The Open Group OGEA-102 - TOGAF Enterprise Architecture Part 2 Certification Exam
Question #1 (Topic: demo questions)
Please read this scenario prior to answering the question
You are the Lead Enterprise Architect at a major agribusiness company. The company's main harvest
is lentils, a highly valued food grown worldwide. The lentil parasite, broomrape, has been an
increasing concern for many years and is now becoming resistant to chemical controls. In addition,
changes in climate favor the propagation and growth of the parasite. As a result, the parasite cannot
realistically be exterminated, and it has become pandemic, with lentil yields falling globally.
In response to the situation, the CEO has decided that the lentil fields will be used for another
harvest. The company will also cease to process third-party lentils and will repurpose its processing
plants. Thus, the target market will change, and the end-products will be different and more varied.
The company has recently established an Enterprise Architecture practice based on the TOGAF
standard as method and guiding framework. The CIO is the sponsor of the activity. A formal request
for architecture change has been approved. At this stage there is no fixed scope, shared vision, or
objectives.
Refer to the scenario
You have been asked to propose the best approach for architecture development to realize the CEO's
change in direction for the company.
Based on the TOGAF standard which of the following is the best answer?
Correct Answer: D
Explanation:
A Request for Architecture Work is a document that describes the scope, approach, and expected
A Request for Architecture Work is a document that describes the scope, approach, and expected
outcomes of an architecture project. A Request for Architecture Work is usually initiated by the
sponsor or client of the architecture work, and approved by the Architecture Board, which is a
governance body that oversees the architecture work and ensures compliance with the architecture
principles, standards, and goals. A Request for Architecture Work triggers a new cycle of the
Architecture Development Method (ADM), which is the core process of the TOGAF standard that
guides the development and management of the enterprise architecture12
An Architecture Vision is a high-level description of the desired outcomes and benefits of the
proposed architecture. An Architecture Vision is the output of Phase A: Architecture Vision of the
ADM cycle, which is the first phase of the architecture development. An Architecture Vision defines
the scope and approach of the architecture work, and establishes the business goals and drivers that
motivate the architecture work. An Architecture Vision also involves obtaining the approval and
commitment of the sponsors and other key stakeholders, and initiating the Architecture Governance
process3
A trade-off analysis is a technique that can be used to evaluate and compare different architecture
alternatives and select the most suitable one. A trade-off analysis involves identifying the criteria and
factors that are relevant to the decision, such as costs, benefits, risks, and opportunities, and
assessing the strengths and weaknesses of each alternative. A trade-off analysis also involves
balancing and reconciling the multiple, often conflicting, requirements and concerns of the
stakeholders, and ensuring alignment with the Architecture Vision and the Architecture Principles.
Therefore, the best answer is D, because it proposes the best approach for architecture development
to realize the CEO’s change in direction for the company. The answer covers the Request for
Architecture Work, the Architecture Vision, and the trade-off analysis techniques that are relevant to
the scenario.
Reference: 1: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM),
Chapter 7: Request for Architecture Work 2: The TOGAF Standard, Version 9.2, Part VI: Architecture
Capability Framework, Chapter 50: Architecture Governance 3: The TOGAF Standard, Version 9.2,
Part II: Architecture Development Method (ADM), Chapter 18: Phase A: Architecture Vision : The
TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 30: Trade-Off
Analysis
sponsor or client of the architecture work, and approved by the Architecture Board, which is a
governance body that oversees the architecture work and ensures compliance with the architecture
principles, standards, and goals. A Request for Architecture Work triggers a new cycle of the
Architecture Development Method (ADM), which is the core process of the TOGAF standard that
guides the development and management of the enterprise architecture12
An Architecture Vision is a high-level description of the desired outcomes and benefits of the
proposed architecture. An Architecture Vision is the output of Phase A: Architecture Vision of the
ADM cycle, which is the first phase of the architecture development. An Architecture Vision defines
the scope and approach of the architecture work, and establishes the business goals and drivers that
motivate the architecture work. An Architecture Vision also involves obtaining the approval and
commitment of the sponsors and other key stakeholders, and initiating the Architecture Governance
process3
A trade-off analysis is a technique that can be used to evaluate and compare different architecture
alternatives and select the most suitable one. A trade-off analysis involves identifying the criteria and
factors that are relevant to the decision, such as costs, benefits, risks, and opportunities, and
assessing the strengths and weaknesses of each alternative. A trade-off analysis also involves
balancing and reconciling the multiple, often conflicting, requirements and concerns of the
stakeholders, and ensuring alignment with the Architecture Vision and the Architecture Principles.
