Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.
Actual exam question for The Open Group's OGEA-103 exam Question #: 26 Topic #: 4
Scenario Your role is that of an Enterprise Architect, reporting to the Chief Enterprise Architect, at a technology company. The company uses the TOGAF standard as the method and guiding framework for its Enterprise Architecture (EA) practice. The Chief Technology Officer (CTO) is the sponsor of the activity. The EA practice uses an iterative approach for its architecture development. This has enabled the decision-makers to gain valuable insights into the different aspects of the business. The nature of the business is such that the data and the information stored on the company systems is the company's major asset and is highly confidential. The company employees travel a lot for work and need to communicate over public infrastructure. They use message encryption, secure internet connections using Virtual Private Networks (VPNs), and other standard security measures. The company has provided computer security awareness training for all its staff. However, despite good education and system security, there is still a need to rely on third-party suppliers for infrastructure and software. The Chief Security Officer (CSO) has noted an increase in ransomware (malicious software used in ransom demands) attacks on companies with a similar profile. The CSO recognizes that no matter how much is spent on education and support, the company could be a victim of a significant attack that could completely lock them out of their important data. A risk assessment has been completed, and the company has looked for cyber insurance that covers ransomware. The price for this insurance is very high. The CTO recently saw a survey that said 1 out of 4 businesses that paid ransoms could not get their data back, and almost thesame number were able to recover the data without paying. The CTO has decided not to get cyber insurance to cover ransom payment. You have been asked to describe the steps you would take to strengthen the current architecture to improve data protection. Based on the TOGAF standard, which of the following is the best answer?
Comprehensive and Detailed Step-by-Step Explanation Context of the Scenario The scenario highlights significant risks due to ransomware attacks and the need to strengthen the company's Enterprise Architecture to improve data protection and resilience. TOGAF emphasizes the Architecture Compliance Review as a mechanism for ensuring the architecturemeets its objectives and addresses specific concerns such as security, resilience, and compliance with organizational goals. The organization has already conducted a risk assessment but requires actionable steps to: Address ransomware attack risks. Increase the resilience of the Technology Architecture. Ensure proper alignment with governance and compliance frameworks. Option Analysis Option A: Strengths: Highlights the need for up-to-date processes for managing changes in the Enterprise Architecture. Recognizes the importance of governance through the Architecture Board and change management techniques. Weaknesses: The approach focuses solely on the Technology Architecture baseline but does not address the need for specific steps such as compliance review, gap analysis, or tailored resilience measures for ransomware risks. It provides a broad and generic approach rather than a targeted plan for ransomware and data protection issues. Conclusion: Incorrect. While it adheres to governance processes, it lacks specific actions to improve resilience and address the immediate security concerns. Option B: Strengths: Proposes an Architecture Compliance Review, which is a core TOGAF process used to evaluate architecture implementation against defined objectives, ensuring it is fit for purpose. Involves identifying stakeholders (departments) and tailoring checklists specific to ransomware resilience. Emphasizes issue identification and resolution through structured review processes. Weaknesses: Does not explicitly address longer-term updates to the Enterprise Architecture, but this can be inferred as a next step following compliance recommendations. Conclusion: Correct. This is the most suitable approach based on TOGAF principles, as it uses an established process to evaluate and improve the architecture's resilience. Option C: Strengths: Includes monitoring for updates from suppliers to enhance detection and recovery capabilities, which is relevant to addressing ransomware risks. Proposes a gap analysis to identify shortcomings in the current Enterprise Architecture and recommends addressing gaps through change requests. Incorporates disaster recovery planning exercises, which are useful for testing resilience. Weaknesses: While thorough, the approach lacks the Architecture Compliance Review process, which is a more structured way to ensure the architecture meets resilience requirements. Monitoring suppliers and running disaster recovery exercises are operational steps rather than strategic architectural improvements. Conclusion: Incorrect. While it includes valid activities, it does not adhere to TOGAF's structured approach for architecture assessment and compliance. Option D: Strengths: Proposes analyzing business continuity requirements and assessing the architecture for gaps, which is relevant to the scenario. Suggests initiating an ADM cycle to address gaps, which aligns with TOGAF principles. Weaknesses: Focusing on initiating a new ADM cycle may be premature, as the immediate priority is to evaluate the existing architecture and address specific resilience concerns. Does not mention compliance review or tailored resilience measures for ransomware attacks, which are central to the scenario. Conclusion: Incorrect. It proposes a broader approach that may not adequately address the immediate concerns highlighted by the CSO. TOGAF References Architecture Compliance Review: A structured process used to evaluate whether an architecture meets the stated goals, objectives, and requirements (TOGAF 9.2, Chapter 19). It is particularly useful for identifying and addressing resilience requirements in scenarios involving security risks. Stakeholder Engagement: Identifying and involving stakeholders (e.g., departments) is a critical part of architecture governance and compliance review (TOGAF 9.2, Section 24.2). Change Management: The Architecture Compliance Review supports identifying necessary changes, which are then managed through governance and change management processes (TOGAF 9.2, Section 21.6). By choosing Option B, you align with TOGAF's structured approach to compliance, resilience, and addressing security concerns.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Is the comment made by USERNAME spam or abusive?
Commenting
In order to participate in the comments you need to be logged-in.
You can sign-up / login
(it's free).
Comments
ubiquituz
2025-08-25 15:39:48Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).