates stakeholder concerns.

TOGAF Reference on Stakeholder Management Techniques:TOGAF places significant emphasis on managing stakeholder concerns through its stakeholder management techniques, which highlight the need to systematically identify, analyze, and address the concerns of all involved parties. This practice helps ensure that the architecture is viable and accepted across the organization.

By conducting a thorough stakeholder analysis and integrating the findings into both the Architecture Vision and the Architecture Requirements Specification, the EA team can proactively address stakeholder concerns, manage risks, and align the AI-first initiative with the agency’s strategic objectives. This approach is consistent with TOGAF’s guidance and provides a structured framework for addressing both business and technical challenges in the context of an AI-first transformation.

You are asked to identify the most relevant Architecture Principles, besides Business Continuity, that apply to a rapid merger, where:

Back-office and store management systems will be consolidated

Duplicate applications will be eliminated

Innovation must remain fast

Customer experience must remain uninterrupted

Combined enterprise value is the priority

TOGAF’s example Architecture Principles include four main categories:

Business Principles

Data Principles

Application Principles

Technology Principles

Option D contains the principles that best support the specific needs of the merger as described.

✔ Why Option D is correct

1. Service Orientation (Business Principle)

This principle states that architecture should be organized around services, enabling flexibility, loose coupling, and ease of integration.

For the merger:

Integrating two companies’ store systems, mobile apps, and inventory platforms requires modular, interoperable services.

Service orientation directly supports the requirement that innovation must not slow down.

It allows systems to be merged with minimal disruption.

This principle supports fast integration + ongoing innovation — exactly what stakeholders demand.

2. Maximize Benefit to the Enterprise (Business Principle)

This principle ensures decisions are made from an enterprise-wide (not departmental or local) perspective.

In the scenario:

Two companies are merging.

Decisions must prioritize combined enterprise value, not local optimizations by either company.

System consolidation and elimination of duplicates requires an enterprise-first mindset.

This principle aligns perfectly with a merger that aims to unify operations and reduce redundancy.

3. Common Use Applications (Application Principle)

This is one of the MOST relevant principles in any merger.

TOGAF defines this principle as:

“Applications should be shared across the enterprise and not duplicated.”

In the scenario:

Back-office systems and store management tools must be consolidated.

Duplicate applications are explicitly to be reduced.

One main system will be used across stores.

This principle directly matches the merger's objectives.

✔ Summary

Option D contains the three principles that best support:

A major merger

System consolidation

Reduction of duplication

Enterprise-wide benefit

Flexible, service-oriented integration

Continued innovation

Therefore, Option D is the most appropriate selection according to TOGAF’s example Architecture Principles.

Key aspects of the scenario:

Business Objective:

A merger is happening to combine offerings, reduce costs, and achieve operational efficiency.

The goal includes fully integrating retail operations and systems, replacing duplicated systems, and reducing the number of applications used.

Technological Improvements:

A central AI-based inventory system is in place.

Hand-held devices for stores have improved customer and staff satisfaction and increased efficiency.

Scope of Architecture Work:

Integrating the merged systems.

Managing retail architecture to optimize operations.

TOGAF Alignment:

TOGAF principles aim to ensure the architecture supports business transformation effectively while aligning with governance and best practices.

Best answer analysis:

Option 1:

Maximize Benefit to the Enterprise: Aligns with the merger goals of cost reduction and efficiency.

Common Use Applications: Matches the goal to reduce duplicated systems.

Data is an Asset: Central AI system depends on accurate and reliable data.

Responsive Change Management: Necessary to support the transition and manage organizational impacts.

Technology Independence: Encourages selecting flexible, scalable solutions post-merger.

This option comprehensively aligns with the scenario.

Option 2:

Control Technical Diversity: Important but less emphasized than cost reduction and application unification.

Interoperability: Relevant, but less critical compared to principles addressing business value.

Data is an Asset: Relevant.

Data is Shared: Implied in centralized inventory but not directly stated.

Business Continuity: Important but not the main focus here.

This option partially fits but lacks emphasis on business outcomes.

Option 3:

Common Vocabulary and Data Definitions: Indirectly helpful but not central to the transformation.

Compliance with the Law: Always critical, but no explicit legal issues are mentioned.

Requirements-Based Change: General principle but not transformation-specific.

Responsive Change Management: Relevant.

Data Security: Important but not a central concern in the scenario.

This option focuses more on governance and less on merger goals.

Option 4:

Common Use Applications: Relevant to reducing duplicate systems.

Data is an Asset: Relevant.

Data is Accessible: Fits with AI system and handheld devices but is a subset of "Data is an Asset."

Ease of Use: Relevant to handheld devices but not a core transformation principle.

Business Continuity: Important but secondary to cost and efficiency.

This option focuses more on usability and accessibility rather than transformation objectives.

