Please read this scenario prior to answering the question
You are working as Chief Enterprise Architect at a large Internet company. The company has many divisions, ranging from cloud to logistics. The company has grown rapidly, expanding from initially selling physical books and media to a range of services including an online marketplace, live-streaming. eBooks. and cloud services.
Overall management of the numerous divisions has become challenging. Recent high-profile projects have overrun on budget and under delivered, damaging the company’s reputation, and adversely impacting its share price. There is a widely held view within the executive management that the organization structure has played a major role in these project failures.
The company has an established Enterprise Architecture program based on the TOGAF standard, sponsored jointly by the Chief Executive Officer (CEO) and Chief Information Officer (CIO). The CEO has decided that the company needs to reorganize its divisions around artificial intelligence and machine learning with a focus on automation. The CEO has worked with the Enterprise Architects to create a strategic architecture for the reorganization, including an Architecture Vision, together with definitions for the four domain architectures. This sets out an ambitious vision of the future of the company over a three-year period. This includes a set of work packages and includes three distinct transformations.
The CIO has made it clear that prior to the approval of the detailed Implementation and Migration plan, the EAteam will need to assess the risks associated with the proposed architecture. He has received concerns from key stakeholders across the company that the proposed reorganization may be too ambitious and there is doubt whether it can produce sufficient value to warrant the risks. Refer to the scenario
You have been asked to recommend an approach to satisfy these concerns.
Based on the TOGAF Standard, which of the following is the best answer?
- A . The Enterprise Architects should evaluate the organization’s readiness to undergo change. This will allow the risks associated with the transformations to be identified, classified, and mitigated for. This should include identifying dependencies between the set of changes, including gaps and work packages. It will also identify improvement actions to be worked into the Implementation and Migration Plan. The business value, effort, and risk associated for each transformation should be determined.
- B . The Enterprise Architects should bring together information about potential approaches and produce several alternative target transition architectures. They should then investigate the different architecture alternatives and discuss these with stakeholders using the Architecture Alternatives and Trade-offs technique. Once the target architecture has been selected, it should be analyzed using a state evolution table to determine the Transition Architectures. A value realization process should then be established to ensure that the concerns raised are addressed.
- C . Establishing interoperability in alignment with the corporate operating model will ensure risks are minimized. The Enterprise Architects should apply an interoperability analysis to evaluate any potential issues across the architecture. This should include the development of a matrix showing the interoperability requirements. These can then be included within the transformation strategy embedded in the target transition architectures. The Enterprise Architects should then finalize the Architecture Roadmap and the Implementation and Migration Plan.
- D . Before preparing the detailed Implementation and Migration plan, the Enterprise Architects should review and consolidate the gap analysis results from Phases B to This will identify the transformations required to achieve the proposed Target Architecture. The Enterprise Architects should then assess the readiness of the organization to undergo change and determine an overall direction to address and mitigate risks identified. The Transition Architecture should then be planned to use a state evolution table.
A
Explanation:
The Business Transformation Readiness Assessment is a technique that can be used to evaluate the readiness of the organization to undergo change and to identify the actions needed to increase the likelihood of a successful business transformation. This technique can help to address the concerns of the key stakeholders about the risks and value of the proposed reorganization. The technique involves assessing the following aspects of the organization: vision, commitment, capacity, capability, culture, and communication. Based on the assessment, the risks associated with the transformations can be identified, classified, and mitigated for. The technique also helps to identify the dependencies between the set of changes, including gaps and work packages, and the improvement actions to be worked into the Implementation and Migration Plan. The technique also supports the determination of the business value, effort, and risk associated for each transformation, which can be used to prioritize and sequence the work packages and the Transition Architectures1 References: 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 27: Business Transformation Readiness Assessment
Please read this scenario prior to answering the question
Your role is that of a senior architect, reporting to the Chief Enterprise Architect, at a medium-sized company with 400 employees. The nature of the business is such that the data and the information stored on the company systems is their major asset and is highly confidential.
The company employees travel extensively for work and must communicate over public infrastructure using message encryption, VPNs, and other standard safeguards. The company has invested in cybersecurity awareness training for all its staff. However, it is recognized that even with good education as well as system security, there is a dependency on third-parly suppliers of infrastructure and software.
The company uses the TOGAF standard as the method and guiding framework for its Enterprise Architecture (EA) practice. The CTO is the sponsor of the activity.