Therefore, the best answer is D, because it proposes the best approach for architecture development
to realize the CEO’s change in direction for the company. The answer covers the Request for
Architecture Work, the Architecture Vision, and the trade-off analysis techniques that are relevant to
the scenario.
Reference: 1: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM),
Chapter 7: Request for Architecture Work 2: The TOGAF Standard, Version 9.2, Part VI: Architecture
Capability Framework, Chapter 50: Architecture Governance 3: The TOGAF Standard, Version 9.2,
Part II: Architecture Development Method (ADM), Chapter 18: Phase A: Architecture Vision : The
TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 30: Trade-Off
Analysis
Question #2 (Topic: demo questions)
Based on the TOGAF standard which of the following is the best answer?Please read this scenario prior to answering the question
You have been appointed as senior architect working for an autonomous driving technology
development company. The mission of the company is to build an industry leading unified
technology and software platform to support connected cars and autonomous driving.
The company uses the TOGAF Standard as the basis for its Enterprise Architecture (EA) framework.
Architecture development within the company follows the purpose-based EA Capability model as
described in the TOGAF Series Guide: A Practitioners'Approach to Developing Enterprise Architecture
Following the TOGAF® ADM.
An architecture to support strategy has been completed defining a long-range Target Architecture
with a roadmap spanning five years. This has identified the need for a portfolio of projects over the
next two years. The portfolio includes development of travel assistance systems using swarm data
from vehicles on the road.
The current phase of architecture development is focused on the Business Architecture which needs
to support the core travel assistance services that the company plans to provide. The core services
will manage and process the swarm data generated by vehicles, paving the way for autonomous
driving in the future.
The presentation and access to different variations of data that the company plans to offer through
its platform poses an architecture challenge. The application portfolio needs to interact securely with
various third-party cloud services, and V2X (Vehicle-to-Everything) service providers in many
countries to be able to manage the data at scale. The security of V2X is a key concern for the
stakeholders. Regulators have stated that the user's privacy be always protected, for example, so that
the drivers' journey cannot be tracked or reconstructed by compiling data sent or received by the car.
Refer to the scenario
You have been asked to describe the risk and security considerations you would include in the
current phase of the architecture development?