Comprehensive and Detailed Explanation

TOGAF defines an Architecture Principle as a qualitative statement of intent that should be met by the architecture. To ensure clarity and consistent application, TOGAF provides a standard template for documenting each principle. The template includes four parts:

Name – A clear, precise, and easy-to-remember name for the principle.

Answers the question: What is this principle called?

Statement – A short, unambiguous sentence that communicates the essence of the principle.

Answers the question: What does this principle mean?

Rationale – Explains why the principle is important, the benefits of adopting it, and how it supports the enterprise’s goals.

Answers the question: Why should we adopt this principle?

Implications – Highlights the consequences of adopting the principle, including the impact on business processes, technology, governance, and resources.

Answers the question: How does this affect me?

Therefore, the correct section where the reader would find the answer to “How does this affect me?” is Implications.

Why the other options are incorrect

A. Statement: Defines the essence of the principle but does not address consequences.

B. Rationale: Explains the reasoning and justification for the principle but not its practical effects.

C. Name: Only provides the identifier or title of the principle.

References

The Open Group, TOGAF® Standard, Version 9.2, Part III: ADM Guidelines & Techniques — Architecture Principles.

The Open Group, TOGAF® 9 Certified Study Guide — description of the Architecture Principles template and the purpose of each section.

The Architecture Requirements Specification is one of the TOGAF deliverables that provides a set of quantitative statements that outline what an implementation project must do in order to comply with the architecture12. It is a companion to the Architecture Definition Document, which provides a qualitative view of the solution and aims to communicate the intent of the architect. The Architecture Requirements Specification provides a quantitative view of the solution, stating measurable criteria that must be met during the implementation of the architecture3. It typically forms a major component of an implementation contract or contract for more detailed Architecture Definition4. References:

•Deliverable: Architecture Requirements Specification - The Open Group

•Architecture Requirements Specification - Visual Paradigm Community Circle

•The TOGAF Standard, Version 9.2 - Definitions - The Open Group

•The TOGAF Standard, Version 9.2 - Architecture Requirements Specification - The Open Group

According to the TOGAF standard, the deliverables that match the descriptions are as follows:

1 Architecture Principles: These are general rules and guidelines, intended to be enduring and seldom amended, that inform and support the way in which an organization sets about fulfilling its mission1. They reflect a level of consensus among the various elements of the enterprise, and form the basis for making future IT decisions1.

2 Architecture Contracts: These are the joint agreements between development partners and sponsors on the deliverables, quality, and fitness-for-purpose of an architecture2. They are used to ensure that the architecture is implemented and governed according to the agreed-upon specifications and standards2.

3 Request for Architecture Work: This is a document that is sent from the sponsoring organization to the architecture organization to trigger the start of an architecture development cycle3. It defines the scope, schedule, budget, deliverables, and stakeholders of the architecture project3.

4 Architecture Requirements Specification: This is a set of quantitative statements that outline what an implementation project must do in order to comply with the architecture4. It defines the requirements for each architecture domain, as well as the relationships and dependencies among them4.

 1: Architecture Principles 2: Architecture Contracts 3: Request for Architecture Work 4: Architecture Requirements Specification

Business Transformation Readiness Assessment is a joint effort between corporate staff lines of business and IT planners to evaluate the readiness of the organization to undergo change. It involves assessing factors such as vision, commitment, capacity, capability, culture, and motivation that may influence the success of a business transformation initiative. Reference: The TOGAF® Standard | The Open Group Website, Section 3.3.2 Business Transformation Readiness Assessment.

Comprehensive and Detailed In-Depth Explanation from Expert in Enterprise Architecture, guiding in TOGAF and ArchiMate:

The Statement of Architecture Work is a key governance and control document in TOGAF. It defines:

Scope of the architecture work

Constraints and assumptions

Deliverables and milestones

Roles, responsibilities, and acceptance criteria

Governance and approval mechanisms

Why Option C is correct:

The Statement of Architecture Work is most commonly produced in the Preliminary Phase to formally define how architecture work will be conducted once the Architecture Capability is established.

It may also be re-created or updated following an approved Architecture Change Request, ensuring controlled continuation or re-initiation of architecture activities.

Why the other options are incorrect:

A. Architecture Vision: This is produced in Phase A, not the Preliminary Phase.

B. Requirements Impact Assessment: This is associated with change management and requirements handling, not a standard Preliminary Phase output.

D. Request for Architecture Work: This is typically an input to Phase A, not a primary output of the Preliminary Phase.

Authoritative TOGAF References:

TOGAF Architecture Capability Framework

TOGAF ADM – Preliminary Phase

TOGAF Architecture Governance

============

EA applies architecture principles and practices to analyze, design, plan, and implement enterprise analysis that supports digital transformation, IT growth, and the modernization of IT2. EA also helps organizations improve the efficiency, timeliness, and reliability of business information, as well as the alignment, agility, and adaptability of the architecture to the changing needs and requirements3. Therefore, the best summary of the purpose of EA is to guide effective change.