The Chief Security Officer (CSO) has noted an increase in ransomware (malicious software used in ransom demands) attacks on companies with a similar profile. The CSO recognizes that no matter how much is spent on education, and support, it is likely just a matter of time before the company suffers a significant attack that could completely lock them out of their information assets. A risk assessment has been done and the company has sought cyber insurance that includes ransomware coverage. The quotation for this insurance is hugely expensive. The CTO has recently read a survey that stated that one in four organizations paying ransoms were still unable to recover their data, while nearly as many were able to recover the data without paying a ransom. The CTO has concluded that taking out cyber insurance in case they need to pay a ransom is not an option. Refer to the scenario
You have been asked to describe the steps you would take to improve the resilience of the current architecture?
Based on the TOGAF standard which of the following is the best answer?
- A . You would determine business continuity requirements, and undertake a gap analysis of the current Enterprise Architecture. You would make recommendations for change requirements to address the situation and create a change request. You would manage a meeting of the Architecture Board to assess and approve the change request. Once approved you would produce a new Request for Architecture Work to activate an ADM cycle to carry out a project to define the change.
- B . You would monitor for technology changes from your existing suppliers that could improve resilience. You would prepare and run a disaster recovery planning exercise for a ransomware attack and analyze the performance of the current Enterprise Architecture. Using the findings, you would prepare a gap analysis of the current Enterprise Architecture. You would prepare change requests to address identified gaps. You would add the changes implemented to the Architecture Repository.
- C . You would ensure that the company has in place up-to-date processes for managing change to the current Enterprise Architecture. Based on the scope of the concerns raised you recommend that this be managed at the infrastructure level. Changes should be made to the baseline description of the Technology Architecture. The changes should be approved by the Architecture Board and implemented by change management techniques.
- D . You would request an Architecture Compliance Review with the scope to examine the company’s resilience to ransomware attacks. You would identify the departments involved and have them nominate representatives. You would then tailor checklists to address the requirement for increased resilience. You would circulate to the nominated representatives for them to complete. You would then review the completed checklists, identifying and resolving issues. You would then determine and present your recommendations.
A
Explanation:
Business continuity is the ability of an organization to maintain essential functions during and after a disaster or disruption. Business continuity requirements are the specifications and criteria that define the acceptable level of performance and availability of the business processes and services in the event of a disaster or disruption. A gap analysis is a technique that compares the current state of the architecture with the desired state, and identifies the gaps or differences that need to be addressed. A change request is a formal proposal for an amendment to some product or system, such as the architecture. A Request for Architecture Work is a document that describes the scope, approach, and expected outcomes of an architecture project123
The best answer is A, because it describes the steps that would improve the resilience of the current architecture, which is the ability to withstand and recover from a ransomware attack or any other disruption.
The steps are:
Determine the business continuity requirements, which specify the minimum acceptable level of
performance and availability of the business processes and services in case of a ransomware attack. This would involve identifying the critical business functions, the recovery time objectives, the recovery point objectives, and the dependencies and resources needed for recovery.
Undertake a gap analysis of the current Enterprise Architecture, which compares the current state of the architecture with the desired state based on the business continuity requirements. This would involve assessing the strengths and weaknesses of the current architecture, the risks and opportunities for improvement, and the gaps or differences that need to be addressed.
Make recommendations for change requirements to address the situation and create a change request. This would involve proposing solutions and alternatives to close the gaps, enhance the resilience, and mitigate the risks of the current architecture. The change request would document the rationale, scope, impact, and benefits of the proposed changes, and seek approval from the relevant stakeholders.
Manage a meeting of the Architecture Board to assess and approve the change request. The Architecture Board is a governance body that oversees the architecture work and ensures compliance with the architecture principles, standards, and goals. The meeting would involve presenting the change request, discussing the pros and cons, resolving any issues or conflicts, and obtaining the approval or rejection of the change request.
Once approved, produce a new Request for Architecture Work to activate an ADM cycle to carry out a project to define the change. The Request for Architecture Work would describe the scope, approach, and expected outcomes of the architecture project that would implement the approved change request. The Request for Architecture Work would initiate a new cycle of the Architecture Development Method (ADM), which is the core process of the TOGAF standard that guides the development and management of the enterprise architecture.
