Please read this scenario prior to answering the question
Your role is that of a senior architect, reporting to the Chief Enterprise Architect, at a medium-sized company with 400 employees. The nature of the business is such that the data and the information stored on the company systems is their major asset and is highly confidential.
The company employees travel extensively for work and must communicate over public infrastructure using message encryption, VPNs, and other standard safeguards. The company has invested in cybersecurity awareness training for all its staff. However, it is recognized that even with good education as well as system security, there is a dependency on third-parly suppliers of infrastructure and software.
The company uses the TOGAF standard as the method and guiding framework for its Enterprise Architecture (EA) practice. The CTO is the sponsor of the activity.
The Chief Security Officer (CSO) has noted an increase in ransomware (malicious software used in ransom demands) attacks on companies with a similar profile. The CSO recognizes that no matter how much is spent on education, and support, it is likely just a matter of time before the company suffers a significant attack that could completely lock them out of their information assets.
A risk assessment has been done and the company has sought cyber insurance that includes ransomware coverage. The quotation for this insurance is hugely expensive. The CTO has recently read a survey that stated that one in four organizations paying ransoms were still unable to recover their data, while nearly as many were able to recover the data without paying a ransom. The CTO has concluded that taking out cyber insurance in case they need to pay a ransom is not an option.
Refer to the scenario
You have been asked to describe the steps you would take to improve the resilience of the current architecture?
Based on the TOGAF standard which of the following is the best answer?
The best answer is A, because it describes the steps that would improve the resilience of the current architecture, which is the ability to withstand and recover from a ransomware attack or any other disruption. The steps are:
Determine the business continuity requirements, which specify the minimum acceptable level of performance and availability of the business processes and services in case of a ransomware attack. This would involve identifying the critical business functions, the recovery time objectives, the recovery point objectives, and the dependencies and resources needed for recovery.
Undertake a gap analysis of the current Enterprise Architecture, which compares the current state of the architecture with the desired state based on the business continuity requirements. This would involve assessing the strengths and weaknesses of the current architecture, the risks and opportunities for improvement, and the gaps or differences that need to be addressed.
Make recommendations for change requirements to address the situation and create a change request. This would involve proposing solutions and alternatives to close the gaps, enhance the resilience, and mitigate the risks of the current architecture. The change request would document the rationale, scope, impact, and benefits of the proposed changes, and seek approval from the relevant stakeholders.
Manage a meeting of the Architecture Board to assess and approve the change request. The Architecture Board is a governance body that oversees the architecture work and ensures compliance with the architecture principles, standards, and goals. The meeting would involve presenting the change request, discussing the pros and cons, resolving any issues or conflicts, and obtaining the approval or rejection of the change request.
Once approved, produce a new Request for Architecture Work to activate an ADM cycle to carry out a project to define the change. The Request for Architecture Work would describe the scope, approach, and expected outcomes of the architecture project that would implement the approved change request. The Request for Architecture Work would initiate a new cycle of the Architecture Development Method (ADM), which is the core process of the TOGAF standard that guides the development and management of the enterprise architecture.
Please read this scenario prior to answering the question
You are serving as the Lead Architect for an Enterprise Architecture team within a leading multinational biotechnology company. The company works in three major industries, including healthcare, crop production, and agriculture. Your team works within the healthcare division.
The healthcare division is developing a new vaccine, and has to demonstrate its effectiveness and safety in a set of clinical trials that satisfy the regulatory requirements of the relevant health authorities. The clinical trials are undertaken by its research laboratories at multiple facilities worldwide. In addition to internal research and development activities, the healthcare division is also involved in publicly funded collaborative research projects with industrial and academic partners.
The Enterprise Architecture team has been engaged in an architecture project to develop a secure system that will allow the healthcare researchers to share information more easily about their clinical trials, and work more collaboratively across the organization and also with its partners. This system will also connect with external partners.
The Enterprise Architecture team uses the TOGAF ADM with extensions required to support healthcare manufacturing practices and laboratory practices. Due to the highly sensitive nature of the information that is managed, special care has been taken to ensure that each architecture domain considers the security and privacy issues that are relevant.
The Vice President for Worldwide Clinical Research is the sponsor of the Enterprise Architecture activity. She has stated that disruptions must be minimized for the clinical trials, and that the rollout must be undertaken incrementally.
Refer to the scenario
You have been asked to recommend the approach to identify the work packages for an incremental rollout meeting the requirements.
Based on the TOGAF standard which of the following is the best answer?
The steps for creating work packages using this technique are:
For each gap between the Baseline Architecture and the Target Architecture, identify a proposed solution and classify it as new development, purchased solution, or based on an existing product. A gap is a difference or deficiency in the current state of the architecture that needs to be addressed by the future state of the architecture. A solution is a way of resolving a gap by implementing one or more ABBs or SBBs.
