Practice Free OGEA-103 Exam Online Questions
Consider the following statements describing the TOGAF ADM:
1) All ADM activities are carried out within an iterative cycle of continuous architecture definition and realization
2) The Requirements Management phase is a continuous phase
3) Output from an early phase may be modified in a later phase
4) When a phase starts, the previous phase closes
Which statements are correct?
- A . 2,3&4
- B . 1,2&3
- C . 1,2&4
- D . 1,3&4
B
Explanation:
Comprehensive and Detailed Explanation
Let’s examine each statement against the TOGAF ADM principles:
All ADM activities are carried out within an iterative cycle of continuous architecture definition and realization
Correct. The ADM is iterative in three dimensions: across the cycle, between levels (enterprise, segment, capability), and within phases. This means architecture development is never linear but part of a continuous cycle of definition and realization.
The Requirements Management phase is a continuous phase
Correct. Requirements Management is central to the ADM cycle. It operates continuously, ensuring requirements are identified, stored, and addressed throughout all phases, not only in a single step.
Output from an early phase may be modified in a later phase
Correct. The ADM is iterative and allows feedback between phases. For example, new requirements identified in later phases may lead to modifications of deliverables from earlier phases.
When a phase starts, the previous phase closes
Incorrect. The ADM is not strictly sequential. Phases can overlap, iterate, and provide feedback loops. One phase starting does not imply that the previous phase is closed; instead, phases interact dynamically.
Correct Mapping
Statements 1, 2, and 3 are correct.
Statement 4 is incorrect.
Correct answer is B (1, 2 & 3).
Why the other options are incorrect
A (2, 3 & 4): Includes statement 4, which is incorrect.
C (1, 2 & 4): Includes statement 4, which is incorrect.
D (1, 3 & 4): Includes statement 4, which is incorrect.
Reference
The Open Group, TOGAF® Standard, Version 9.2, Part II: ADM ― overview of ADM iterations, Requirements Management, and feedback between phases.
The Open Group, TOGAF® 9 Certified Study Guide ― emphasizes ADM as iterative and requirements-driven.
Complete the sentence. The architecture domains that are considered by the TOGAF standard as subsets of an overall enterprise architecture are Business, Technology,
- A . Logical and Physical
- B . Information and Data
- C . Capability and Segment
- D . Application and Data
D
Explanation:
These domains provide a consistent way to describe and understand the architecture from different perspectives, such as business, information, and technology12. Each domain has its own set of concepts, models, views, and artifacts that define the structure and behavior of the architecture within that domain12.
The other options are incorrect because:
• Logical and Physical are not architecture domains, but rather levels of abstraction that can be applied to any domain. Logical architecture describes the functionality and behavior of the system, while physical architecture describes the implementation and deployment of the system3.
• Information and Data are not distinct architecture domains, but rather aspects of the same domain. Information architecture describes the meaning and context of the data, while data architecture describes the structure and format of the data4.
• Capability and Segment are not architecture domains, but rather levels of granularity that can be applied to any domain. Capability architecture describes the current and desired states of a specific
business capability, while segment architecture describes a subdivision of the enterprise that has a clear business focus5.
Reference: 1: The TOGAF Standard, Version 9.2 – Definitions 2: TOGAF® Standard ― Introduction –
Definitions 3: [Logical vs Physical Architecture] 4: [Information Architecture vs Data Architecture] 5:
[The TOGAF Standard, Version 9.2 – Applying the ADM Across the Architecture Landscape]
Please read this scenario prior to answering the question
You are employed as an Enterprise Architect consultant within a manufacturing company. The company has multiple business units located worldwide, including retail, manufacturing, pharmaceuticals, and technology.
The company has a mature Enterprise Architecture (EA) practice and uses the TOGAF standard for its architecture development method. The EA practice is engaged throughout all the business units, with governance provided by multiple Architecture Boards with responsibility for a business line. In addition to the EA program, the company uses a number of management frameworks, including business planning, project/portfolio management, and operations management. The EA program is sponsored by the Chief Information Officer (CIO).