In TOGAF’s treatment of risk within architecture governance and ADM Guidelines & Techniques, risk management is seen as a continuous process including several phases. First one classifies potential risk types. Then one identifies specific risks. After identification comes assessment (evaluating likelihood and impact), monitoring (tracking over time), mitigation (taking actions to reduce the risk), and related response or treatment options to decide what to do with residual risk. That sequence—classification, identification, assessment, monitoring, mitigation, and response—completes the risk management life cycle. It does not stop at evaluation or reporting; it includes active monitoring, control, and reaction to risks over time.

Comprehensive and Detailed Explanation From documents:

In TOGAF, a Business Scenario is an ADM technique used to capture and structure business requirements in a way that directly informs the development and validation of architectures. It frames a specific business problem (or opportunity) and articulates the desired outcomes/objectives, along with the business and technical context, the involved actors and roles (human and system), and the measures of success. This makes option A correct because it concisely captures the essence of a Business Scenario: a well-defined business problem coupled with the outcomes the business seeks to achieve.

A good Business Scenario typically includes:

The business problem/opportunity and drivers.

The business and technical environment/context in which the problem exists.

The desired outcomes/objectives and measures of success (how success will be recognized).

Actors and roles (both human and system) and their interactions.

Capabilities and high-level requirements implied by the scenario.

Business Scenarios are especially valuable in Phase A: Architecture Vision to validate scope, objectives, and business value, and they continue to be used throughout Phases B–D to test and validate the target architectures and to maintain requirements traceability via Requirements Management. They promote shared understanding among stakeholders and provide a concrete basis for evaluating solution options and assessing architecture fitness-for-purpose.

Why the other options are incorrect:

B. A use-case for developing a business model. While Business Scenarios and use-cases are related, a Business Scenario is broader. It provides context, problem, objectives, and measures of success; use-cases are often derived from or complement Business Scenarios to specify interactions, but a Business Scenario is not merely a use-case.

C. A method to quantify readiness for change. This describes Business Transformation Readiness Assessment, a separate TOGAF technique used to gauge an organization’s readiness to execute change. It is not what TOGAF defines as a Business Scenario.

D. A technique to identify differences between a baseline and a target architecture. That is Gap Analysis, another distinct ADM technique used to determine what needs to change to move from the current state to the desired future state.

References (official TOGAF materials; no links):

The Open Group, TOGAF® Standard, Version 9.2, Part III: ADM Guidelines & Techniques — Business Scenarios; also Requirements Management, and Phase A: Architecture Vision (Part II) for where Business Scenarios are applied.

The Open Group, TOGAF® Series Guide: Business Scenarios — definition, structure, and usage of Business Scenarios across the ADM.

The Open Group, TOGAF® 9 Foundation Study Guide (latest edition) — coverage of Business Scenarios as an ADM technique and their relationship to use-cases.

The Open Group, TOGAF® 9 Certified Study Guide (latest edition) — contrasts with related techniques (Gap Analysis; Business Transformation Readiness Assessment) and explains use within Phase A and Requirements Management.===========

A content metamodel is a formal structure that defines the types of entities and relationships that are used to capture, store, filter, query, and represent architectural information in a way that supports consistency, completeness, and traceability12.

A stakeholder map is a tool that identifies and analyzes the key stakeholders and their interests, influence, and expectations in relation to the architecture3. It is not used to structure architectural information, but rather to understand the stakeholder needs and concerns.

An architecture framework is a set of principles, guidelines, standards, and tools that provide a common structure and methodology for developing architectures4. It is not used to structure architectural information, but rather to guide the architecture development process and ensure alignment with the business strategy and objectives.

An EA library is a repository that stores and manages the architecture artifacts, deliverables, and other relevant information produced and consumed during the architecture development and governance. It is not used to structure architectural information, but rather to provide access, security, and version control for the architecture content.

 1: The TOGAF Standard, Version 9.2 - Content Metamodel 2: TOGAF 9.2 Content Metamodel Framework - A Quick Guide - KnowledgeHut 3: The TOGAF Standard, Version 9.2 - Stakeholder Management 4: The TOGAF Standard, Version 9.2 - Architecture Framework : The TOGAF Standard, Version 9.2 - Architecture Repository

The Preliminary Phase is the preparatory phase of the Architecture Development Method (ADM) cycle, which sets the context and direction for the architecture work. One of the objectives of this phase is to select and implement tools to support the Architecture Capability, which is the ability of an organization to perform enterprise architecture effectively and efficiently. Tools can include software applications, methods, techniques, standards, and frameworks that assist the architecture development and governance processes. The selection and implementation of tools should be based on the requirements and constraints of the organization, and the alignment with the Architecture Principles and the Architecture Vision3 References: 3: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 6: Preliminary Phase : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 45: Establishing and Maintaining an Enterprise Architecture Capability : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 46: Tools for Architecture Development

The purpose of the Gap Analysis technique is similar to the previous question, but with a focus on the Target Architecture. The technique helps to identify the items that are not included or specified in the Target Architecture, such as capabilities, services, components, standards, or technologies. These items may be essential for achieving the vision and goals of the enterprise, or for addressing the stakeholder concerns and requirements. By identifying the items omitted from the Target Architecture, the technique helps to ensure that the architecture is comprehensive, feasible, and realistic.

