The Open Group OGEA-103 Online Practice Questions and Exam Preparation

The Open Group OGEA-103 Online Questions & Answers

• Question 71:

  Which of the following describes the practice by which the enterprise architecture is managed and controlled at an enterprise-wide level?

  A. Corporate governance
  B. Architecture governance
  C. IT governance
  D. Technology governance
  B. Architecture governance

  ---

  Explanation

  According to the TOGAF Standard, 10th Edition, architecture governance is "the practice by which enterprise architectures and other architectures are managed and controlled at an enterprise-wide level" 1. Architecture governance ensures that the architecture development and implementation are aligned with the strategic objectives, principles, standards, and requirements of the enterprise, and that they deliver the expected value and outcomes. Architecture governance also involves establishing and maintaining the architecture framework, repository, board, contracts, and compliance reviews 1. The other options are not correct, as they are not the term used by the TOGAF Standard to describe the practice by which the enterprise architecture is managed and controlled at an enterprise-wide level. Corporate governance is "the system by which an organization is directed and controlled" 2, and it covers aspects such as leadership, strategy, performance, accountability, and ethics. IT governance is "the system by which the current and future use of IT is directed and controlled" 2, and it covers aspects such as IT strategy, policies, standards, and services. Technology governance is "the system by which the technology decisions and investments are directed and controlled" 3, and it covers aspects such as technology selection, acquisition, deployment, and maintenance.

  References: 1: TOGAF Standard, 10th Edition, Part VI: Architecture Governance, Chapter

  44: Introduction. 2: TOGAF Standard, 10th Edition, Part I: Introduction, Chapter 3:

  Definitions. 3: TOGAF Series Guide: Using the TOGAF Framework to Define and Govern Service-Oriented Architectures, Part II: Using the TOGAF Framework to Define and Govern Service-Oriented Architectures, Chapter 5: Technology

  Governance.

• Question 72:

  What are the following activities part of? Risk classification Risk identification Initial risk assessment

  A. Security Architecture
  B. Phase A
  C. Phase G
  D. Risk Management
  D. Risk Management

  ---

  Explanation

  Risk management is a generic technique that can be applied across all phases of the Architecture Development Method (ADM), as well as in the Preliminary Phase and the Requirements Management Phase2. Risk management involves the following steps1:

  •

  Risk identification: This step involves identifying the potential risks that may affect the architecture project, such as technical, business, organizational, environmental, or legal risks. The risks can be identified through various sources, such as stakeholder interviews, workshops, surveys, checklists, historical data, or expert judgment.

  •

  Risk classification: This step involves categorizing the risks based on their nature, source, impact, and priority. The risks can be classified according to different criteria, such as time, cost, scope, quality, security, or compliance. The classification helps in prioritizing the risks and allocating resources and efforts to address them effectively.

  •

  Initial risk assessment: This step involves assessing the likelihood and impact of each risk, and determining the initial level of risk. The likelihood is the probability of the risk occurring, and the impact is the severity of the consequences if the risk occurs. The initial level of risk is the product of the likelihood and impact, and it indicates the urgency and importance of the risk. The initial risk assessment helps in identifying the most critical risks that need immediate attention and mitigation.

  References: 1: The TOGAF Standard, Version 9.2 - Risk Management 2: TOGAF ADM: Top 10 techniques – Part 9: Risk Management

• Question 73:

  Please read this scenario prior to answering the question

  You have been appointed as senior architect working for an autonomous driving technology development company. The mission of the company is to build an industry leading unified technology and software platform to support connected cars and autonomous driving.

  The company uses the TOGAF Standard as the basis for its Enterprise Architecture (EA) framework. Architecture development within the company follows the purpose-based EA Capability model as described in the TOGAF Series Guide: A Practitioners'Approach to Developing Enterprise Architecture Following The TOGAF ADM. An architecture to support strategy has been completed defining a long-range Target Architecture with a roadmap spanning five years. This has identified the need for a portfolio of projects over the next two years. The portfolio includes development of travel assistance systems using swarm data from vehicles on the road.

  The current phase of architecture development is focused on the Business Architecture which needs to support the core travel assistance services that the company plans to provide. The core services will manage and process the swarm data generated by vehicles, paving the way for autonomous driving in the future.

  The presentation and access to different variations of data that the company plans to offer through its platform poses an architecture challenge. The application portfolio needs to interact securely with various third-party cloud services, and V2X (Vehicle-to-Everything) service providers in many countries to be able to manage the data at scale. The security of V2X is a key concern for the stakeholders. Regulators have stated that the user's privacy be always protected, for example, so that the drivers' journey cannot be tracked or reconstructed by compiling data sent or received by the car.

  Refer to the scenario

  You have been asked to describe the risk and security considerations you would include in the current phase of the architecture development?

  Based on the TOGAF standard which of the following is the best answer?