After a recent study, senior management are concerned about the impact of the company’s multiple data centers and duplication of applications on the business efficiency. To address the concern, a strategic architecture has been defined; it will help improve the ability to meet customer demand and improve the efficiency of operations. The strategic architecture involves the consolidation of multiple applications programs that are currently used in different business units and putting them all onto a cloud-based solution instead.
Each business unit has completed the Architecture Definition documentation to meet its own specific operational requirements. The Enterprise Architects have analyzed the corporate changes and implementation constraints. A consolidated gap analysis has been completed. Based on its results, the architects have reviewed the requirements, dependencies and interoperability requirements needed to integrate the cloud-based solution. The architects have completed the Business Transformation Readiness Assessment. Based on all these factors they have produced a risk assessment. They have also completed the draft Implementation and Migration Plan, the draft Architecture Roadmap, and the Capability Assessment deliverables.
Due to the risks of changing from the current environment, the decision has been taken that a
gradual approach is needed to implement the target architectures. It will likely take a few years to complete the whole implementation process.
Refer to the scenario
You have been asked to decide on the next steps for the migration planning.
Based on the TOGAF standard which of the following is the best answer?
- A . You update the Architecture Definition Document, which includes setting project objectives and documenting the final requirements. This will ensure that the architecture remains relevant and responsive to the needs of the enterprise. You then produce an Implementation Governance Model to manage the lessons learned prior to finalizing the Implementation and Migration plan. You recommend that lessons learned be quickly applied as changes to the architecture.
- B . You estimate the business value for each project by applying the Business Value Assessment Technique. The assessment should focus on return on investment and performance evaluation criteria used to monitor the progress of the architecture transformation. You confirm and plan a series of Transition Architecture phases using an Architecture Definition Increments Table. You then document the lessons learned and generate the final Implementation and Migration Plan.
- C . You need to determine how the Implementation and Migration plan fits with the other frameworks being used in the organization. You coordinate the planning with the business planning, project/portfolio management and operations management frameworks. You assign a business value to each project, considering the available resources and how well they align with the strategy. You then update the architecture roadmap and the Implementation and Migration Plan.
- D . You conduct a Compliance Assessment to ensure that the architecture is being implemented according to the contract. The Compliance Assessment verifies that the implementation team is using the proper development methodology. It should also include deployment of monitoring tools. If the monitoring tools show that performance targets are not being met, then the performance requirements should be changed and the Implementation and Migration Plan updated.
C
Explanation:
Option C aligns best with TOGAF Phase F: Migration Planning, which deals with developing a detailed Implementation and Migration Plan, ensuring alignment with other enterprise frameworks, and assigning business value to work packages and projects.
TOGAF Phase F Activities (from the standard):
Confirm Management Framework Interactions:
Per TOGAF, Phase F ensures that the migration planning is aligned with the business planning, portfolio/project management, and operations management frameworks used by the enterprise (which are mentioned in the scenario).
TOGAF emphasizes coordination between EA and other enterprise governance processes.
Prioritize Projects:
TOGAF recommends using business value, resource availability, and strategic alignment to prioritize the various work packages and projects for implementation.
This is directly referenced in option C: "assign a business value to each project, considering the available resources and how well they align with the strategy."
Update Roadmaps and Implementation Plan:
After coordination and prioritization, the Architecture Roadmap and the Implementation and Migration Plan are updated.
This is essential before formal governance (Phase G).
❌ Why the Other Options Are Incorrect:
A: Incorrect focus on updating the Architecture Definition Document and lessons learned. The Architecture Definition Document is mostly finalized in Phases BCE.
Lessons learned and governance modeling are more relevant to Phase G (Implementation Governance) and Phase H (Architecture Change Management), not Phase F.
B: Although it mentions the Business Value Assessment Technique (a valid tool in TOGAF), it includes Architecture Definition Increments Table, which is not a standard TOGAF artifact.
Also, "document the lessons learned" is premature in Phase F; these are more applicable in Phase H.
D: Focuses on Compliance Assessment, which is part of Phase G (Implementation Governance), not Phase F.
Changing performance requirements based on monitoring tools is handled during operations and change management, not during migration planning.