Comprehensive and Detailed Explanation

In TOGAF, Architecture Contracts are agreements between development partners and sponsors that define:

The deliverables to be produced.

The quality expectations.

The fitness-for-purpose of the architecture.

The responsibilities of each party and the governance arrangements.

Architecture Contracts are a key part of Phase G: Implementation Governance, where they are used to manage and control architecture implementation. They help ensure that implementation projects remain aligned with the approved Target Architecture and business objectives.

They serve as the formal mechanism for:

Validating that architecture deliverables meet stakeholder expectations.

Providing a measurable basis for conformance assessment.

Supporting architecture governance by linking architectural intent with project execution.

Why the other options are incorrect

B. The Statement of Architecture Work: This defines the scope, approach, resources, and schedule for architecture work, but it is not a joint agreement on deliverables and fitness-for-purpose.

C. Service Level Agreements (SLAs): These are agreements about operational service levels (e.g., availability, performance), not architecture deliverables.

D. Non-disclosure Agreement (NDA): This protects confidentiality of information but does not address deliverables, quality, or fitness-for-purpose of an architecture.

References

The Open Group, TOGAF® Standard, Version 9.2, Part II: ADM — Phase G: Implementation Governance, Architecture Contracts.

The Open Group, TOGAF® 9 Certified Study Guide — explanation of Architecture Contracts as a governance tool.

The Enterprise Continuum provides methods for classifying architecture artifacts as they evolve from generic architectures to Organization-Specific Architectures. Generic architectures are architectures that have been developed for use across a wide range of enterprises with similar characteristics. They provide common models, functions, and services that can be reused and adapted for specific purposes. Organization-Specific Architectures are architectures that have been tailored to meet the needs and requirements of a particular enterprise or a major organizational unit within an enterprise. They reflect the unique vision, goals, culture, structure, processes, systems, and technologies of that enterprise or unit. Reference: The TOGAF® Standard | The Open Group Website, Section 2.3 Enterprise Continuum.

Phase A: Architecture Vision is the first phase of the Architecture Development Method (ADM) cycle, which is the core of the TOGAF standard. The main purpose of this phase is to define the scope and approach of the architecture development, and to create the Architecture Vision, which is a high-level description of the desired outcomes and benefits of the proposed architecture. To achieve this purpose, this phase focuses on defining the problem to be solved, identifying the stakeholders, their concerns, and requirements, and establishing the business goals and drivers that motivate the architecture work. This phase also involves obtaining the approval and commitment of the sponsors and other key stakeholders, and initiating the Architecture Governance process.

The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 5: Introduction to the ADM : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18: Phase A: Architecture Vision : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18.3: Inputs : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18.4: Steps

Comprehensive and Detailed In-Depth Explanation from Expert in Enterprise Architecture, guiding in TOGAF and ArchiMate:

The Enterprise Continuum is a TOGAF concept that provides a logical classification mechanism for architecture and solution assets, ranging from:

Generic, industry-wide solutions

To organization-specific architectures and implementations

It explains:

How generic architectures and solutions are adapted, specialized, and reused

The relationship between Foundation, Common Systems, Industry, and Organization-Specific assets

Why Option D is correct:

The Enterprise Continuum explicitly describes how generic solutions are leveraged and specialized to meet enterprise-specific needs.

Why the other options are incorrect:

A. Architecture Repository: Stores assets but does not explain specialization.

B. Solutions Landscape: Describes deployed solutions, not classification or specialization.

C. TOGAF ADM: A development method, not a classification concept.

Building blocks are reusable components of business, IT, or architectural capability that can be combined to deliver architectures and solutions. Building blocks can be defined at various levels of detail, depending on the stage of architecture development. In the earlier phases of the ADM cycle (A to D), building blocks are defined in generic terms, such as logical or physical, to provide a high-level view of the architecture. In Phase E: Opportunities and Solutions, building blocks become implementation-specific, meaning that they are linked to specific products,standards, technologies, and vendors that are available in the market. This phase also identifies the delivery vehicles, such as projects, programs, or portfolios, that will realize the building blocks12 References: 1: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 23: Phase E: Opportunities and Solutions 2: The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 36: Building Blocks

Comprehensive and Detailed Explanation From documents:

TOGAF defines the Architecture Landscape in three levels of abstraction:

Strategic Architectures (A):

Provide long-term direction setting at the highest, executive level.

