Please read this scenario prior to answering the questionYou are employed as an Enterprise Architect...

The Open Group OGEA-103 Full Course Access

The Open Group OGEA-103 View All Questions

The Open Group OGEA-103 Question Answer

Please read this scenario prior to answering the question

You are employed as an Enterprise Architect at a technology company, reporting directly

to the Chief Enterprise Architect. The company supplies personnel and delivers cloud-

based solutions to numerous government agencies.

The nature of the business is such that the data and the information stored on the

company systems is the company's major asset and is highly confidential. The company

employees work remotely and need constant access to the company systems, which is

done by the public infrastructure. They use message encryption, secure internet

connections using Virtual Private Networks (VPNs), and other standard security

measures. The company provides computer security awareness training for all its staff.

The Chief Security Officer (CSO) has noted an increase in distributed denial of service

(DDoS) attacks on companies with a similar profile. The CSO understands that even

with thorough preparation, a major attack could stop employees from being able to do

their jobs. This could lead to a large financial loss, damage to the company's reputation

with customers, and employees being unable to work.

A risk assessment has been completed and the company has looked for cyber insurance

that covers such attacks. The price for this insurance is very high. The CTO has decided

not to get cyber insurance to cover such attacks.

The company follows the TOGAF standard as the method and guiding framework for its

Enterprise Architecture (EA) practice. The Chief Technology Officer (CTO) is the sponsor

of the activity. The practice uses an iterative approach for its architecture development.

This has enabled the decision makers to gain valuable insights into the different aspects

of the business

Please read this scenario prior to answering the question

You have been asked to describe the steps you would take to strengthen the current

architecture to improve data protection.

Based on the TOGAF standard which of the following is the best answer?

You would request technology updates from existing suppliers that improve the

company's capabilities to detect, react, and recover from an incident. You

would run a simulated ransomware attack to evaluate the current Enterprise

Architecture's resilience and recovery capabilities. Using the findings, you

would perform a gap analysis of the current Enterprise Architecture, and

prepare change requests to address i

You would run a planning exercise to assess the business continuity

requirements and analyze the current Enterprise Architecture for gaps. You

create a formal change request related to business resilience and maintaining

critical business functions. You would arrange a meeting of the Architecture

Board to assess and approve the change request. Once approved you would

create a new Request for Architecture Work t

You would ensure that business value and cost of continuity measures are

understood by key stakeholders, and that the company has in place up-to-date

processes for managing change to the current Enterprise Architecture. You

recommend that DDoS mitigation be addressed at the infrastructure level to

ensure effective, scalable protection. Changes should be made to the baseline

description of the Technology Archite

You would hold an Architecture Compliance Review with the scope to examine

the company's ability to respond to such attacks. You would identify the

departments involved and have them nominate representatives. You would

then tailor checklists to address the requirement for increased business

continuity and resilience. You would circulate the checklists to the nominated

representatives for them to complete. You w

Explanation:

In this scenario, the CTO hasnotpurchased cyber-insurance, the CSO is concerned about increased DDoS risk, and YOU (the EA) are asked“to describe the steps you would take to strengthen the current architecture to improve data protection.”

Because the company follows theTOGAF standardand uses aniterative ADM cycle, the correct response must:

Start with therisk/continuity concern

Use the formal TOGAFchange management process

Lead to aRequest for Architecture Work

Initiate anew ADM cycleto update the architecture properly

Ensure Architecture Board governance

OptionBis the only answer that matches TOGAF’s required process.

✔Why Option B is correct (TOGAF-aligned)

Option B follows TOGAF’sArchitecture Change Management (Phase H)process:

Assess the business continuity requirements– Correct: Phase H requires evaluating change triggers such as new risks, threats, or incidents.– DDoS risk → business continuity concern → legitimate architecture change trigger.

Analyze the current architecture for gaps– Correct: TOGAF Phase H requires assessing whether the current baseline architecture can support required resilience.

Create a formal Change Request– Exactly correct: Phase H outputsArchitecture Change Requests (ACRs)for significant changes.– ACR includes description, rationale, and impact (in this case: resilience, continuity, and data protection).

Architecture Board reviews/approves the change request– Correct: All major architecture changes must go through Architecture Governance.

Create a new Request for Architecture Work (RFAW)– Required when the change is significant and needs a new ADM cycle.– Strengthening data protection and business continuity DEFINITELY qualifies as a major change.

Begin a new ADM cycle to implement the changes– Perfectly aligned with TOGAF’s iterative approach:Business continuity → update Technology Architecture → updated security patterns → updated Target Architecture.

This is exactly the TOGAF-prescribed method to strengthen an architecture when significant new risks appear.

Therefore,Option B is the correct and TOGAF-compliant answer.

✘Why the other options are incorrect

A – Not TOGAF-aligned

Starts with vendors and simulations (not TOGAF-first steps).

No mention of Architecture Board or Change Management.

No Request for Architecture Work.

Gap analysis alone is not the first step for significant architectural risk.

C – Too narrow and skips TOGAF governance

Jumps straight to modifying the Technology Architecture baseline.

No Change Request, no RFAW, no ADM cycle initiation.

Recommends a solution (“DDoS mitigation at infrastructure level”) before architectural assessment.

D – Misuses Architecture Compliance Review

Architecture Compliance Reviews check conformity to an existing architecture—not evaluate new risks or design resilience enhancements.

A compliance review isnotthe correct first step for addressing new threats.

OGEA-103 PDF/Engine

Printable Format
Value of Money
100% Pass Assurance
Verified Answers
Researched by Industry Experts
Based on Real Exams Scenarios
100% Real Questions

Get 65% Discount on All Products, Use Coupon: "ac4s65"

Please read this scenario prior to answering the questionYou are employed as an Enterprise Architect...

New Year Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac4s65

Please read this scenario prior to answering the questionYou are employed as an Enterprise Architect...

The Answer Is:

Explanation:

Quick Links