OGEA-102 Sample Questions Answers

The scenario states that:

A strategic architecture and roadmap already exist.

Business Architecture is complete, so the work now shifts to Information Systems and Technology Architectures (ADM Phases B–D).

The CTO requires use of the purpose-based EA Capability model (from the TOGAF Series Guide: A Practitioner’s Approach to Developing Enterprise Architecture Following the TOGAF ADM).

The EA team has to plan, organize, and manage the next stage of architecture development, including re-use of existing hardware/software platform components, candidate solutions, feasibility, risks, and prioritization.

Under the purpose-based EA approach, when moving from strategy into defining the next layers of architecture, TOGAF emphasizes:

Using the superior (already-approved) architecture to guide the next ADM cycles– This corresponds to the strategic architecture that is already completed.

Analyzing project dependencies, overlaps, and sequencing

Defining high-level architecture descriptions for the next iteration

Identifying reference architectures and candidate building blocks (especially when reusing existing platform components)

Assessing feasibility, value, cost, and risk for each project

Preparing for stakeholder trade-offs before formalizing the roadmap

These tasks map directly to Option A.

Why Option A is correct

Option A includes exactly what the purpose-based EA approach prescribes at this stage:

“The superior architecture should be used to guide the approach.”✔ Correct — strategic architecture guides the work.

“Review the identified projects, dependencies, and potential overlaps, then decide the order…”✔ Correct — sequencing and dependency assessment are core early tasks in Phases B–D planning.

“Develop high-level architecture descriptions.”✔ Correct — Business Architecture is done; now high-level IS/Tech Architecture descriptions are needed.

“Identify reference architectures and candidate building blocks.”✔ Correct — aligns with TOGAF building-block approach, and specifically fits the scenario where existing platform components will be reused.

“Identify resource needs, considering cost and value.”✔ Correct — mandatory for feasibility and planning.

“Document options, risks, and ways to control them to enable feasibility analysis and trade-off with stakeholders.”✔ Correct — this matches ADM guidelines for preparing options and addressing complexity before deeper development.

This is precisely how TOGAF expects the architecture team to plan, organize, and manage an ADM cycle after strategy is set.

In this scenario, the CTO has not purchased cyber-insurance, the CSO is concerned about increased DDoS risk, and YOU (the EA) are asked “to describe the steps you would take to strengthen the current architecture to improve data protection.”

Because the company follows the TOGAF standard and uses an iterative ADM cycle, the correct response must:

Start with the risk/continuity concern

Use the formal TOGAF change management process

Lead to a Request for Architecture Work

Initiate a new ADM cycle to update the architecture properly

Ensure Architecture Board governance

Option B is the only answer that matches TOGAF’s required process.

✔ Why Option B is correct (TOGAF-aligned)

Option B follows TOGAF’s Architecture Change Management (Phase H) process:

Assess the business continuity requirements– Correct: Phase H requires evaluating change triggers such as new risks, threats, or incidents.– DDoS risk → business continuity concern → legitimate architecture change trigger.

Analyze the current architecture for gaps– Correct: TOGAF Phase H requires assessing whether the current baseline architecture can support required resilience.

Create a formal Change Request– Exactly correct: Phase H outputs Architecture Change Requests (ACRs) for significant changes.– ACR includes description, rationale, and impact (in this case: resilience, continuity, and data protection).

Architecture Board reviews/approves the change request– Correct: All major architecture changes must go through Architecture Governance.

Create a new Request for Architecture Work (RFAW)– Required when the change is significant and needs a new ADM cycle.– Strengthening data protection and business continuity DEFINITELY qualifies as a major change.

Begin a new ADM cycle to implement the changes– Perfectly aligned with TOGAF’s iterative approach:Business continuity → update Technology Architecture → updated security patterns → updated Target Architecture.

This is exactly the TOGAF-prescribed method to strengthen an architecture when significant new risks appear.