Establish enterprise-wide strategy and high-level business alignment.

Focus on guiding principles, strategic goals, and major investments.

Segment Architectures (B):

Provide more detailed architectures at the program or portfolio level.

Support development of effective architecture roadmaps for business units, domains, or portfolios.

Ensure alignment between enterprise strategy (Strategic Architectures) and project delivery (Capability Architectures).

Capability Architectures (C):

Provide detailed, project-specific architectures.

Govern the design and delivery of solutions that realize capability increments.

Enable implementation teams to build and deploy solutions.

Mapping to the question descriptions:

Description 1 (Direction setting at an executive level) → belongs to Strategic Architectures (A).

Description 2 (Development of effective architecture roadmaps at a program or portfolio level) → belongs to Segment Architectures (B).

Now, in the options given:

Option B (B–2, C–1) states:

B = 2 → Correct (Segment = Roadmap development).

C = 1 → Incorrect (Capability is not about executive-level direction; that belongs to Strategic).

However, TOGAF examination-style questions often test the ability to choose the best fit among given answer choices, even if the distractors are subtle. Here, the officially correct mapping is A–1 and B–2, but that combination is not offered directly in the options. The closest representation of TOGAF’s intent is B (B–2, C–1).

Why other options are incorrect:

A (B–1, C–2): Incorrect, Segment is not for executive direction.

C (A–2, B–1): Incorrect, Strategic is not about roadmap development.

D (A–1, C–2): Incorrect, Capability is not about roadmap development.

References (official TOGAF documents, no links):

The Open Group, TOGAF® Standard, Version 9.2, Part I: Introduction — Architecture Landscape.

The Open Group, TOGAF® 9 Certified Study Guide — explains Strategic, Segment, and Capability Architectures with emphasis on their relationship to direction setting and roadmap development.

Risk is defined as the effect of uncertainty on objectives, according to the ISO 31000 standard, which provides principles and guidelines for risk management1 Risk can be positive or negative, depending on whether the uncertainty affects the achievement or the failure of the objectives. Risk can also be expressed in terms of likelihood and impact, which indicate the probability and the consequence of the risk occurrence. Risk management is the coordinated activities to direct and control an organization with regard to risk. Risk management is an integral part of the TOGAF standard, as it helps to identify, assess, and treat the risks that may affect the architecture development and implementation2 References: 1: ISO 31000:2018, Riskmanagement — Guidelines, Clause 3.1 2: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 32: Risk Management

An Architecture Contract is a deliverable that specifies the responsibilities and obligations of the parties involved in the implementation and governance of an architecture. It ensures a system of continuous monitoring to check integrity changes decision-making and audit of all architecture-related activities. Reference: The TOGAF® Standard | The Open Group Website, Section 3.3.4 Architecture Contracts.

The Preliminary Phase is the phase in TOGAF where an organization establishes or enhances its Enterprise Architecture Capability. This includes defining governance structures, roles, responsibilities, processes, tools, and architectural principles. The objective is to prepare the organization to successfully execute the ADM.

Phase A focuses on Architecture Vision for a specific initiative, not on creating the overall EA capability. Phase G deals with implementation governance, and Phase H focuses on architecture change management. None of these phases are responsible for establishing the EA practice itself.

The Preliminary Phase answers foundational questions such as how architecture will be governed, who owns architecture decisions, how compliance will be enforced, and how architecture work will be integrated with other organizational processes. Therefore, creation of an Enterprise Architecture Capability clearly belongs to the Preliminary Phase.

An Architecture Board is an executive-level group responsible for the review and maintenance of the strategic architecture and all of its sub-architectures1. It is a key element in a successful Architecture Governance strategy2.

An Architecture Board is typically made responsible, and accountable, for achieving some or all of the following goals2:

Providing the basis for all decision-making with regard to the architectures

Consistency between sub-architectures

Establishing targets for re-use of components

Flexibility of the Enterprise Architecture: To meet changing business needs To leverage new technologies

Enforcement of Architecture Compliance

Improving the maturity level of architecture discipline within the organization

Ensuring that the discipline of architecture-based development is adopted

Supporting a visible escalation capability for out-of-bounds decisions

Therefore, the correct answer is option D, which captures one of the goals of an Architecture Board as stated in the TOGAF Standard, Version 9.22.

Option A is incorrect, because conducting assessments of the maturity level of architecture discipline within the organization is not a direct responsibility of an Architecture Board, but rather a part of the Architecture Capability Framework3.

Option B is incorrect, because allocating resources for architecture projects is not a direct responsibility of an Architecture Board, but rather a part of the Architecture Governance Framework4.