Group similar solutions together to define the work packages. Similar solutions are those that have common characteristics, such as functionality, technology, vendor, or location.
Identify dependencies between work packages, such as logical, temporal, or resource dependencies. Dependencies indicate the order or priority of the work packages, and the constraints or risks that may affect their implementation.
Regroup the work packages into a set of Capability Increments to transition to the Target Architecture. Capability Increments should be defined based on the business value, effort, and risk associated with each work package, and the schedule and objectives of the clinical trials. Capability Increments should also be aligned with the Architecture Vision and the Architecture Principles.
Document the work packages and the Capability Increments in an Architecture Definition Increments Table, which shows the mapping between the work packages, the ABBs, the SBBs, and the Capability Increments. The table also shows the dependencies, assumptions, and issues related to each work package and Capability Increment.
Therefore, the best answer is B, because it describes the approach to identify the work packages for an incremental rollout meeting the requirements, using the Consolidated Gaps, Solutions and Dependencies Matrix as a planning tool.
Please read this scenario prior to answering the question
You have been appointed as senior architect working for an autonomous driving technology development company. The mission of the company is to build an industry leading unified technology and software platform to support connected cars and autonomous driving.
The company uses the TOGAF Standard as the basis for its Enterprise Architecture (EA) framework. Architecture development within the company follows the purpose-based EA Capability model as described in the TOGAF Series Guide: A Practitioners'Approach to Developing Enterprise Architecture Following the TOGAF ADM.
An architecture to support strategy has been completed defining a long-range Target Architecture with a roadmap spanning five years. This has identified the need for a portfolio of projects over the next two years. The portfolio includes development of travel assistance systems using swarm data from vehicles on the road.
The current phase of architecture development is focused on the Business Architecture which needs to support the core travel assistance services that the company plans to provide. The core services will manage and process the swarm data generated by vehicles, paving the way for autonomous driving in the future.
The presentation and access to different variations of data that the company plans to offer through its platform poses an architecture challenge. The application portfolio needs to interact securely with various third-party cloud services, and V2X (Vehicle-to-Everything) service providers in many countries to be able to manage the data at scale. The security of V2X is a key concern for the stakeholders. Regulators have stated that the user's privacy be always protected, for example, so that the drivers' journey cannot be tracked or reconstructed by compiling data sent or received by the car.
Refer to the scenario
You have been asked to describe the risk and security considerations you would include in the current phase of the architecture development?
Based on the TOGAF standard which of the following is the best answer?
Therefore, the best answer is D, because it describes the risk and security considerations that would be included in the current phase of the architecture development, which is focused on the Business Architecture. The answer covers the security domain model, the security federation, and the risk assessment techniques that are relevant to the scenario.
Please read this scenario prior to answering the question
You are the Lead Enterprise Architect at a major agribusiness company. The company's main harvest is lentils, a highly valued food grown worldwide. The lentil parasite, broomrape, has been an increasing concern for many years and is now becoming resistant to chemical controls. In addition, changes in climate favor the propagation and growth of the parasite. As a result, the parasite cannot realistically be exterminated, and it has become pandemic, with lentil yields falling globally.
In response to the situation, the CEO has decided that the lentil fields will be used for another harvest. The company will also cease to process third-party lentils and will repurpose its processing plants. Thus, the target market will change, and the end-products will be different and more varied.
The company has recently established an Enterprise Architecture practice based on the TOGAF standard as method and guiding framework. The CIO is the sponsor of the activity. A formal request for architecture change has been approved. At this stage there is no fixed scope, shared vision, or objectives.
Refer to the scenario
You have been asked to propose the best approach for architecture development to realize the CEO's change in direction for the company.
Based on the TOGAF standard which of the following is the best answer?
A trade-off analysis is a technique that can be used to evaluate and compare different architecture alternatives and select the most suitable one. A trade-off analysis involves identifying the criteria and factors that are relevant to the decision, such as costs, benefits, risks, and opportunities, and assessing the strengths and weaknesses of each alternative. A trade-off analysis also involves balancing and reconciling the multiple, often conflicting, requirements and concerns of the stakeholders, and ensuring alignment with the Architecture Vision and the Architecture Principles.
Therefore, the best answer is D, because it proposes the best approach for architecture development to realize the CEO's change in direction for the company. The answer covers the Request for Architecture Work, the Architecture Vision, and the trade-off analysis techniques that are relevant to the scenario.
