Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.

Exam OGEA-102 Topic 1 Question 32 Discussion

Actual exam question for The Open Group's OGEA-102 exam
Question #: 32
Topic #: 1
Please read this scenario prior to answering the question
You are employed as an Enterprise Architect at a technology company, reporting directly to the Chief Enterprise Architect. The company supplies personnel and delivers cloud- based solutions to numerous government agencies.
The nature of the business is such that the data and the information stored on the company systems is the company's major asset and is highly confidential. The company employees work remotely and need constant access to the company systems, which is done by the public infrastructure. They use message encryption, secure internet connections using Virtual Private Networks (VPNs), and other standard security measures. The company provides computer security awareness training for all its staff.
The Chief Security Officer (CSO) has noted an increase in distributed denial of service (DDoS) attacks on companies with a similar profile. The CSO understands that even with thorough preparation, a major attack could stop employees from being able to do their jobs. This could lead to a large financial loss, damage to the company's reputation with customers, and employees being unable to work.
A risk assessment has been completed and the company has looked for cyber insurance that covers such attacks. The price for this insurance is very high. The CTO has decided not to get cyber insurance to cover such attacks.
The company follows the TOGAF standard as the method and guiding framework for its Enterprise Architecture (EA) practice. The Chief Technology Officer (CTO) is the sponsor of the activity. The practice uses an iterative approach for its architecture development.
This has enabled the decision makers to gain valuable insights into the different aspects of the business Please read this scenario prior to answering the question You have been asked to describe the steps you would take to strengthen the current architecture to improve data protection.
Based on the TOGAF standard which of the following is the best answer?

Suggested Answer: B Vote an answer

In this scenario, the CTO has not purchased cyber-insurance, the CSO is concerned about increased DDoS risk, and YOU (the EA) are asked "to describe the steps you would take to strengthen the current architecture to improve data protection." Because the company follows the TOGAF standard and uses an iterative ADM cycle, the correct response must:
Start with the risk/continuity concern
Use the formal TOGAF change management process
Lead to a Request for Architecture Work
Initiate a new ADM cycle to update the architecture properly
Ensure Architecture Board governance
Option B is the only answer that matches TOGAF's required process.
✔ Why Option B is correct (TOGAF-aligned)
Option B follows TOGAF's Architecture Change Management (Phase H) process:
Assess the business continuity requirements
- Correct: Phase H requires evaluating change triggers such as new risks, threats, or incidents.
- DDoS risk → business continuity concern → legitimate architecture change trigger.
Analyze the current architecture for gaps
- Correct: TOGAF Phase H requires assessing whether the current baseline architecture can support required resilience.
Create a formal Change Request
- Exactly correct: Phase H outputs Architecture Change Requests (ACRs) for significant changes.
- ACR includes description, rationale, and impact (in this case: resilience, continuity, and data protection).
Architecture Board reviews/approves the change request
- Correct: All major architecture changes must go through Architecture Governance.
Create a new Request for Architecture Work (RFAW)
- Required when the change is significant and needs a new ADM cycle.
- Strengthening data protection and business continuity DEFINITELY qualifies as a major change.
Begin a new ADM cycle to implement the changes
- Perfectly aligned with TOGAF's iterative approach:
Business continuity → update Technology Architecture → updated security patterns → updated Target Architecture.
This is exactly the TOGAF-prescribed method to strengthen an architecture when significant new risks appear.
Therefore, Option B is the correct and TOGAF-compliant answer.
✘ Why the other options are incorrect
A - Not TOGAF-aligned
Starts with vendors and simulations (not TOGAF-first steps).
No mention of Architecture Board or Change Management.
No Request for Architecture Work.
Gap analysis alone is not the first step for significant architectural risk.
C - Too narrow and skips TOGAF governance
Jumps straight to modifying the Technology Architecture baseline.
No Change Request, no RFAW, no ADM cycle initiation.
Recommends a solution ("DDoS mitigation at infrastructure level") before architectural assessment.
D - Misuses Architecture Compliance Review
Architecture Compliance Reviews check conformity to an existing architecture-not evaluate new risks or design resilience enhancements.
A compliance review is not the correct first step for addressing new threats.

by Lawrence at Jan 25, 2026, 08:37 PM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.