Source Reference from TOGAF:
TOGAF 9.2 C Section 11.3 (Phase F: Migration Planning)
"Activities include confirming the enterprise’s capability for transition, prioritizing projects, identifying dependencies and resource availability, and coordinating with other management frameworks."
TOGAF 9.2 C Section 11.4 Outputs:
Architecture Roadmap (updated)
Implementation and Migration Plan (updated)
Business Value Assessment
Consolidated Gaps, Solutions, and Dependencies
Consider the following descriptions of deliverables consumed and produced across the TOGAF ADM cycle.
General rules and guidelines, intended to be enduring and seldom amended, that inform and support the way in which an organization sets about fulfilling its mission
The joint agreements between development partners and sponsors on the deliverables, quality, and fitness-for-purpose of an architecture.
A document that is sent from the sponsoring organization to the architecture organization to trigger the start of an architecture development cycle
A set of quantitative statements that outline what an implementation
project must do in order to comply with the architecture.
Which deliverables match these descriptions?
- A . 1 Architecture Principles -2 Architecture Contracts – 3 Request for Architecture Work – 4 Architecture Requirements Specification
- B . 1 Architecture Contracts – 2 Architecture Requirements Specification – 3 Architecture Vision – 4 Architecture Principles
- C . 1 Architecture Requirements Specification -2 Architecture Principles – 3 Architecture Vision – 4 Architecture Contracts
- D . 1 Architecture Principles -2 Architecture Contracts – 3 Architecture Requirements Specification-4 Request for Architecture Work
A
Explanation:
According to the TOGAF standard, the deliverables that match the descriptions are as follows:
1 Architecture Principles: These are general rules and guidelines, intended to be enduring and seldom amended, that inform and support the way in which an organization sets about fulfilling its mission1. They reflect a level of consensus among the various elements of the enterprise, and form the basis for making future IT decisions1.
2 Architecture Contracts: These are the joint agreements between development partners and sponsors on the deliverables, quality, and fitness-for-purpose of an architecture2. They are used to ensure that the architecture is implemented and governed according to the agreed-upon specifications and standards2.
3 Request for Architecture Work: This is a document that is sent from the sponsoring organization to the architecture organization to trigger the start of an architecture development cycle3. It defines the scope, schedule, budget, deliverables, and stakeholders of the architecture project3.
4 Architecture Requirements Specification: This is a set of quantitative statements that outline what an implementation project must do in order to comply with the architecture4. It defines the requirements for each architecture domain, as well as the relationships and dependencies among them4.
1: Architecture Principles 2: Architecture Contracts 3: Request for Architecture Work 4: Architecture Requirements Specification
Please read this scenario prior to answering the question
Your role is that of a consultant to the Lead Enterprise Architect in a multinational automotive manufacturer.
The company has a corporate strategy that focuses on electrification of its portfolio, and it has invested
heavily in a new shared car platform to use across all its brands. The company has four
manufacturing
facilities, one in North America, two in Europe, and one in Asia.
A challenge that the company is facing is to scale up the number of vehicles coming off the production line to meet customer demand, while maintaining quality. There are significant supply chain shortages for electronic components, which are impacting production. In response to this the company has taken on new suppliers and has also taken design and production of the battery pack in-house.
The company has a mature Enterprise Architecture practice. The TOGAF standard is used for developing the process and systems used to design, manufacture, and test the battery pack. The Chief Information
Officer and the Chief Operating Officer co-sponsor the Enterprise Architecture program.
As part of putting the new battery pack into production, adjustments to the assembly processes need to be made. A pilot project has been completed at a single location. The Chief Engineer, sponsor of the activity, and the Architecture Board have approved the plan for implementation and migration at each plant.
Draft Architecture Contracts have been developed that detail the work needed to implement and deploy the new processes for each location. The company mixes internal teams with a few third-party contractors at the locations. The Chief Engineer has expressed concern that the deployment will not be consistent and of acceptable quality.
Refer to the scenario
The Lead Enterprise Architect has asked you to review the draft Architecture Contracts and recommend the best approach to address the Chief Engineer’s concern.
Based on the TOGAF Standard, which of the following is the best answer?