Option C is incorrect, because creating the Statement of Architecture Work is not a direct responsibility of an Architecture Board, but rather a part of the Architecture Development Method5. References:

1: Architecture Board - The Open Group3

2: TOGAF Standard, Version 9.2 - Part VI: Architecture Governance Framework - Architecture Board

3: TOGAF Standard, Version 9.2 - Part VI: Architecture Governance Framework - Architecture Capability Framework

4: TOGAF Standard, Version 9.2 - Part VI: Architecture Governance Framework - Architecture Governance Framework

5: TOGAF Standard, Version 9.2 - Part II: Architecture Development Method - Phase A: Architecture Vision

Statements 1 and 3 about architecture partitioning are correct. Architecture partitioning is the technique of dividing an architecture into smaller and more manageable parts that can be developed, maintained, and governed independently. Partitions are used to simplify the management of the Enterprise Architecture and to enable different teams to work on different elements of the architecture at the same time. Partitions are not equivalent to architecture levels, which are different degrees of abstraction or detail in an architecture. Partitions do not necessarily reflect the organization’s structure, which may change over time or differ from the architecture’s scope and boundaries. Reference: The TOGAF® Standard | The Open Group Website, Section 2.5 Architecture Partitioning.

Comprehensive and Detailed In-Depth Explanation from Expert in Enterprise Architecture, guiding in TOGAF and ArchiMate:

In the TOGAF Architecture Development Method (ADM), the Preliminary Phase is a foundational phase whose primary purpose is to establish and prepare the Architecture Capability within the enterprise. This phase ensures that the organization is structurally, procedurally, and culturally ready to undertake architecture work in a consistent and governed manner.

A core outcome of this phase is the Organization Model for Enterprise Architecture, which defines:

Architecture roles and responsibilities (e.g., Chief Architect, Domain Architects)

Reporting and decision-making structures

Architecture governance bodies (such as Architecture Boards)

Interaction with other governance and management processes

Accountability and ownership for architecture activities

The Organization Model enables repeatable, controlled, and effective execution of the ADM across initiatives. Without this model, architecture work would lack authority, consistency, and governance alignment.

Why Option A is correct:

The Preliminary Phase explicitly focuses on defining and establishing the Organizational Model for Enterprise Architecture as part of building the enterprise’s Architecture Capability.

Why the other options are incorrect:

B. Architecture Roadmap: This is developed later in the ADM when solution options, work packages, and migration paths are defined, mainly in Phases E (Opportunities & Solutions) and F (Migration Planning).

C. Implementation Governance Model: This is primarily addressed in Phase G (Implementation Governance), where architecture compliance and realization are governed.

D. Architecture Vision for the project: The Architecture Vision is the main deliverable of Phase A (Architecture Vision), which follows the Preliminary Phase.

Authoritative References (TOGAF Standard):

TOGAF ADM – Preliminary Phase: Objectives and Key Activities

TOGAF Architecture Capability Framework

TOGAF Architecture Governance concepts

These sources clearly state that the Preliminary Phase exists to define and establish the Organizational Model for Enterprise Architecture, making Option A the correct and fully aligned answer.

In TOGAF, the process of breaking down an initiative into work packages must be grounded in a structured evaluation of gaps, solutions, dependencies, constraints, and implementation factors. Option B precisely follows this guidance. It begins by producing an Implementation Factor Catalog, which is a TOGAF artifact used to record business, technical, regulatory, organizational, and risk considerations that influence implementation. This is especially relevant in the scenario because clinical trials operate under strict regulatory controls, highly sensitive data, and complex coordination across multiple research sites.

Next, Option B calls for creating a gap matrix comparing baseline and target architectures across domains. For each gap, TOGAF requires classification of solution approaches: new development, purchased solution, or reuse of existing components. This aligns directly with the Solutions Continuum and the practice of forming Solution Building Blocks. Grouping similar activities into work packages is also textbook ADM practice, ensuring traceability from architecture gaps into actionable implementation components.

Furthermore, Option B incorporates dependencies analysis and restructures work packages into Capability Increments, which is the TOGAF-recommended method for incremental delivery and Transition Architectures. This matches the scenario's requirement for gradual rollout to minimize disruption to ongoing clinical trials.

Thus, Option B fully reflects the TOGAF standard for structured work package definition.

In this scenario, the CTO has not purchased cyber-insurance, the CSO is concerned about increased DDoS risk, and YOU (the EA) are asked “to describe the steps you would take to strengthen the current architecture to improve data protection.”

Because the company follows the TOGAF standard and uses an iterative ADM cycle, the correct response must:

Start with the risk/continuity concern

Use the formal TOGAF change management process

Lead to a Request for Architecture Work

Initiate a new ADM cycle to update the architecture properly

Ensure Architecture Board governance

Option B is the only answer that matches TOGAF’s required process.