References: 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter
33: Business Scenarios 2: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 30: Gap Analysis 3: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 31: Architecture Change Management: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 7: Request for Architecture Work: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 34: Business Transformation Readiness Assessment: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 30: Gap Analysis: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 31: Architecture Change Management: The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 50: Architecture Governance: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 7: Request for Architecture Work
Please read this scenario prior to answering the question
You are serving as the Lead Architect for an Enterprise Architecture team within a leading multinational biotechnology company. The company works in three major industries, including healthcare, crop production, and agriculture. Your team works within the healthcare division. The healthcare division is developing a new vaccine, and has to demonstrate its effectiveness and safety in a set of clinical trials that satisfy the regulatory requirements of the relevant health authorities. The clinical trials are undertaken by its research laboratories at multiple facilities worldwide. In addition to internal research and development activities, the healthcare division is also involved in publicly funded collaborative research projects with industrial and academic partners.
The Enterprise Architecture team has been engaged in an architecture project to develop a secure system that will allow the healthcare researchers to share information more easily about their clinical trials, and work more collaboratively across the organization and also with its partners. This system will also connect with external partners.
The Enterprise Architecture team uses the TOGAF ADM with extensions required to support healthcare manufacturing practices and laboratory practices. Due to the highly sensitive nature of the information that is managed, special care has been taken to ensure that each architecture domain considers the security and privacy issues that are relevant.
The Vice President for Worldwide Clinical Research is the sponsor of the Enterprise Architecture
activity. She has stated that disruptions must be minimized for the clinical trials, and that the rollout
must be undertaken incrementally.
Refer to the scenario
You have been asked to recommend the approach to identify the work packages for an incremental rollout meeting the requirements.
Based on the TOGAF standard which of the following is the best answer?
- A . You recommend that the Solution Building Blocks from a Consolidated Gaps, Solutions and Dependencies Matrix be grouped into a set of work packages. Using the matrix as a planning tool, regroup the work packages to account for dependencies. Sequence the work packages into the Capability Increments needed to achieve the Target Architecture, so that the implementation team can schedule the rollout one region at a time to minimize disruption. Document the work packages for the Enterprise Architecture using a Transition Architecture State Evolution Table.
- B . You recommend that a Consolidated Gaps. Solutions and Dependencies Matrix is used as a planning tool for creating work packages. For each gap classify whether the solution is either a new development, purchased solution, or based on an existing product. Group the similar solutions together to define the work packages. Regroup the work packages into a set of Capability Increments to transition to the Target Architecture considering the schedule for clinical trials, and document in an Architecture Definition Increments Table.
- C . You recommend that an Implementation Factor Catalog is drawn up to indicate actions and constraints. A Consolidated Gaps. Solutions and Dependencies Matrix should also be created. For each gap. identify a proposed solution and classify it as new development, purchased solution, or based on an existing product. Group similar activities together to form work packages. Identify dependencies between work packages factoring in the clinical trial schedules. Regroup the work packages into a set of Capability Increments scheduled into a series of Transition Architectures.
- D . You recommend that the set of required Solution Building Blocks be determined by identifying those which need to be developed and which need to be procured. Eliminate any duplicates. Group the remaining Solution Building Blocks together to create the work packages using a CRUD (create, read, update, delete) matrix. Rank the work packages and select the most cost-effective options for inclusion in a series of Transition Architectures. Schedule the roll out of the work packages to be sequential across the geographic regions.
B
Explanation:
A Consolidated Gaps, Solutions and Dependencies Matrix is a technique that can be used to create work packages for an incremental rollout of the architecture. A work package is a set of actions or tasks that are required to implement a specific part of the architecture. A work package can be associated with one or more Architecture Building Blocks (ABBs) or Solution Building Blocks (SBBs), which are reusable components of business, IT, or architectural capability. A work package can also be associated with one or more Capability Increments, which are defined, discrete portions of the overall capability that deliver business value. A Capability Increment can be realized by one or more Transition Architectures, which are intermediate states of the architecture that enable the transition from the Baseline Architecture to the Target Architecture123
The steps for creating work packages using this technique are:
For each gap between the Baseline Architecture and the Target Architecture, identify a proposed solution and classify it as new development, purchased solution, or based on an existing product. A gap is a difference or deficiency in the current state of the architecture that needs to be addressed by the future state of the architecture. A solution is a way of resolving a gap by implementing one or more ABBs or SBBs.
Group similar solutions together to define the work packages. Similar solutions are those that have common characteristics, such as functionality, technology, vendor, or location.
Identify dependencies between work packages, such as logical, temporal, or resource dependencies. Dependencies indicate the order or priority of the work packages, and the constraints or risks that may affect their implementation.