Please read this scenario prior to answering the question
You have been appointed as Chief Enterprise Architect (CEA). reporting to the Chief Technical Officer (CTO), of a company established as a separate operating entity by a major automotive manufacturer. The mission of the company is to build a new industry leading unified technology and software platform for electric vehicles.
The company uses the TOGAF Standard as the basis for its Enterprise Architecture (EA) framework, and architecture development follows the purpose-based EA Capability model as described in the TOGAF Series Guide: A Practitioners'Approach to Developing Enterprise Architecture Following the TOGAF ADM.
An end-to-end Target Architecture has been completed with a roadmap for change over a five-year period. The new platform will be a cross-functional effort between hardware and software teams, with significant changes over the old platform. It is expected to be developed in several stages over three years. The EA team has inherited the architecture for the previous generation hardware and software automotive platform, some of which can be carried over to the new unified platform. The EA team has started to define the new platform, including defining which parts of the architecture to carry forward.
Enough of the Business Architecture has been defined, so that work can commence on the Information Systems and Technology Architectures. Those need to be defined to support the core business services that the company plans to provide. The core services will feature an innovative approach with swarm data generated by vehicles, paving the way for autonomous driving in the future.
The presentation and access to different variations of data that the company plans to offer through its platform pose an architecture challenge. The application portfolio and supporting infrastructure need to interact with various existing cloud services and data-
Refer to the scenario
You have been asked what approach should be taken to determine and organize the work to deliver the requested architectures?
Based on the TOGAF standard which of the following is the best answer?
The best answer is B, because it describes the approach that should be taken to determine and organize the work to deliver the requested architectures, which are the Information Systems and Technology Architectures. The answer covers the following steps:
Refer to the end-to-end Target Architecture for guidance and direction. The end-to-end Target Architecture provides the overall vision, scope, and objectives of the architecture work, and the alignment with the business strategy and goals. The end-to-end Target Architecture also provides the high-level definitions and principles for the four architecture domains, and the roadmap for change that outlines the major milestones and deliverables.
Identify projects, dependencies and synergies, then prioritize before initiating the projects. Projects are the units of work that implement the architecture work packages, which are the sets of actions or tasks that are required to implement a specific part of the architecture. Dependencies are the relationships and constraints that affect the order or priority of the projects, such as logical, temporal, or resource dependencies. Synergies are the benefits or advantages that result from the combination or coordination of the projects, such as cost savings, efficiency gains, or innovation opportunities. Prioritization is the process of ranking the projects according to their importance, urgency, or value, and assigning resources and schedules accordingly.
Develop high-level architecture descriptions. High-level architecture descriptions are the outputs of the architecture development phases (B, C, and D) of the ADM cycle, which describe the Business, Data, Application, and Technology Architectures in terms of the Architecture Building Blocks (ABBs) and the Solution Building Blocks (SBBs), which are reusable components of business, IT, or architectural capability. High-level architecture descriptions also include the Architecture Views, which are representations of the system of interest from the perspective of one or more stakeholders and their concerns.
For each project, estimate effort size, identify reference architectures, and candidate building blocks. Effort size is the measure of the amount of work, time, or resources required to complete a project. Effort size can be estimated using various techniques, such as analogy, expert judgment, parametric, or bottom-up. Reference architectures are standardized architectures that provide a common framework and vocabulary for a specific domain or industry. Reference architectures can be used as a source of best practices, patterns, and models for the architecture development. Candidate building blocks are the potential ABBs or SBBs that can be used to implement the architecture. Candidate building blocks can be identified from the Architecture Repository, which is a collection of architecture assets, such as models, patterns, principles, standards, and guidelines.
Identify the resource needs considering cost and value. Resource needs are the specifications and criteria that define the acceptable level and quality of the resources required to complete the project, such as human, financial, physical, or technological resources. Resource needs can be identified by analyzing the scope, complexity, and dependencies of the project, and the availability, capability, and suitability of the resources. Cost and value are the factors that influence the allocation and utilization of the resources, such as the budget, the return on investment, the benefits, or the risks.
Document options, risks, and controls to enable viability analysis and trade-off with the stakeholders. Options are the alternative ways of achieving the project objectives, such as different solutions, technologies, vendors, or approaches. Risks are the effects of uncertainty on the project objectives, such as threats or opportunities. Controls are the measures or actions that are taken to prevent, reduce, or mitigate the risks, such as policies, procedures, or standards. Viability analysis is the process of evaluating and comparing the options, risks, and controls, and determining the feasibility, suitability, and desirability of each option. Trade-off is the decision outcome that balances and reconciles the multiple, often conflicting, requirements and concerns of the stakeholders, and ensures alignment with the Architecture Vision and the Architecture Principles.
Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits
Get All 12 Questions & Answers