OGEA-102 Sample Questions Answers

At this stage in the scenario:

A strategic architecture has been completed.

All divisions have completed their Architecture Definition Documents.

Work packages have been defined.

Transition Architectures between Baseline and Target are already identified.

A draft roadmap exists for a multi-year phased migration.

You are now asked to plan the next steps for the migration, which aligns exactly with TOGAF ADM Phase F: Implementation and Migration Planning.

In Phase F, TOGAF prescribes the following key activities:

Evaluate and prioritize projects and work packages

Determine business value, cost, risk, dependencies

Confirm Transition Architectures and sequencing

Update and finalize the Implementation & Migration Plan

Option B is the ONLY answer that correctly follows these required TOGAF steps.

✔ Why Option B is correct

Option B states:

“Estimate the business value for each project by applying the Business Value Assessment Technique … to prioritize the migration projects.”✔ This is a TOGAF-recommended technique specifically for Phase F to evaluate and prioritize transformations using value, risk, and ROI.

“Confirm and plan a series of Transition Architecture phases … using a table of Architecture Definition Increments.”✔ Exactly aligned with TOGAF:

Transition Architectures were identified earlier.

In Phase F, they must be confirmed, sequenced, and documented.

“Update the Implementation and Migration Plan.”✔ This is the required output of ADM Phase F.✔ At this point, the plan must be validated and finalized based on value and prioritization.

Thus, Option B directly matches TOGAF’s prescribed migration planning process.

✘ Why the other options are incorrect

A – Incorrect

Suggests finalizing Architecture Definition documentation—this was already completed by each division.

Introduces an “Implementation Governance Model,” which is not a TOGAF artifact at this stage.

Focuses on lessons learned BEFORE execution, which is not appropriate for migration planning.

C – Incorrect

Focuses only on project selection and resource assignment.

Does not use TOGAF techniques for value/risk evaluation.

Does not reference Transition Architectures, which are central in the scenario.

Oversimplifies Implementation & Migration Planning to resource scheduling.

D – Incorrect

Compliance Assessments occur DURING execution, not before migration planning.

At this stage, no implementation has started, so compliance reviews are premature.

Adjusting performance requirements now has no alignment with TOGAF’s ADM sequence.

The correct answer is C, as it aligns with the key TOGAF principles necessary for guiding enterprise architecture in a merger scenario where retail operations and systems are being consolidated.

Analysis of the Principles in Option C:

Common Use Applications

Since the two companies are merging, it is essential to standardize applications across the enterprise.

Using common applications ensures consistency, reduces costs, and improves efficiency.

TOGAF emphasizes this principle to prevent duplicate or redundant systems, which aligns with the CIO’s goal of reducing the number of applications used.

Data is an Asset

In the scenario, a central inventory management system is a core business function.

Treating data as an asset ensures it is managed properly, shared efficiently, and used strategically across the merged organization.

This principle supports the company’s ability to predict demand, adjust stock levels, and automate reordering.

Common Vocabulary and Data Definitions

The merger requires integrating different systems and data structures.

Having a common vocabulary ensures that all stakeholders (stores, fulfillment centers, and digital platforms) use consistent terminology and data definitions.

This minimizes confusion and ensures interoperability across business functions.

Maximize Benefit to the Enterprise

Every architectural decision should focus on the overall benefit to the business.

By consolidating IT systems and reducing redundancies, the company achieves cost savings, which directly supports this principle.

Business Continuity

The stores operate seven days a week, so system changes must ensure uninterrupted service.

Business continuity ensures that customers are not affected during the transition and that critical retail operations (sales, inventory tracking, and fulfillment) remain functional.

Why Other Options Are Incorrect?

Option A: Control Technical Diversity, Interoperability, Data is an Asset, Data is Shared, Business Continuity

Control Technical Diversity is not the primary concern here. The focus is on system consolidation, not necessarily on limiting technology diversity.

Interoperability is important but not as critical as defining a common system and data structure.

Option B: Service Orientation, Compliance with the Law, Requirements-Based Change, Responsive Change Management, Data Security

While service orientation and compliance are valuable, they are not the most relevant to this specific business transition.