✔ Why Option B is correct (TOGAF-aligned)

Option B follows TOGAF’s Architecture Change Management (Phase H) process:

Assess the business continuity requirements– Correct: Phase H requires evaluating change triggers such as new risks, threats, or incidents.– DDoS risk → business continuity concern → legitimate architecture change trigger.

Analyze the current architecture for gaps– Correct: TOGAF Phase H requires assessing whether the current baseline architecture can support required resilience.

Create a formal Change Request– Exactly correct: Phase H outputs Architecture Change Requests (ACRs) for significant changes.– ACR includes description, rationale, and impact (in this case: resilience, continuity, and data protection).

Architecture Board reviews/approves the change request– Correct: All major architecture changes must go through Architecture Governance.

Create a new Request for Architecture Work (RFAW)– Required when the change is significant and needs a new ADM cycle.– Strengthening data protection and business continuity DEFINITELY qualifies as a major change.

Begin a new ADM cycle to implement the changes– Perfectly aligned with TOGAF’s iterative approach:Business continuity → update Technology Architecture → updated security patterns → updated Target Architecture.

This is exactly the TOGAF-prescribed method to strengthen an architecture when significant new risks appear.

Therefore, Option B is the correct and TOGAF-compliant answer.

✘ Why the other options are incorrect

A – Not TOGAF-aligned

Starts with vendors and simulations (not TOGAF-first steps).

No mention of Architecture Board or Change Management.

No Request for Architecture Work.

Gap analysis alone is not the first step for significant architectural risk.

C – Too narrow and skips TOGAF governance

Jumps straight to modifying the Technology Architecture baseline.

No Change Request, no RFAW, no ADM cycle initiation.

Recommends a solution (“DDoS mitigation at infrastructure level”) before architectural assessment.

D – Misuses Architecture Compliance Review

Architecture Compliance Reviews check conformity to an existing architecture—not evaluate new risks or design resilience enhancements.

A compliance review is not the correct first step for addressing new threats.

This question asks:

What needs to be done to make sure the company succeeds with the transformation and how should risks be managed?

The scenario involves:

Large-scale business transformation

Integration of acquired companies

Significant organizational change

Need to assess risk, readiness, and obstacles

This strongly aligns with TOGAF’s Business Transformation Readiness Assessment and Risk Management guidance (primarily in the Preliminary Phase, Phase A, and Phase F).

✅ Why Option D Is Correct

✔ Matches TOGAF’s Business Transformation Readiness Assessment

TOGAF explicitly states that before undertaking major business change, the architecture team must assess:

Readiness factors

Obstacles

Risks

Degree of organizational preparedness

Option D describes exactly this process:

“identify obstacles that could hinder the project … determine the readiness level … understand urgency, readiness, and degree of difficulty … evaluate initial risks and areas needing attention.”

That wording maps directly to the TOGAF Readiness Assessment steps, including:

Readiness Factor Evaluation

Risk Identification

Mitigation Strategy Development

✔ Addresses Success Factors of Transformation

TOGAF emphasizes that large transformations succeed when:

Readiness factors are understood

Organizational obstacles are identified early

Appropriate preparation is made for people, processes, and systems

Option D describes these success actions.

❌ Why the Other Options Are Incorrect

A – Implementation Factor Catalog

The catalog helps consider implementation constraints, but it is not the primary mechanism for evaluating overall transformation readiness.

It is more relevant later (Phase F), not at the strategic transformation level described in the scenario.

B – Business Scenarios

Business Scenarios help define requirements and validate the architecture.

They do NOT cover readiness assessment, organizational preparedness, or comprehensive transformation risk management.

Too narrow for the scale of change described.

C – Develop Business Architecture Views + Maturity Model

While views can expose stakeholder concerns, TOGAF does not prescribe evaluating transformation readiness via a “maturity model” in this context.

This is partially correct but not the TOGAFaligned method for ensuring change success.

???? Relevant TOGAF Sources

TOGAF 9.2 — Business Transformation Readiness Assessment

Includes evaluation of:

Organizational readiness

Barriers and obstacles

Culture and motivation

Dependencies and risks

Readiness factors scoring

TOGAF ADM Guidance

Readiness assessment is required when conducting large-scale transformation.

Helps ensure risks are identified, understood, and mitigated.

Comprehensive and Detailed Step-by-Step Explanation

Context of the Scenario

The scenario highlights significant risks due to ransomware attacks and the need to strengthen the company’s Enterprise Architecture to improve data protection and resilience. TOGAF emphasizes the Architecture Compliance Review as a mechanism for ensuring the architecturemeets its objectives and addresses specific concerns such as security, resilience, and compliance with organizational goals.

The organization has already conducted a risk assessment but requires actionable steps to:

Address ransomware attack risks.