- A . For changes requested by an internal team, you recommend a memorandum of understanding between the Architecture Board and the implementation organization. For contracts issued to third-party contractors, you recommend that it is a fully enforceable legal contract. You recommend that the Architecture Board reviews all deviations from the Architecture Contract and considers whether to grant a dispensation to allow the implementation organization to customize the process to meet their local needs.
- B . For changes undertaken by internal teams, you recommend a memorandum of understanding between the Architecture Board and the implementation organization. If a contract is issued to a contractor, you recommend that it is a fully enforceable legal contract. If a deviation from the Architecture Contract is found, you recommend that the Architecture Board grant a dispensation tallow the implementation organization to customize the process to meet their local needs.
- C . You review the contracts ensuring that they address project objectives, effectiveness metrics, acceptance criteria, and risk management. Third-party contracts must be legally enforceable. You recommend a schedule of compliance reviews at key points in the implementation process. You recommend that the Architecture Board reviews all deviations from the Architecture Contract and considers whether to grant a dispensation to allow the process to be customized for local needs.
- D . You recommend that the Architecture Contracts be used to manage the architecture governance processes across the locations. You recommend deployment of monitoring tools to assess the performance of each completed battery pack at each location and develop change requirements if necessary. If a deviation from the contract is detected, the Architecture Board should allow the Architecture Contract to be modified meet the local needs. In such cases they should issue a new Request for Architecture Work to implement a modification to the Architecture Definition.
C
Explanation:
According to the TOGAF Standard, Version 9.2, an Architecture Contract is a joint agreement between development partners and sponsors on the deliverables, quality, and fitness-for-purpose of an architecture1. It defines the scope, responsibilities, and governance of the architecture work, and ensures the alignment and compliance of the architecture with the business goals and objectives1.
In the scenario, the Lead Enterprise Architect has asked you to review the draft Architecture Contracts and recommend the best approach to address the Chief Engineer’s concern about the consistency and quality of the deployment of the new processes for the battery pack production at each location.
The best answer is C, because it follows the guidelines and best practices for defining and using
Architecture Contracts as described in the TOGAF Standard, Version 9.22. It ensures that the contracts cover the essential aspects of the project objectives, effectiveness metrics, acceptance criteria, and risk management, and that they are legally enforceable for third-party contractors. It also recommends a schedule of compliance reviews at key points in the implementation process, and a mechanism for handling any deviations from the Architecture Contract, involving the Architecture Board and the possibility of granting a dispensation to allow the process to be customized for local needs.
The other options are not correct because they either23:
Please read this scenario prior to answering the question
You are serving as the Lead Architect for an Enterprise Architecture team within a leading multinational biotechnology company. The company works in three major industries, including healthcare, crop production, and agriculture. Your team works within the healthcare division.
The healthcare division is developing a new vaccine, and has to demonstrate its effectiveness and safety in a set of clinical trials that satisfy the regulatory requirements of the relevant health authorities. The clinical trials are undertaken by its research laboratories at multiple facilities worldwide. In addition to internal research and development activities, the healthcare division is also involved in publicly funded collaborative research projects with industrial and academic partners.
The Enterprise Architecture team has been engaged in an architecture project to develop a secure system that will allow the healthcare researchers to share information more easily about their clinical trials, and work more collaboratively across the organization and also with its partners. This system will also connect with external partners.
The Enterprise Architecture team uses the TOGAF ADM with extensions required to support healthcare manufacturing practices and laboratory practices. Due to the highly sensitive nature ofthe information that is managed, special care has been taken to ensure that each architecture domain considers the security and privacy issues that are relevant.
The Vice President for Worldwide Clinical Research is the sponsor of the Enterprise Architecture activity. She has stated that disruptions must be minimized for the clinical trials, and that the rollout must be undertaken incrementally.
Refer to the scenario
You have been asked to recommend the approach to identify the work packages for an incremental rollout meeting the requirements.
Based on the TOGAF standard which of the following is the best answer?
- A . You recommend that the Solution Building Blocks from a Consolidated Gaps, Solutions and Dependencies Matrix be grouped into a set of work packages. Using the matrix as a planning tool, regroup the work packages to account for dependencies. Sequence the work packages into the Capability Increments needed to achieve the Target Architecture, so that the implementation team can schedule the rollout one region at a time to minimize disruption. Document the work packages for the Enterprise Architecture using a Transition Architecture State Evolution Table.