Therefore, Option B is the correct and TOGAF-compliant answer.

✘ Why the other options are incorrect

A – Not TOGAF-aligned

Starts with vendors and simulations (not TOGAF-first steps).

No mention of Architecture Board or Change Management.

No Request for Architecture Work.

Gap analysis alone is not the first step for significant architectural risk.

C – Too narrow and skips TOGAF governance

Jumps straight to modifying the Technology Architecture baseline.

No Change Request, no RFAW, no ADM cycle initiation.

Recommends a solution (“DDoS mitigation at infrastructure level”) before architectural assessment.

D – Misuses Architecture Compliance Review

Architecture Compliance Reviews check conformity to an existing architecture—not evaluate new risks or design resilience enhancements.

A compliance review is not the correct first step for addressing new threats.

The Business Value Assessment Technique is a technique that can be used to estimate and compare the business value of the projects and project increments that implement the architecture work packages, which are the sets of actions or tasks that are required to implement a specific part of the architecture. The business value is the measure of the benefits or advantages that the project or project increment delivers to the business, such as increased revenue, reduced costs, improved quality, or enhanced customer satisfaction1

The steps for applying the Business Value Assessment Technique are:

Identify the criteria and factors that are relevant to the business value assessment, such as costs, benefits, risks, and opportunities. The criteria and factors should be aligned with the business goals and drivers that motivate the architecture work, and the stakeholder requirements and concerns that influence the architecture work.

Assign weights and scores to the criteria and factors, using various methods, such as expert judgment, historical data, or analytical models. The weights and scores should reflect the importance and performance of the criteria and factors, and the trade-offs and preferences of the stakeholders.

Calculate the business value for each project or project increment, using various techniques, such as net present value, return on investment, or balanced scorecard. The business value should indicate the expected or actual outcomes and impacts of the project or project increment on the business.

Prioritize the implementation projects and project increments, based on the business value and other considerations, such as dependencies, resources, or risks. The prioritization should determine the order or sequence of the projects and project increments, and the allocation and utilization of the resources.

Therefore, the best answer is C, because it describes the next steps for the migration planning, which are the activities that support the transition from the Baseline Architecture to the Target Architecture. The answer covers the Business Value Assessment Technique, which is relevant to the scenario.

Comprehensive and Detailed Step-by-Step Explanation

Context of the Scenario

The agency is initiating a strategic “AI-first” plan to transform processes using AI and improve efficiency while ensuring service improvements for citizens. Several stakeholder concerns have been raised, such as:

Job security for employees.

Skill development for adapting to new technologies.

Cybersecurity and resilience risks due to reliance on digital platforms.

TOGAF emphasizes the importance of stakeholder management, communication, and risk management to ensure successful adoption and implementation of new architecture. These concerns need to be addressed methodically by gathering requirements, analyzing stakeholder positions, and ensuring proper communication of risks and benefits.

Option Analysis

Option A:

Strengths:

Proposes creating an Organization Map to identify the links between different parts of the agency and the impact of the strategic change.

Suggests holding stakeholder meetings to address concerns.

Includes managing risks as part of Security Architecture development.

Weaknesses:

Focusing solely on creating business models and teaching stakeholders how to interpret them does not directly address cultural and positional concerns about job loss, skill development, and security.

Risk management is addressed as part of Security Architecture development but lacks broader integration into stakeholder requirements.

Conclusion: Incorrect, as it fails to systematically document stakeholder concerns and map them into requirements and architecture decisions.

Option B:

Strengths:

Highlights the importance of formal stakeholder identification and creating a Communication Plan.

Suggests addressing stakeholder concerns through communication and risk management.

Weaknesses:

Does not go into detail on analyzing stakeholder concerns, cultural positions, or specific requirements.

Lacks the inclusion of stakeholder feedback in architecture artifacts like the Architecture Vision or Requirements Specification, which are critical TOGAF outputs.