Regroup the work packages into a set of Capability Increments to transition to the Target Architecture. Capability Increments should be defined based on the business value, effort, and risk associated with each work package, and the schedule and objectives of the clinical trials. Capability Increments should also be aligned with the Architecture Vision and the Architecture Principles. Document the work packages and the Capability Increments in an Architecture Definition Increments Table, which shows the mapping between the work packages, the ABBs, the SBBs, and the Capability Increments. The table also shows the dependencies, assumptions, and issues related to each work package and Capability Increment.
Therefore, the best answer is B, because it describes the approach to identify the work packages for an incremental rollout meeting the requirements, using the Consolidated Gaps, Solutions and Dependencies Matrix as a planning tool.
References: 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter
30: Gap Analysis 2: The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 36: Building Blocks 3: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 31: Architecture Change Management: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 23: Phase E: Opportunities and Solutions: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 21: Phase F: Migration Planning: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18: Phase A: Architecture Vision: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 23: Architecture Principles
Please read this scenario prior to answering the question
You have been appointed as senior architect working for an autonomous driving technology development company. The mission of the company is to build an industry leading unified technology and software platform to support connected cars and autonomous driving.
The company uses the TOGAF Standard as the basis for its Enterprise Architecture (EA) framework. Architecture development within the company follows the purpose-based EA Capability model as described in the TOGAF Series Guide: A Practitioners’Approach to Developing Enterprise Architecture Following the TOGAF® ADM.
An architecture to support strategy has been completed defining a long-range Target Architecture
with a roadmap spanning five years. This has identified the need for a portfolio of projects over the next two years. The portfolio includes development of travel assistance systems using swarm data from vehicles on the road.
The current phase of architecture development is focused on the Business Architecture which needs to support the core travel assistance services that the company plans to provide. The core services will manage and process the swarm data generated by vehicles, paving the way for autonomous driving in the future.
The presentation and access to different variations of data that the company plans to offer through its platform poses an architecture challenge. The application portfolio needs to interact securely with various third-party cloud services, and V2X (Vehicle-to-Everything) service providers in many countries to be able to manage the data at scale. The security of V2X is a key concern for the stakeholders. Regulators have stated that the user’s privacy be always protected, for example, so that the drivers’ journey cannot be tracked or reconstructed by compiling data sent or received by the car. Refer to the scenario
You have been asked to describe the risk and security considerations you would include in the current phase of the architecture development?
Based on the TOGAF standard which of the following is the best answer?
- A . You will focus on the relationship with the third parties required for the travel assistance systems and define a trust framework. This will describe the relationship with each party. Digital certificates are a key part of the framework and will be used to create trust between parties. You will monitor legal and regulatory changes across all the countries to keep the trust framework in compliance.
- B . You will perform a qualitative risk assessment for the data assets exchanged with partners. This will deliver a set of priorities, high to medium to low, based on identified threats, the likelihood of occurrence, and the impact if it did occur. Using the priorities, you would then develop a Business Risk Model which will detail the risk strategy including classifications to determine what mitigation is enough.
- C . You will focus on data quality as it is a key factor in risk management. You will identify the datasets that need to be safeguarded. For each dataset, you will assign ownership and responsibility for the quality of data needs. A security classification will be defined and applied to each dataset. The dataset owner will then be able to authorize processes that are trusted for a certain activity on the dataset under certain circumstances.
- D . You will create a security domain model so that assets with the same level can be managed under one security policy. Since data is being shared across partners, you will establish a security federation to include them. This would include contractual arrangements, and a definition of the responsibility areas for the data exchanged, as well as security implications. You would undertake a risk assessment determining risks relevant to specific data assets.
D
Explanation:
A security domain model is a technique that can be used to define the security requirements and policies for the architecture. A security domain is a grouping of assets that share a common level of security and trust. A security policy is a set of rules and procedures that govern the access and protection of the assets within a security domain. A security domain model can help to identify the security domains, the assets within each domain, the security policies for each domain, and the relationships and dependencies between the domains1
Since the data is being shared across partners, a security federation is needed to establish a trust
relationship and a common security framework among the different parties. A security federation is a collection of security domains that have agreed to interoperate under a set of shared security policies and standards. A security federation can enable secure data exchange and collaboration across organizational boundaries, while preserving the autonomy and privacy of each party. A security federation requires contractual arrangements, and a definition of the responsibility areas for the data exchanged, as well as security implications2
A risk assessment is a process that identifies, analyzes, and evaluates the risks that may affect the architecture. A risk assessment can help to determine the likelihood and impact of the threats and vulnerabilities that may compromise the security and privacy of the data assets. A risk assessment can also help to prioritize and mitigate the risks, and to monitor and review the risk situation3 Therefore, the best answer is D, because it describes the risk and security considerations that would be included in the current phase of the architecture development, which is focused on the Business Architecture. The answer covers the security domain model, the security federation, and the risk assessment techniques that are relevant to the scenario.