- B . You recommend that a Consolidated Gaps. Solutions and Dependencies Matrix is used as a planning tool for creating work packages. For each gap classify whether the solution is either a new development, purchased solution, or based on an existing product. Group the similar solutions together to define the work packages. Regroup the work packages into a set of Capability Increments to transition to the Target Architecture considering the schedule for clinical trials, and document in an Architecture Definition Increments Table.
- C . You recommend that an Implementation Factor Catalog is drawn up to indicate actions and constraints. A Consolidated Gaps. Solutions and Dependencies Matrix should also be created. For each gap. identify a proposed solution and classify it as new development, purchased solution, or based on an existing product. Group similar activities together to form work packages. Identify dependencies between work packages factoring in the clinical trial schedules. Regroup the work packages into a set of Capability Increments scheduled into a series of Transition Architectures.
- D . You recommend that the set of required Solution Building Blocks be determined by identifying those which need to be developed and which need to be procured. Eliminate any duplicates. Group the remaining Solution Building Blocks together to create the work packages using a CRUD (create, read, update, delete) matrix. Rank the work packages and select the most cost-effective options for inclusion in a series of Transition Architectures. Schedule the roll out of the work packages to be sequential across the geographic regions.
B
Explanation:
A Consolidated Gaps, Solutions and Dependencies Matrix is a technique that can be used to create work packages for an incremental rollout of the architecture. A work package is a set of actions or tasks that are required to implement a specific part of the architecture. A work package can be associated with one or more Architecture Building Blocks (ABBs) or Solution Building Blocks (SBBs), which are reusable components of business, IT, or architectural capability. A work package can also be associated with one or more Capability Increments, which are defined, discrete portions of the overall capability that deliver business value. A Capability Increment can be realized by one or more Transition Architectures, which are intermediate states of the architecture that enable the transition from the Baseline Architecture to the Target Architecture123
The steps for creating work packages using this technique are:
For each gap between the Baseline Architecture and the Target Architecture, identify a proposed solution and classify it as new development, purchased solution, or based on an existing product. A gap is a difference or deficiency in the current state of the architecture that needs to be addressed by the future state of the architecture. A solution is a way of resolving a gap by implementing one or more ABBs or SBBs.
Group similar solutions together to define the work packages. Similar solutions are those that have common characteristics, such as functionality, technology, vendor, or location.
Identify dependencies between work packages, such as logical, temporal, or resource dependencies. Dependencies indicate the order or priority of the work packages, and the constraints or risks that may affect their implementation.
Regroup the work packages into a set of Capability Increments to transition to the Target Architecture. Capability Increments should be defined based on the business value, effort, and risk associated with each work package, and the schedule and objectives of the clinical trials. Capability Increments should also be aligned with the Architecture Vision and the Architecture Principles.
Document the work packages and the Capability Increments in an Architecture Definition Increments Table, which shows the mapping between the work packages, the ABBs, the SBBs, and the Capability Increments. The table also shows the dependencies, assumptions, and issues related to each work package and Capability Increment.
Therefore, the best answer is B, because it describes the approach to identify the work packages for an incremental rollout meeting the requirements, using the Consolidated Gaps, Solutions and Dependencies Matrix as a planning tool.
1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 30: Gap Analysis 2: The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 36: Building Blocks 3: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 31: Architecture Change Management: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 23: Phase E: Opportunities and Solutions: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 21: Phase F: Migration Planning: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18: Phase A: Architecture Vision: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 23: Architecture Principles
Consider the following statement:
According to the TOGAF Standard a governed approach of a particular deliverable will ensure a system of continuous monitoring to check integrity changes decision-making and audit of all architecture-related activities
Which deliverable is being referred to?
- A . An Architecture Contract
- B . The Architecture Definition Document
- C . The Architecture Vision
- D . The Statement of Architecture Work
A
Explanation:
An Architecture Contract is a deliverable that specifies the responsibilities and obligations of the parties involved in the implementation and governance of an architecture. It ensures a system of continuous monitoring to check integrity changes decision-making and audit of all architecture-related activities.