Conclusion: Incorrect, as it does not include a systematic and structured approach for stakeholder analysis and integration into architecture deliverables.

Option C:

Strengths:

Emphasizes conducting a thorough stakeholder analysis to document concerns, positions, and cultural factors, which aligns with TOGAF’s approach in Phase A (Architecture Vision).

Ensures stakeholder views and requirements are recorded in the Architecture Vision document and reflected in the Architecture Requirements Specification.

Includes continuous assessment and feedback, ensuring concerns are addressed and risks managed effectively.

Aligns with TOGAF's principle of involving stakeholders in architecture development to ensure alignment and success.

Weaknesses:

Could further detail how risk management is included across all phases, but this is implied through integration into the Architecture Requirements Specification.

Conclusion: Correct, as it provides a structured and detailed approach for addressing stakeholder concerns and managing risks within TOGAF’s framework.

Option D:

Strengths:

Suggests categorizing stakeholders into groups and creating models for each category.

Proposes arranging meetings to verify that concerns have been addressed.

Includes risk management as part of the process.

Weaknesses:

Dividing stakeholders into generic categories (e.g., corporate functions, project team) may not adequately capture specific cultural factors and concerns raised in the scenario.

Lacks integration of stakeholder feedback into architecture deliverables such as the Architecture Vision and Architecture Requirements Specification.

Conclusion: Incorrect, as it provides a generalized and less targeted approach to stakeholder concerns compared to Option C.

TOGAF References

Stakeholder Management (Phase A): TOGAF emphasizes analyzing stakeholders’ positions, concerns, and issues to shape architecture development and communication (TOGAF 9.2, Section 24.2).

Architecture Vision: Captures high-level requirements and stakeholder views to ensure alignment with business goals (TOGAF 9.2, Section 6.2).

Architecture Requirements Specification: Records detailed requirements, including those related to risk management, to guide the development of target architectures (TOGAF 9.2, Section 35.5).

Iterative Feedback: Regular assessments and feedback loops are critical to ensure stakeholder concerns are addressed effectively throughout the ADM cycle.

By selecting Option C, the approach adheres to TOGAF's principles of stakeholder analysis, communication, and integration of concerns into architecture development.

In this scenario you are right at the start of an ADM cycle: a Request for Architecture Work has been approved to investigate AI, and there are strong stakeholder concerns and risk questions. According to the TOGAF standard, the correct place to start is Phase A: Architecture Vision, with a strong focus on stakeholder management and capturing their concerns and required views.

Option A is the only answer that correctly reflects this:

Stakeholder analysis & Stakeholder Map (Phase A core task)TOGAF explicitly states that in Phase A you must:

Identify stakeholders

Analyze and group them by common concerns

Use a Stakeholder Map to understand their influence, interest, and required engagement

Determine which views/viewpoints are needed to address their concerns in the architecture description coe.qualiware.com+1

Option A says:

“analysis of the stakeholders … define groups of stakeholders who have common concerns and include development of a Stakeholder Map. The concerns and relevant views should then be defined for each group and recorded in the Architecture Vision document.”

This is exactly how TOGAF describes stakeholder management and views in Phase A:

Stakeholder Map to classify and prioritize stakeholders

Concerns and required views captured and traced

These elements feeding into the Architecture Vision deliverable Visual Paradigm TOGAF+1

Concerns, views, and Architecture VisionTOGAF emphasizes that architecture views are constructed to address specific stakeholder concerns; you do not just build generic models. opengroup.org+1

Option A explicitly links concerns → views → Architecture Vision, which aligns with TOGAF guidance for early phases.

Capturing this in the Architecture Vision provides a high-level, shared understanding of what the AI initiative is trying to achieve and how stakeholder issues (e.g., responsible AI, risk processes, change in way of working) will be addressed.