  A. You will focus on the relationship with the third parties required for the travel assistance systems and define a trust framework. This will describe the relationship with each party. Digital certificates are a key part of the framework and will be used to create trust between parties. You will monitor legal and regulatory changes across all the countries to keep the trust framework in compliance.
  B. You will perform a qualitative risk assessment for the data assets exchanged with partners. This will deliver a set of priorities, high to medium to low, based on identified threats, the likelihood of occurrence, and the impact if it did occur. Using the priorities, you would then develop a Business Risk Model which will detail the risk strategy including classifications to determine what mitigation is enough.
  C. You will focus on data quality as it is a key factor in risk management. You will identify the datasets that need to be safeguarded. For each dataset, you will assign ownership and responsibility for the quality of data needs. A security classification will be defined and applied to each dataset. The dataset owner will then be able to authorize processes that are trusted for a certain activity on the dataset under certain circumstances.
  D. You will create a security domain model so that assets with the same level can be managed under one security policy. Since data is being shared across partners, you will establish a security federation to include them. This would include contractual arrangements, and a definition of the responsibility areas for the data exchanged, as well as security implications. You would undertake a risk assessment determining risks relevant to specific data assets.
  D. You will create a security domain model so that assets with the same level can be managed under one security policy. Since data is being shared across partners, you will establish a security federation to include them. This would include contractual arrangements, and a definition of the responsibility areas for the data exchanged, as well as security implications. You would undertake a risk assessment determining risks relevant to specific data assets.

  ---

  Explanation

  A security domain model is a technique that can be used to define the security requirements and policies for the architecture. A security domain is a grouping of assets that share a common level of security and trust. A security policy is a set of rules and procedures that govern the access and protection of the assets within a security domain. A security domain model can help to identify the security domains, the assets within each domain, the security policies for each domain, and the relationships and dependencies between the domains1 Since the data is being shared across partners, a security federation is needed to establish a trust relationship and a common security framework among the different parties. A security federation is a collection of security domains that have agreed to interoperate under a set of shared security policies and standards. A security federation can enable secure data exchange and collaboration across organizational boundaries, while preserving the autonomy and privacy of each party. A security federation requires contractual arrangements, and a definition of the responsibility areas for the data exchanged, as well as security implications2 A risk assessment is a process that identifies, analyzes, and evaluates the risks that may affect the architecture. A risk assessment can help to determine the likelihood and impact of the threats and vulnerabilities that may compromise the security and privacy of the data assets. A risk assessment can also help to prioritize and mitigate the risks, and to monitor and review the risk situation3 Therefore, the best answer is D, because it describes the risk and security considerations that would be included in the current phase of the architecture development, which is focused on the Business Architecture. The answer covers the security domain model, the security federation, and the risk assessment techniques that are relevant to the scenario.

  References: 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 35: Security Architecture and the ADM 2: The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 38: Security Architecture 3: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 32: Risk Management

• Question 74:

  Consider the graphic illustrating a method supporting the TOGAF ADM.

  

  What does the method help identify?

  A. Architecture Solutions
  B. Business Scenarios
  C. Solution Building Blocks
  D. Alternative Target Architectures
  D. Alternative Target Architectures

  ---

  Explanation

  https://pubs.opengroup.org/togaf-standard/adm-techniques/chap10.html (figure 10 -1)

• Question 75:

  In which phase of the ADM cycle do building blocks become implementation-specific?

  A. Phase B
  B. Phase C
  C. Phase D
  D. Phase E
  D. Phase E

  ---

  Explanation

  Building blocks are reusable components of business, IT, or architectural capability that can be combined to deliver architectures and solutions. Building blocks can be defined at various levels of detail, depending on the stage of architecture development. In the earlier phases of the ADM cycle (A to D), building blocks are defined in generic terms, such as logical or physical, to provide a high-level view of the architecture. In Phase

  E: Opportunities and Solutions, building blocks become implementation-specific, meaning that they are linked to specific products, standards, technologies, and vendors that are available in the market. This phase also identifies the delivery vehicles, such as projects, programs, or portfolios, that will realize the building blocks12

  References: 1: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 23: Phase E: Opportunities and Solutions 2: The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 36: Building Blocks

• Question 76:

  Which of the following describes a purpose of Architecture Principles?

  A. To describe likely impacts resulting from successful deployment of the target architecture.
  B. To establish a common understanding of how to control the business in pursuit of strategic objectives
  C. To provide a better understanding about the enterprise's culture and values
  D. To form a contract between sponsoring organization and the enterprise architects
  C. To provide a better understanding about the enterprise's culture and values

  ---

  Explanation

  https://pubs.opengroup.org/togaf-standard/togaf-leaders-guide/togaf-leaders-guide_4.html

• Question 77:

  Complete the sentence. The four purposes that typically frame the planning horizon, depth and breadth of an Architecture Project, and the contents of the EA Repository are Strategy, Portfolio, ___________.