Reference: The TOGAF® Standard | The Open Group Website, Section 3.3.4 Architecture Contracts.
Please read this scenario prior to answering the question
You are employed as an Enterprise Architect, reporting to the Chief Enterprise Architect, at a technology company. The company uses the TOGAF standard as the method and guiding framework for its Enterprise Architecture (EA) practice.
The nature of the business is such that the data and the information stored on the company systems is the company’s major asset and is highly confidential. The company employees travel a lot for work and need to communicate over public infrastructure. They use message encryption, secure internet connections using Virtual Private Networks (VPNs), and other standard security measures. The company has provided computer security awareness training for all its staff. However, despite good education and system security, there is still a need to rely on third-party suppliers for infrastructure and software.
The Chief Security Officer (CSO) has noted an increase in ransomware (malicious software used in ransom demands) attacks on companies with a similar profile. The CSO recognizes that no matter how much is spent on education, and support, the company could be a victim of a significant attack that could completely lock them out of their important data.
A risk assessment has been completed and the company has looked for cyber insurance that covers ransomware. The price for this insurance is very high. The CTO recently saw a survey that said 1 out of 4 businesses that paid ransoms could not get their data back, and almost the same number were able to recover the data without paying. The CTO has decided not to get cyber insurance to cover ransom payment.
The Chief Technology Officer (CTO) is the sponsor of the EA project. The practice uses an iterative approach for its architecture development. This has enabled the decision makers to gain valuable insights into the different aspects of the business.
Refer to the scenario
You have been asked to describe the steps you would take to strengthen the current architecture to improve data protection.
Based on the TOGAF standard which of the following is the best answer?
- A . You would ensure that the business value and cost of continuity measures are understood by key stakeholders and would ensure that the company has in place up-to-date processes for managing change to the current Enterprise Architecture. You recommend that mitigation for a ransomware attach be addressed at the infrastructure level with specific technology controls. Changes should be made to the baseline description of the Technology Architecture. The changes should be approved by the Architecture Board and a change request approved.
- B . You would hold an Architecture Compliance Review with the scope to examine the company’s ability to respond to ransomware attacks. You would identify the departments involved and have them nominate representatives. You would then tailor checklists to address the requirement for increased business continuity and resilience. You would circulate to the nominated representatives for them to complete. You would then review the completed checklists, identifying and resolving issues. You would then determine and present your recommendations.
- C . You would run an assessment to identify the business continuity requirements and analyze thecurrent Enterprise Architecture for gaps. You would create a change request to start a further cycle of architecture work to address changes to mitigate such an attack. You would arrange a meeting of the Architecture Board to assess and approve the change request. Once approved you would create a new Request for Architecture Work to begin an ADM cycle to implement the changes.
- D . You would contact existing suppliers for technology that could enhance the company’s capabilities to detect, react, and recover from an incident. You would perform an analysis and assessment of a simulated ransomware attack to evaluate the current Enterprise Architecture’s resilience and recovery capabilities. Using the findings, you would prepare a gap analysis of the current Enterprise Architecture. You would prepare change requests to address identified gaps. You would add the changes implemented to the Architecture Repository.
C
Explanation:
The question asks:
“What steps would you take to strengthen the current architecture to improve data protection?”
This requires understanding how TOGAF handles:
Business continuity requirements
Gap analysis in existing architecture
Architecture change requests
Triggering a new ADM cycle
Governance via the Architecture Board
Option C is the only answer that aligns correctly with TOGAF’s formal Architecture Change Management process (ADM Phase H) and how to progress from identifying gaps to initiating a new cycle.
✅ Why Option C Is Correct
✔ 1. Starts with identifying business continuity requirements
TOGAF Phase A and Phase B require understanding business continuity and information security requirements as part of architecture development.
✔ 2. Analyzes the current architecture for gaps Gap analysis is a required step in:
Phase B (Business Architecture)
Phase C (Data/Application Architecture) Phase D (Technology Architecture)
It is also part of Architecture Change Management (Phase H) when examining existing threats or deficiencies.