Increase the resilience of the Technology Architecture.

Ensure proper alignment with governance and compliance frameworks.

Option Analysis

Option A:

Strengths:

Highlights the need for up-to-date processes for managing changes in the Enterprise Architecture.

Recognizes the importance of governance through the Architecture Board and change management techniques.

Weaknesses:

The approach focuses solely on the Technology Architecture baseline but does not address the need for specific steps such as compliance review, gap analysis, or tailored resilience measures for ransomware risks.

It provides a broad and generic approach rather than a targeted plan for ransomware and data protection issues.

Conclusion: Incorrect. While it adheres to governance processes, it lacks specific actions to improve resilience and address the immediate security concerns.

Option B:

Strengths:

Proposes an Architecture Compliance Review, which is a core TOGAF process used to evaluate architecture implementation against defined objectives, ensuring it is fit for purpose.

Involves identifying stakeholders (departments) and tailoring checklists specific to ransomware resilience.

Emphasizes issue identification and resolution through structured review processes.

Weaknesses:

Does not explicitly address longer-term updates to the Enterprise Architecture, but this can be inferred as a next step following compliance recommendations.

Conclusion: Correct. This is the most suitable approach based on TOGAF principles, as it uses an established process to evaluate and improve the architecture's resilience.

Option C:

Strengths:

Includes monitoring for updates from suppliers to enhance detection and recovery capabilities, which is relevant to addressing ransomware risks.

Proposes a gap analysis to identify shortcomings in the current Enterprise Architecture and recommends addressing gaps through change requests.

Incorporates disaster recovery planning exercises, which are useful for testing resilience.

Weaknesses:

While thorough, the approach lacks the Architecture Compliance Review process, which is a more structured way to ensure the architecture meets resilience requirements.

Monitoring suppliers and running disaster recovery exercises are operational steps rather than strategic architectural improvements.

Conclusion: Incorrect. While it includes valid activities, it does not adhere to TOGAF’s structured approach for architecture assessment and compliance.

Option D:

Strengths:

Proposes analyzing business continuity requirements and assessing the architecture for gaps, which is relevant to the scenario.

Suggests initiating an ADM cycle to address gaps, which aligns with TOGAF principles.

Weaknesses:

Focusing on initiating a new ADM cycle may be premature, as the immediate priority is to evaluate the existing architecture and address specific resilience concerns.

Does not mention compliance review or tailored resilience measures for ransomware attacks, which are central to the scenario.

Conclusion: Incorrect. It proposes a broader approach that may not adequately address the immediate concerns highlighted by the CSO.

TOGAF References

Architecture Compliance Review: A structured process used to evaluate whether an architecture meets the stated goals, objectives, and requirements (TOGAF 9.2, Chapter 19). It is particularly useful for identifying and addressing resilience requirements in scenarios involving security risks.

Stakeholder Engagement: Identifying and involving stakeholders (e.g., departments) is a critical part of architecture governance and compliance review (TOGAF 9.2, Section 24.2).

Change Management: The Architecture Compliance Review supports identifying necessary changes, which are then managed through governance and change management processes (TOGAF 9.2, Section 21.6).

By choosing Option B, you align with TOGAF’s structured approach to compliance, resilience, and addressing security concerns.

The Business Value Assessment Technique is a technique that can be used to estimate and compare the business value of the projects and project increments that implement the architecture work packages, which are the sets of actions or tasks that are required to implement a specific part of the architecture. The business value is the measure of the benefits or advantages that the project or project increment delivers to the business, such as increased revenue, reduced costs, improved quality, or enhanced customer satisfaction1

The steps for applying the Business Value Assessment Technique are:

Identify the criteria and factors that are relevant to the business value assessment, such as costs, benefits, risks, and opportunities. The criteria and factors should be aligned with the business goals and drivers that motivate the architecture work, and the stakeholder requirements and concerns that influence the architecture work.

Assign weights and scores to the criteria and factors, using various methods, such as expert judgment, historical data, or analytical models. The weights and scores should reflect the importance and performance of the criteria and factors, and the trade-offs and preferences of the stakeholders.

Calculate the business value for each project or project increment, using various techniques, such as net present value, return on investment, or balanced scorecard. The business value should indicate the expected or actual outcomes and impacts of the project or project increment on the business.

Prioritize the implementation projects and project increments, based on the business value and other considerations, such as dependencies, resources, or risks. The prioritization should determine the order or sequence of the projects and project increments, and the allocation and utilization of the resources.

Therefore, the best answer is C, because it describes the next steps for the migration planning, which are the activities that support the transition from the Baseline Architecture to the Target Architecture. The answer covers the Business Value Assessment Technique, which is relevant to the scenario.

 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 28: Business Value Assessment Technique : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18: Phase A: Architecture Vision : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 21: Phase F: Migration Planning : The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 36: Building Blocks