Correct Answer: D
Explanation:
A security domain model is a technique that can be used to define the security requirements and
A security domain model is a technique that can be used to define the security requirements and
policies for the architecture. A security domain is a grouping of assets that share a common level of
security and trust. A security policy is a set of rules and procedures that govern the access and
protection of the assets within a security domain. A security domain model can help to identify the
security domains, the assets within each domain, the security policies for each domain, and the
relationships and dependencies between the domains1
Since the data is being shared across partners, a security federation is needed to establish a trust
relationship and a common security framework among the different parties. A security federation is
a collection of security domains that have agreed to interoperate under a set of shared security
policies and standards. A security federation can enable secure data exchange and collaboration
across organizational boundaries, while preserving the autonomy and privacy of each party. A
security federation requires contractual arrangements, and a definition of the responsibility areas for
the data exchanged, as well as security implications2
A risk assessment is a process that identifies, analyzes, and evaluates the risks that may affect the
architecture. A risk assessment can help to determine the likelihood and impact of the threats and vulnerabilities that may compromise the security and privacy of the data assets. A risk assessment can
security and trust. A security policy is a set of rules and procedures that govern the access and
protection of the assets within a security domain. A security domain model can help to identify the
security domains, the assets within each domain, the security policies for each domain, and the
relationships and dependencies between the domains1
Since the data is being shared across partners, a security federation is needed to establish a trust
relationship and a common security framework among the different parties. A security federation is
a collection of security domains that have agreed to interoperate under a set of shared security
policies and standards. A security federation can enable secure data exchange and collaboration
across organizational boundaries, while preserving the autonomy and privacy of each party. A
security federation requires contractual arrangements, and a definition of the responsibility areas for
the data exchanged, as well as security implications2
A risk assessment is a process that identifies, analyzes, and evaluates the risks that may affect the
architecture. A risk assessment can help to determine the likelihood and impact of the threats and vulnerabilities that may compromise the security and privacy of the data assets. A risk assessment can
also help to prioritize and mitigate the risks, and to monitor and review the risk situation3
Therefore, the best answer is D, because it describes the risk and security considerations that would
be included in the current phase of the architecture development, which is focused on the Business
Architecture. The answer covers the security domain model, the security federation, and the risk
assessment techniques that are relevant to the scenario.
Reference: 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 35:
Security Architecture and the ADM 2: The TOGAF Standard, Version 9.2, Part IV: Architecture Content
Framework, Chapter 38: Security Architecture 3: The TOGAF Standard, Version 9.2, Part III: ADM
Guidelines and Techniques, Chapter 32: Risk Management
Question #3 (Topic: demo questions)
Please read this scenario prior to answering the question
You are serving as the Lead Architect for an Enterprise Architecture team within a leading
multinational biotechnology company. The company works in three major industries, including
healthcare, crop production, and agriculture. Your team works within the healthcare division.
The healthcare division is developing a new vaccine, and has to demonstrate its effectiveness and
safety in a set of clinical trials that satisfy the regulatory requirements of the relevant health
authorities. The clinical trials are undertaken by its research laboratories at multiple facilities
worldwide. In addition to internal research and development activities, the healthcare division is
also involved in publicly funded collaborative research projects with industrial and academic
partners.
The Enterprise Architecture team has been engaged in an architecture project to develop a secure
system that will allow the healthcare researchers to share information more easily about their clinical
trials, and work more collaboratively across the organization and also with its partners. This system
will also connect with external partners.
The Enterprise Architecture team uses the TOGAF ADM with extensions required to support
healthcare manufacturing practices and laboratory practices. Due to the highly sensitive nature of
the information that is managed, special care has been taken to ensure that each architecture
domain considers the security and privacy issues that are relevant.
The Vice President for Worldwide Clinical Research is the sponsor of the Enterprise Architecture
activity. She has stated that disruptions must be minimized for the clinical trials, and that the rollout
must be undertaken incrementally. Refer to the scenario You have been asked to recommend the
approach to identify the work packages for an incremental
rollout meeting the requirements.
Based on the TOGAF standard which of the following is the best answer?
Correct Answer: B
Explanation:
A Consolidated Gaps, Solutions and Dependencies Matrix is a technique that can be used to create
A Consolidated Gaps, Solutions and Dependencies Matrix is a technique that can be used to create
work packages for an incremental rollout of the architecture. A work package is a set of actions or
tasks that are required to implement a specific part of the architecture. A work package can be
associated with one or more Architecture Building Blocks (ABBs) or Solution Building Blocks (SBBs),
which are reusable components of business, IT, or architectural capability. A work package can also
be associated with one or more Capability Increments, which are defined, discrete portions of the
overall capability that deliver business value. A Capability Increment can be realized by one or more
Transition Architectures, which are intermediate states of the architecture that enable the transition
from the Baseline Architecture to the Target Architecture123
The steps for creating work packages using this technique are:
For each gap between the Baseline Architecture and the Target Architecture, identify a proposed
solution and classify it as new development, purchased solution, or based on an existing product. A
gap is a difference or deficiency in the current state of the architecture that needs to be addressed by
the future state of the architecture. A solution is a way of resolving a gap by implementing one or
more ABBs or SBBs.