  A. Project, and Solution Delivery.
  B. Discreet, and Cohesive.
  C. Subordinate, and Superior Architecture.
  D. Segment, and End-to-end Target Architecture.
  A. Project, and Solution Delivery.

  ---

  Explanation

  https://pubs.opengroup.org/togaf-standard/adm-practitioners/adm-practitioners_3.html

• Question 78:

  Complete the following sentence. In the ADM documents which are under development and have not undergone any formal review and approval process are_______________.

  A. called “draft1”
  B. Invalid
  C. In between phases
  D. Known as `'Version 0.1''
  A. called “draft1”

  ---

  Explanation

  In the ADM documents which are under development and have not undergone any formal review and approval process are called "draft". This indicates that they are subject to change and refinement as the architecture development progresses.

  The TOGAF Standard | The Open Group Website, Section 4.2.5 Architecture Deliverables.

• Question 79:

  Which of the following best describes the Standards Library?

  A. A repository area holding processes to support governance of the Architecture Repository
  B. A repository area holding a record of the governance activity across the enterprise
  C. A repository area holding guidelines and templates used to create new architectures
  D. A repository area holding specifications to which architectures must conform
  D. A repository area holding specifications to which architectures must conform

  ---

  Explanation

  7.4.1 Overview

  The Standards Library provides a repository area to hold a set of specifications, to which architectures must conform.

  https://pubs.opengroup.org/togaf-standard/architecture-content/chap07.html#tag_07_04

• Question 80:

  Scenario

  Your role is that of an Enterprise Architect, reporting to the Chief Enterprise Architect, at a technology company.

  The company uses the TOGAF standard as the method and guiding framework for its Enterprise Architecture (EA) practice. The Chief Technology Officer (CTO) is the sponsor of the activity. The EA practice uses an iterative approach for its architecture development. This has enabled the decision-makers to gain valuable insights into the different aspects of the business.

  The nature of the business is such that the data and the information stored on the company systems is the company's major asset and is highly confidential. The company employees travel a lot for work and need to communicate over public infrastructure. They use message encryption, secure internet connections using Virtual Private Networks (VPNs), and other standard security measures. The company has provided computer security awareness training for all its staff. However, despite good education and system security, there is still a need to rely on third-party suppliers for infrastructure and software.

  The Chief Security Officer (CSO) has noted an increase in ransomware (malicious software used in ransom demands) attacks on companies with a similar profile. The CSO recognizes that no matter how much is spent on education and support, the company could be a victim of a significant attack that could completely lock them out of their important data. A risk assessment has been completed, and the company has looked for cyber insurance that covers ransomware. The price for this insurance is very high. The CTO recently saw a survey that said 1 out of 4 businesses that paid ransoms could not get their data back, and almost thesame number were able to recover the data without paying. The CTO has decided not to get cyber insurance to cover ransom payment.

  You have been asked to describe the steps you would take to strengthen the current architecture to improve data protection.

  Based on the TOGAF standard, which of the following is the best answer?

  A. You would ensure that the company has in place up-to-date processes for managing change to the current Enterprise Architecture. Based on the scope of the concerns raised, you recommend that this be managed at the infrastructure level. Changes should be made to the baseline description of the Technology Architecture. The changes should be approved by the Architecture Board and implemented by change management techniques.
  B. You would request an Architecture Compliance Review with the scope to examine the company's ability to respond to ransomware attacks. You would identify the departments involved and have them nominate representatives. You would then tailor checklists to address the requirement for increased resilience. You would circulate to the nominated representatives for them to complete. You would then review the completed checklists, identifying and resolving issues. You would then determine and present your recommendations.
  C. You would monitor for technology updates from your existing suppliers that could enhance the company's capabilities to detect, react, and recover from an IT security incident. You would prepare and run a disaster recovery planning exercise for a ransomware attack and analyze the performance of the current Enterprise Architecture. Using the findings, you would prepare a gap analysis of the current Enterprise Architecture. You would prepare change requests to address identified gaps. You would add the changes implemented to the Architecture Repository.
  D. You would assess business continuity requirements and analyze the current Enterprise Architecture for gaps. You would recommend changes to address the situation and create a change request. You would engage the Architecture Board to assess and approve the change request. Once approved, you would create a new Request for Architecture Work to begin an ADM cycle to implement the changes.
  B. You would request an Architecture Compliance Review with the scope to examine the company's ability to respond to ransomware attacks. You would identify the departments involved and have them nominate representatives. You would then tailor checklists to address the requirement for increased resilience. You would circulate to the nominated representatives for them to complete. You would then review the completed checklists, identifying and resolving issues. You would then determine and present your recommendations.

  ---

  Explanation