Risk management and “architecting with agility”In the scenario, the CIO has encouraged architecting with agility. TOGAF is compatible with incremental and iterative development of the target architecture, especially when there is high uncertainty and risk. conexiam.com

Option A includes:

“a requirement that there be progressive development of the target architecture to ensure there is regular feedback.”

This “progressive development” and frequent feedback loop is exactly how you mitigate risk in an AI-heavy, change-sensitive initiative:

Frequent stakeholder feedback

Early validation of assumptions

Ability to adjust scope, constraints, and principles as risk and understanding evolve

This directly addresses management’s worry about the change in the way of working and whether risk management and responsible AI policies are adequate: these become explicit stakeholder concerns and requirements that are iteratively refined.

Why the other options are weaker / not TOGAF-aligned as a starting point

Option B

Focuses mainly on a Communications Plan and powerful stakeholders.

While TOGAF does expect a stakeholder communications plan, it is derived from a proper stakeholder analysis and Stakeholder Map, not a substitute for it.

It also treats risk as a “component of the architecture” rather than something to be addressed early through stakeholder concerns, principles, and iteration.

Option C

Jumps straight to a solution concept diagram and benefits diagram and defers risk evaluation to when the Architecture Roadmap is defined (Phase E).

In TOGAF, risk and stakeholder concerns must be addressed already in Phase A and refined throughout, not postponed to roadmap development.

Option D

Proposes creating draft Business, Data, Application, and Technology models and putting them into the Architecture Vision.

This is too detailed for the starting point: Phase A is about high-level vision, not full draft core architecture models (those belong in Phases B, C, D).

It also doesn’t emphasize Stakeholder Mapping and grouping by concerns, which is central to resolving the worries about way of working, risk, and responsible AI.

In summary, Option A is the best and TOGAF-consistent way to begin:

Start in Phase A: Architecture Vision

Perform stakeholder analysis and create a Stakeholder Map

Define stakeholder concerns and relevant views

Record them in the Architecture Vision

Add an explicit requirement for progressive (iterative) development of the target architecture for continuous feedback and risk mitigation

A Consolidated Gaps, Solutions and Dependencies Matrix is a technique that can be used to create work packages for an incremental rollout of the architecture. A work package is a set of actions or tasks that are required to implement a specific part of the architecture. A work package can be associated with one or more Architecture Building Blocks (ABBs) or Solution Building Blocks (SBBs), which are reusable components of business, IT, or architectural capability. A work package can also be associated with one or more Capability Increments, which are defined, discrete portions of the overall capability that deliver business value. A Capability Increment can be realized by one or more Transition Architectures, which are intermediate states of the architecture that enable the transition from the Baseline Architecture to the Target Architecture123

The steps for creating work packages using this technique are:

For each gap between the Baseline Architecture and the Target Architecture, identify a proposed solution and classify it as new development, purchased solution, or based on an existing product. A gap is a difference or deficiency in the current state of the architecture that needs to be addressed by the future state of the architecture. A solution is a way of resolving a gap by implementing one or more ABBs or SBBs.

Group similar solutions together to define the work packages. Similar solutions are those that have common characteristics, such as functionality, technology, vendor, or location.

Identify dependencies between work packages, such as logical, temporal, or resource dependencies. Dependencies indicate the order or priority of the work packages, and the constraints or risks that may affect their implementation.

Regroup the work packages into a set of Capability Increments to transition to the Target Architecture. Capability Increments should be defined based on the business value, effort, and risk associated with each work package, and the schedule and objectives of the clinical trials. Capability Increments should also be aligned with the Architecture Vision and the Architecture Principles.

Document the work packages and the Capability Increments in an Architecture Definition Increments Table, which shows the mapping between the work packages, the ABBs, the SBBs, and the Capability Increments. The table also shows the dependencies, assumptions, and issues related to each work package and Capability Increment.

Therefore, the best answer is B, because it describes the approach to identify the work packages for an incremental rollout meeting the requirements, using the Consolidated Gaps, Solutions and Dependencies Matrix as a planning tool.