Group similar solutions together to define the work packages. Similar solutions are those that have
common characteristics, such as functionality, technology, vendor, or location.
Identify dependencies between work packages, such as logical, temporal, or resource dependencies.
Dependencies indicate the order or priority of the work packages, and the constraints or risks that
may affect their implementation.
Regroup the work packages into a set of Capability Increments to transition to the Target
Architecture. Capability Increments should be defined based on the business value, effort, and risk
associated with each work package, and the schedule and objectives of the clinical trials. Capability
Increments should also be aligned with the Architecture Vision and the Architecture Principles.
Document the work packages and the Capability Increments in an Architecture Definition Increments
Table, which shows the mapping between the work packages, the ABBs, the SBBs, and the Capability
Increments. The table also shows the dependencies, assumptions, and issues related to each work
package and Capability Increment.
Therefore, the best answer is B, because it describes the approach to identify the work packages for
an incremental rollout meeting the requirements, using the Consolidated Gaps, Solutions and
Dependencies Matrix as a planning tool.
Reference: 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 30: Gap Analysis 2: The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter
36: Building Blocks 3: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques,
Chapter 31: Architecture Change Management : The TOGAF Standard, Version 9.2, Part II:
Architecture Development Method (ADM), Chapter 23: Phase E: Opportunities and Solutions : The
TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 21: Phase F:
Migration Planning : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method
(ADM), Chapter 18: Phase A: Architecture Vision : The TOGAF Standard, Version 9.2, Part III: ADM
Guidelines and Techniques, Chapter 23: Architecture Principles
Question #4 (Topic: demo questions)
Please read this scenario prior to answering the question
Your role is that of a senior architect, reporting to the Chief Enterprise Architect, at a medium-sized
company with 400 employees. The nature of the business is such that the data and the information
stored on the company systems is their major asset and is highly confidential.
The company employees travel extensively for work and must communicate over public
infrastructure using message encryption, VPNs, and other standard safeguards. The company has
invested in cybersecurity awareness training for all its staff. However, it is recognized that even with
good education as well as system security, there is a dependency on third-parly suppliers of
infrastructure and software.
The company uses the TOGAF standard as the method and guiding framework for its Enterprise
Architecture (EA) practice. The CTO is the sponsor of the activity.
The Chief Security Officer (CSO) has noted an increase in ransomware (malicious software used in
ransom demands) attacks on companies with a similar profile. The CSO recognizes that no matter
how much is spent on education, and support, it is likely just a matter of time before the company
suffers a significant attack that could completely lock them out of their information assets.
A risk assessment has been done and the company has sought cyber insurance that includes
ransomware coverage. The quotation for this insurance is hugely expensive. The CTO has recently
read a survey that stated that one in four organizations paying ransoms were still unable to recover
their data, while nearly as many were able to recover the data without paying a ransom. The CTO has
concluded that taking out cyber insurance in case they need to pay a ransom is not an option.
Refer to the scenario
You have been asked to describe the steps you would take to improve the resilience of the current
architecture?
Based on the TOGAF standard which of the following is the best answer?
Correct Answer: A
Explanation:
Business continuity is the ability of an organization to maintain essential functions during and after a
Business continuity is the ability of an organization to maintain essential functions during and after a
disaster or disruption. Business continuity requirements are the specifications and criteria that
define the acceptable level of performance and availability of the business processes and services in
the event of a disaster or disruption. A gap analysis is a technique that compares the current state of
the architecture with the desired state, and identifies the gaps or differences that need to be
addressed. A change request is a formal proposal for an amendment to some product or system,
such as the architecture. A Request for Architecture Work is a document that describes the scope,
approach, and expected outcomes of an architecture project123
The best answer is A, because it describes the steps that would improve the resilience of the current
architecture, which is the ability to withstand and recover from a ransomware attack or any other
disruption. The steps are: Determine the business continuity requirements, which specify the
minimum acceptable level of
performance and availability of the business processes and services in case of a ransomware attack.
This would involve identifying the critical business functions, the recovery time objectives, the
recovery point objectives, and the dependencies and resources needed for recovery.
Undertake a gap analysis of the current Enterprise Architecture, which compares the current state of
the architecture with the desired state based on the business continuity requirements. This would
involve assessing the strengths and weaknesses of the current architecture, the risks and
opportunities for improvement, and the gaps or differences that need to be addressed.
Make recommendations for change requirements to address the situation and create a change
request. This would involve proposing solutions and alternatives to close the gaps, enhance the
resilience, and mitigate the risks of the current architecture. The change request would document
the rationale, scope, impact, and benefits of the proposed changes, and seek approval from the
relevant stakeholders. Manage a meeting of the Architecture Board to assess and approve the change
request. The
Architecture Board is a governance body that oversees the architecture work and ensures
compliance with the architecture principles, standards, and goals. The meeting would involve
presenting the change request, discussing the pros and cons, resolving any issues or conflicts, and
obtaining the approval or rejection of the change request. Once approved, produce a new Request for
Architecture Work to activate an ADM cycle to carry out a
project to define the change. The Request for Architecture Work would describe the scope, approach,
and expected outcomes of the architecture project that would implement the approved change
request. The Request for Architecture Work would initiate a new cycle of the Architecture
Development Method (ADM), which is the core process of the TOGAF standard that guides the
development and management of the enterprise architecture.
Reference: 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 33:
Business Scenarios 2: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques,
Chapter 30: Gap Analysis 3: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and
Techniques, Chapter 31: Architecture Change Management : The TOGAF Standard, Version 9.2, Part
II: Architecture Development Method (ADM), Chapter 7: Request for Architecture Work : The TOGAF
Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 34: Business Transformation
Readiness Assessment : The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques,
Chapter 30: Gap Analysis : The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and
Techniques, Chapter 31: Architecture Change Management : The TOGAF Standard, Version 9.2, Part
VI: Architecture Capability Framework, Chapter 50: Architecture Governance : The TOGAF Standard,
Version 9.2, Part II: Architecture Development Method (ADM), Chapter 7: Request for Architecture
Work
Question #5 (Topic: demo questions)
Please read this scenario prior to answering the question
You are working as Chief Enterprise Architect at a large Internet company. The company has many
divisions, ranging from cloud to logistics. The company has grown rapidly, expanding from initially
selling physical books and media to a range of services including an online marketplace, livestreaming.
eBooks. and cloud services.
Overall management of the numerous divisions has become challenging. Recent high-profile projects
have overrun on budget and under delivered, damaging the company's reputation, and adversely
impacting its share price. There is a widely held view within the executive management that the
organization structure has played a major role in these project failures.
The company has an established Enterprise Architecture program based on the TOGAF standard,
sponsored jointly by the Chief Executive Officer (CEO) and Chief Information Officer (CIO). The CEO
has decided that the company needs to reorganize its divisions around artificial intelligence and
machine learning with a focus on automation. The CEO has worked with the Enterprise Architects to
create a strategic architecture for the reorganization, including an Architecture Vision, together with
definitions for the four domain architectures. This sets out an ambitious vision of the future of the
company over a three-year period. This includes a set of work packages and includes three distinct
transformations.
The CIO has made it clear that prior to the approval of the detailed Implementation and Migration
plan, the EAteam will need to assess the risks associated with the proposed architecture. He has
received concerns from key stakeholders across the company that the proposed reorganization may
be too ambitious and there is doubt whether it can produce sufficient value to warrant the risks.
Refer to the scenario
You have been asked to recommend an approach to satisfy these concerns. Based on the TOGAF
Standard, which of the following is the best answer?
Correct Answer: A
Explanation:
The Business Transformation Readiness Assessment is a technique that can be used to evaluate the