References: 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter
35: Security Architecture and the ADM 2: The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 38: Security Architecture 3: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 32: Risk Management
Please read this scenario prior to answering the question
You are the Lead Enterprise Architect at a major agribusiness company. The company’s main harvest is lentils, a highly valued food grown worldwide. The lentil parasite, broomrape, has been an increasing concern for many years and is now becoming resistant to chemical controls. In addition, changes in climate favor the propagation and growth of the parasite. As a result, the parasite cannot realistically be exterminated, and it has become pandemic, with lentil yields falling globally.
In response to the situation, the CEO has decided that the lentil fields will be used for another harvest. The company will also cease to process third-party lentils and will repurpose its processing plants. Thus, the target market will change, and the end-products will be different and more varied. The company has recently established an Enterprise Architecture practice based on the TOGAF standard as method and guiding framework. The CIO is the sponsor of the activity. A formal request for architecture change has been approved. At this stage there is no fixed scope, shared vision, or objectives.
Refer to the scenario
You have been asked to propose the best approach for architecture development to realize the CEO’s change in direction for the company.
Based on the TOGAF standard which of the following is the best answer?
- A . You propose that this engagement define the baseline Technology Architecture first in order to assess the current infrastructure capacity and capability for the company. Then the focus should be on transition planning and incremental architecture deployment. This will identify requirements to ensure that the projects are sequenced in an optimal fashion so as to realize the change.
- B . You propose that the team uses the architecture definition document and focus on architecture development starting simultaneously phases B, C and D. This is because the CEO has identified the need to change. This will ensure that the change can be defined in a structured manner and address the requirements needed to realize the change.
- C . You propose that the team focus on architecture definition including development of business models, with emphasis on defining the change parameters to support this new business strategy that the CEO has identified. Once understood, the team will be in the best position to identify the requirements, drivers, issues, and constraints for the change.
- D . You propose that the priority is to produce a new Request for Architecture Work leading to development of a new Architecture Vision. The trade-off method should be applied to identify and select an architecture satisfying the stakeholders. For an efficient change the EA team should be aligned with the organization’s planning, budgeting, operational, and change processes.
D
Explanation:
A Request for Architecture Work is a document that describes the scope, approach, and expected outcomes of an architecture project. A Request for Architecture Work is usually initiated by the sponsor or client of the architecture work, and approved by the Architecture Board, which is a governance body that oversees the architecture work and ensures compliance with the architecture principles, standards, and goals. A Request for Architecture Work triggers a new cycle of the Architecture Development Method (ADM), which is the core process of the TOGAF standard that guides the development and management of the enterprise architecture12
An Architecture Vision is a high-level description of the desired outcomes and benefits of the proposed architecture. An Architecture Vision is the output of Phase A: Architecture Vision of the ADM cycle, which is the first phase of the architecture development. An Architecture Vision defines the scope and approach of the architecture work, and establishes the business goals and drivers that motivate the architecture work. An Architecture Vision also involves obtaining the approval and commitment of the sponsors and other key stakeholders, and initiating the Architecture Governance process3
A trade-off analysis is a technique that can be used to evaluate and compare different architecture alternatives and select the most suitable one. A trade-off analysis involves identifying the criteria and factors that are relevant to the decision, such as costs, benefits, risks, and opportunities, and assessing the strengths and weaknesses of each alternative. A trade-off analysis also involves balancing and reconciling the multiple, often conflicting, requirements and concerns of the stakeholders, and ensuring alignment with the Architecture Vision and the Architecture Principles. Therefore, the best answer is D, because it proposes the best approach for architecture development to realize the CEO’s change in direction for the company. The answer covers the Request for Architecture Work, the Architecture Vision, and the trade-off analysis techniques that are relevant to the scenario.
References: 1: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 7: Request for Architecture Work 2: The TOGAF Standard, Version 9.2, Part VI: Architecture
Capability Framework, Chapter 50: Architecture Governance 3: The TOGAF Standard, Version 9.2,
Part II: Architecture Development Method (ADM), Chapter 18: Phase A: Architecture Vision: The
TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 30: Trade-Off Analysis