✔ 3. Creates a Change Request
In TOGAF, if gaps or new risks require architectural enhancements, a formal Change Request is submitted. This is a mandatory TOGAF mechanism.
✔ 4. Architecture Board evaluates the Change Request
The Architecture Board approves major changes before a new cycle starts ― exactly as described in option C.
✔ 5. Initiates a new ADM cycle with a RfAW
TOGAF explicitly states:
A new or major architecture change requires a Request for Architecture Work before beginning a new ADM cycle.
Option C follows this sequencing precisely:
Identify requirements → analyze gaps → issue change request → Architecture Board approval → create RfAW → start new ADM cycle.
This is textbook TOGAF.
❌ Why the Other Options Are Incorrect
A C Too narrow and focuses only on Technology Architecture
The problem spans business continuity, data protection, and enterprise-wide readiness ― not just infrastructure.
Does not include gap analysis, stakeholder analysis, or initiating a formal ADM cycle.
Incorrectly reduces ransomware mitigation to technology controls.
B C Architecture Compliance Review is inappropriate here
A Compliance Review is used to:
Ensure implementation conforms to architecture Not to:
Identify new risks
Strengthen the architecture
Conduct gap analysis This option is misusing the review process.
D C Supplier-driven, not TOGAF-driven
Involves contacting suppliers prematurely ― not aligned with TOGAF’s architecture-first methodology.
Does not involve Architecture Board approval before pursuing solutions.
Jumps into solutioning before architectural approval.
Relevant TOGAF Reference
Phase H: Architecture Change Management
Manage changes
Evaluate impacts
Generate change requests
Architecture Board Roles
Approves Change Requests
Governs new ADM cycles
Request for Architecture Work
Used to formally launch a new ADM cycle
Please read this scenario prior to answering the question
You are employed as an Enterprise Architect, reporting to the Chief Enterprise Architect, at a technology company. The company uses the TOGAF standard as the method and guiding framework for its Enterprise Architecture (EA) practice.
The nature of the business is such that the data and the information stored on the company systems is the company’s major asset and is highly confidential. The company employees travel a lot for work and need to communicate over public infrastructure. They use message encryption, secure internet connections using Virtual Private Networks (VPNs), and other standard security measures. The company has provided computer security awareness training for all its staff. However, despite good education and system security, there is still a need to rely on third-party suppliers for infrastructure and software.
The Chief Security Officer (CSO) has noted an increase in ransomware (malicious software used in ransom demands) attacks on companies with a similar profile. The CSO recognizes that no matter how much is spent on education, and support, the company could be a victim of a significant attack that could completely lock them out of their important data.
A risk assessment has been completed and the company has looked for cyber insurance that covers ransomware. The price for this insurance is very high. The CTO recently saw a survey that said 1 out of 4 businesses that paid ransoms could not get their data back, and almost the same number were able to recover the data without paying. The CTO has decided not to get cyber insurance to cover ransom payment.
The Chief Technology Officer (CTO) is the sponsor of the EA project. The practice uses an iterative approach for its architecture development. This has enabled the decision makers to gain valuable insights into the different aspects of the business.
Refer to the scenario
You have been asked to describe the steps you would take to strengthen the current architecture to improve data protection.
Based on the TOGAF standard which of the following is the best answer?
- A . You would ensure that the business value and cost of continuity measures are understood by key stakeholders and would ensure that the company has in place up-to-date processes for managing change to the current Enterprise Architecture. You recommend that mitigation for a ransomware attach be addressed at the infrastructure level with specific technology controls. Changes should be made to the baseline description of the Technology Architecture. The changes should be approved by the Architecture Board and a change request approved.
- B . You would hold an Architecture Compliance Review with the scope to examine the company’s ability to respond to ransomware attacks. You would identify the departments involved and have them nominate representatives. You would then tailor checklists to address the requirement for increased business continuity and resilience. You would circulate to the nominated representatives for them to complete. You would then review the completed checklists, identifying and resolving issues. You would then determine and present your recommendations.
- C . You would run an assessment to identify the business continuity requirements and analyze thecurrent Enterprise Architecture for gaps. You would create a change request to start a further cycle of architecture work to address changes to mitigate such an attack. You would arrange a meeting of the Architecture Board to assess and approve the change request. Once approved you would create a new Request for Architecture Work to begin an ADM cycle to implement the changes.