Change management and data security are important but do not address the primary enterprise-wide architectural concerns of system consolidation.

Option D: Ease of Use, Common Use Applications, Data is an Asset, Technology Independence, Business Continuity

Ease of Use is beneficial but is not a core architecture principle in this case.

Technology Independence is useful but does not align directly with the scenario’s priority, which is consolidating applications and data structures.

A security domain model is a technique that can be used to define the security requirements and policies for the architecture. A security domain is a grouping of assets that share a common level of security and trust. A security policy is a set of rules and procedures that govern the access and protection of the assets within a security domain. A security domain model can help to identify the security domains, the assets within each domain, the security policies for each domain, and the relationships and dependencies between the domains1

Since the data is being shared across partners, a security federation is needed to establish a trust relationship and a common security framework among the different parties. A security federation is a collection of security domains that have agreed to interoperate under a set of shared security policies and standards. A security federation can enable secure data exchange and collaboration across organizational boundaries, while preserving the autonomy and privacy of each party. A security federation requires contractual arrangements, and a definition of the responsibility areas for the data exchanged, as well as security implications2

A risk assessment is a process that identifies, analyzes, and evaluates the risks that may affect the architecture. A risk assessment can help to determine the likelihood and impact of the threats and vulnerabilities that may compromise the security and privacy of the data assets. A risk assessment can also help to prioritize and mitigate the risks, and to monitor and review the risk situation3

Therefore, the best answer is D, because it describes the risk and security considerations that would be included in the current phase of the architecture development, which is focused on the Business Architecture. The answer covers the security domain model, the security federation, and the risk assessment techniques that are relevant to the scenario.

 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 35: Security Architecture and the ADM 2: The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 38: Security Architecture 3: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 32: Risk Management

The correct answer is C, as it aligns with the TOGAF ADM approach and best practices for organizing architecture work in a phased and structured manner.

Analysis of the Correct Answer (Option C):

Identifying Projects, Dependencies, and Synergies

The scenario describes a phased approach to vehicle development over five years.

Identifying dependencies ensures a logical and structured rollout of technology and business capabilities.

Developing High-Level Architecture Descriptions

Since Business Architecture is already defined, it is now time to develop high-level descriptions of Information Systems and Technology Architectures.

TOGAF emphasizes incremental and iterative refinement, meaning that starting with high-level descriptions is a logical first step.

Determining Workload and Resource Allocation

TOGAF ADM Phase B, C, and D involve creating architecture descriptions.

Understanding how much work is required ensures efficient resource planning and allocation.

Identifying Reference Architectures and Building Blocks

Using reference architectures and reusable architecture building blocks (ABBs) is a key best practice in TOGAF.

This enables efficiency and consistency in architecture development.

Evaluating Costs, Risks, and Feasibility

TOGAF emphasizes a risk-aware approach to enterprise architecture.

Documenting options, risks, and control measures ensures feasibility before execution.

Why Other Options Are Incorrect?

Option A: Initiating ADM Phase A Again

Incorrect because the scenario states that the Architecture Vision has already been completed.

Phase A is used for initial vision-setting, but at this point, the focus is on executing defined architectures.

Option B: Researching Data Companies for Target Architecture Development

Incorrect because the focus should be on defining internal architectures rather than external research.

While benchmarking best practices can be useful, it is not the primary activity at this stage.

Option D: Studying Other Companies and Performing Readiness Assessment

Incorrect because the focus should be on leveraging the organization ' s existing architecture and resources.

Solution provider readiness assessments are typically part of procurement, not enterprise architecture development.

Comprehensive and Detailed Step-by-Step Explanation

Context of the Scenario

The scenario highlights significant risks due to ransomware attacks and the need to strengthen the company’s Enterprise Architecture to improve data protection and resilience. TOGAF emphasizes the Architecture Compliance Review as a mechanism for ensuring the architecturemeets its objectives and addresses specific concerns such as security, resilience, and compliance with organizational goals.

The organization has already conducted a risk assessment but requires actionable steps to:

Address ransomware attack risks.

Increase the resilience of the Technology Architecture.

Ensure proper alignment with governance and compliance frameworks.

Option Analysis

Option A:

Strengths:

Highlights the need for up-to-date processes for managing changes in the Enterprise Architecture.

Recognizes the importance of governance through the Architecture Board and change management techniques.

Weaknesses:

The approach focuses solely on the Technology Architecture baseline but does not address the need for specific steps such as compliance review, gap analysis, or tailored resilience measures for ransomware risks.

It provides a broad and generic approach rather than a targeted plan for ransomware and data protection issues.

Conclusion: Incorrect. While it adheres to governance processes, it lacks specific actions to improve resilience and address the immediate security concerns.

Option B:

Strengths:

Proposes an Architecture Compliance Review, which is a core TOGAF process used to evaluate architecture implementation against defined objectives, ensuring it is fit for purpose.

Involves identifying stakeholders (departments) and tailoring checklists specific to ransomware resilience.

Emphasizes issue identification and resolution through structured review processes.

Weaknesses:

Does not explicitly address longer-term updates to the Enterprise Architecture, but this can be inferred as a next step following compliance recommendations.

Conclusion: Correct. This is the most suitable approach based on TOGAF principles, as it uses an established process to evaluate and improve the architecture ' s resilience.

Option C:

Strengths:

Includes monitoring for updates from suppliers to enhance detection and recovery capabilities, which is relevant to addressing ransomware risks.

Proposes a gap analysis to identify shortcomings in the current Enterprise Architecture and recommends addressing gaps through change requests.

Incorporates disaster recovery planning exercises, which are useful for testing resilience.

Weaknesses:

While thorough, the approach lacks the Architecture Compliance Review process, which is a more structured way to ensure the architecture meets resilience requirements.

Monitoring suppliers and running disaster recovery exercises are operational steps rather than strategic architectural improvements.

Conclusion: Incorrect. While it includes valid activities, it does not adhere to TOGAF’s structured approach for architecture assessment and compliance.

Option D:

Strengths:

Proposes analyzing business continuity requirements and assessing the architecture for gaps, which is relevant to the scenario.

Suggests initiating an ADM cycle to address gaps, which aligns with TOGAF principles.

Weaknesses:

Focusing on initiating a new ADM cycle may be premature, as the immediate priority is to evaluate the existing architecture and address specific resilience concerns.

Does not mention compliance review or tailored resilience measures for ransomware attacks, which are central to the scenario.

Conclusion: Incorrect. It proposes a broader approach that may not adequately address the immediate concerns highlighted by the CSO.

TOGAF References

Architecture Compliance Review: A structured process used to evaluate whether an architecture meets the stated goals, objectives, and requirements (TOGAF 9.2, Chapter 19). It is particularly useful for identifying and addressing resilience requirements in scenarios involving security risks.

Stakeholder Engagement: Identifying and involving stakeholders (e.g., departments) is a critical part of architecture governance and compliance review (TOGAF 9.2, Section 24.2).

Change Management: The Architecture Compliance Review supports identifying necessary changes, which are then managed through governance and change management processes (TOGAF 9.2, Section 21.6).

By choosing Option B, you align with TOGAF’s structured approach to compliance, resilience, and addressing security concerns.

Key aspects of the scenario:

Objective:

Integrating Artificial Intelligence (AI) into healthcare delivery, with a focus on improving patient care, enhancing workplace efficiency, and enabling seamless experiences.

Challenges:

Stakeholder concerns about risk management, adaptability to change, and ensuring alignment with regulations and policies.

Addressing the concerns of staff and top management about AI integration and achieving the desired goals.

CIO ' s Perspective:

Encouraging an agile approach to architecture development.

Addressing risks and ensuring stakeholder concerns are managed.

Areas for Evaluation:

AI usage by staff and impact on workflows.

Patient experience enhancement via AI.

New workplace platforms and tools powered by AI.

Option Analysis:

Option 1: Analysis of stakeholders and development of a Stakeholder Map

Pros:

Stakeholder analysis is critical for identifying concerns, viewpoints, and requirements.

TOGAF emphasizes stakeholder engagement early in the process to mitigate risks and align expectations.

Developing a Stakeholder Map ensures clear alignment with their interests and creates a foundation for regular feedback loops.

Cons:

Does not explicitly address the creation of architecture models or policies upfront.

Option 2: Creation of a Communications Plan

Pros:

A communications plan fosters effective stakeholder engagement by addressing their concerns and ensuring transparent reporting.

Risk mitigation as part of communication aligns with TOGAF’s stakeholder management practices.

Cons:

This focuses more on communication mechanics rather than advancing architectural development directly.

Option 3: Models for Draft Business, Data, Application, and Technology Architectures

Pros:

Aligns with the Architecture Development Method (ADM), ensuring compliance with requirements and regulations.

Helps formalize stakeholder feedback by verifying their concerns against tangible models.

Cons:

Developing detailed models early on may delay immediate resolution of stakeholder concerns and risk mitigation.

Option 4: Set of reusable business models for AI-related projects

Pros:

Standardized models ensure consistency and portability across the organization’s AI-related efforts.

Cons:

Too narrow in focus for the initial architecture development phase; does not address risk management or stakeholder concerns adequately.

Recommended Answer:

Option 1: You recommend that an analysis of the stakeholders is undertaken.

Reasoning:

The scenario highlights stakeholder concerns about risks, adaptability, and compliance. Addressing these concerns requires stakeholder analysis as the first step.

A Stakeholder Map aligns with TOGAF’s emphasis on stakeholder engagement, providing a structured way to manage their concerns and expectations.

Identifying concerns early and integrating feedback into the Architecture Vision document ensures alignment with goals and smooth progress.

Option 1 sets the foundation for collaboration and risk management, making it the best fit for the current phase.

Key aspects of the scenario:

Business Objective:

A merger is happening to combine offerings, reduce costs, and achieve operational efficiency.

The goal includes fully integrating retail operations and systems, replacing duplicated systems, and reducing the number of applications used.

Technological Improvements:

A central AI-based inventory system is in place.

Hand-held devices for stores have improved customer and staff satisfaction and increased efficiency.

Scope of Architecture Work:

Integrating the merged systems.

Managing retail architecture to optimize operations.

TOGAF Alignment:

TOGAF principles aim to ensure the architecture supports business transformation effectively while aligning with governance and best practices.

Best answer analysis:

Option 1:

Maximize Benefit to the Enterprise: Aligns with the merger goals of cost reduction and efficiency.

Common Use Applications: Matches the goal to reduce duplicated systems.

Data is an Asset: Central AI system depends on accurate and reliable data.

Responsive Change Management: Necessary to support the transition and manage organizational impacts.

Technology Independence: Encourages selecting flexible, scalable solutions post-merger.

This option comprehensively aligns with the scenario.

Option 2:

Control Technical Diversity: Important but less emphasized than cost reduction and application unification.

Interoperability: Relevant, but less critical compared to principles addressing business value.

Data is an Asset: Relevant.

Data is Shared: Implied in centralized inventory but not directly stated.

Business Continuity: Important but not the main focus here.

This option partially fits but lacks emphasis on business outcomes.

Option 3:

Common Vocabulary and Data Definitions: Indirectly helpful but not central to the transformation.

Compliance with the Law: Always critical, but no explicit legal issues are mentioned.

Requirements-Based Change: General principle but not transformation-specific.

Responsive Change Management: Relevant.

Data Security: Important but not a central concern in the scenario.

This option focuses more on governance and less on merger goals.

Option 4:

Common Use Applications: Relevant to reducing duplicate systems.

Data is an Asset: Relevant.

Data is Accessible: Fits with AI system and handheld devices but is a subset of " Data is an Asset. "

Ease of Use: Relevant to handheld devices but not a core transformation principle.

Business Continuity: Important but secondary to cost and efficiency.

This option focuses more on usability and accessibility rather than transformation objectives.