- D . You would contact existing suppliers for technology that could enhance the company’s capabilities to detect, react, and recover from an incident. You would perform an analysis and assessment of a simulated ransomware attack to evaluate the current Enterprise Architecture’s resilience and recovery capabilities. Using the findings, you would prepare a gap analysis of the current Enterprise Architecture. You would prepare change requests to address identified gaps. You would add the changes implemented to the Architecture Repository.
C
Explanation:
The question asks:
“What steps would you take to strengthen the current architecture to improve data protection?”
This requires understanding how TOGAF handles:
Business continuity requirements
Gap analysis in existing architecture
Architecture change requests
Triggering a new ADM cycle
Governance via the Architecture Board
Option C is the only answer that aligns correctly with TOGAF’s formal Architecture Change Management process (ADM Phase H) and how to progress from identifying gaps to initiating a new cycle.
✅ Why Option C Is Correct
✔ 1. Starts with identifying business continuity requirements
TOGAF Phase A and Phase B require understanding business continuity and information security requirements as part of architecture development.
✔ 2. Analyzes the current architecture for gaps Gap analysis is a required step in:
Phase B (Business Architecture)
Phase C (Data/Application Architecture) Phase D (Technology Architecture)
It is also part of Architecture Change Management (Phase H) when examining existing threats or deficiencies.
✔ 3. Creates a Change Request
In TOGAF, if gaps or new risks require architectural enhancements, a formal Change Request is submitted. This is a mandatory TOGAF mechanism.
✔ 4. Architecture Board evaluates the Change Request
The Architecture Board approves major changes before a new cycle starts ― exactly as described in option C.
✔ 5. Initiates a new ADM cycle with a RfAW
TOGAF explicitly states:
A new or major architecture change requires a Request for Architecture Work before beginning a new ADM cycle.
Option C follows this sequencing precisely:
Identify requirements → analyze gaps → issue change request → Architecture Board approval → create RfAW → start new ADM cycle.
This is textbook TOGAF.
❌ Why the Other Options Are Incorrect
A C Too narrow and focuses only on Technology Architecture
The problem spans business continuity, data protection, and enterprise-wide readiness ― not just infrastructure.
Does not include gap analysis, stakeholder analysis, or initiating a formal ADM cycle.
Incorrectly reduces ransomware mitigation to technology controls.
B C Architecture Compliance Review is inappropriate here
A Compliance Review is used to:
Ensure implementation conforms to architecture Not to:
Identify new risks
Strengthen the architecture
Conduct gap analysis This option is misusing the review process.
D C Supplier-driven, not TOGAF-driven
Involves contacting suppliers prematurely ― not aligned with TOGAF’s architecture-first methodology.
Does not involve Architecture Board approval before pursuing solutions.
Jumps into solutioning before architectural approval.
Relevant TOGAF Reference
Phase H: Architecture Change Management
Manage changes
Evaluate impacts
Generate change requests
Architecture Board Roles
Approves Change Requests
Governs new ADM cycles
Request for Architecture Work
Used to formally launch a new ADM cycle
This deliverable is most often produced as an output of the Preliminary Phase. It can also be created because of an approved architecture change request.
What is this deliverable?
- A . Architecture Vision
- B . Requirements Impact Assessment
- C . Statement of Architecture Work
- D . Request for Architecture Work
C
Explanation:
Comprehensive and Detailed In-Depth Explanation from Expert in Enterprise Architecture, guiding in
TOGAF and ArchiMate:
The Statement of Architecture Work is a key governance and control document in TOGAF. It defines:
Scope of the architecture work
Constraints and assumptions
Deliverables and milestones
Roles, responsibilities, and acceptance criteria
Governance and approval mechanisms
Why Option C is correct:
The Statement of Architecture Work is most commonly produced in the Preliminary Phase to formally define how architecture work will be conducted once the Architecture Capability is established.
It may also be re-created or updated following an approved Architecture Change Request, ensuring controlled continuation or re-initiation of architecture activities.
Why the other options are incorrect: