Pre-Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

  1. Home
  2. Discussions
  3. The Open Group
  4. Enterprise Architecture
  5. OGEA-103 Discussions
  6. OGEA-103 Exam Topic 3 Question 26 Discussion

The Open Group TOGAF Enterprise Architecture Combined Part 1 and Part 2 Exam OGEA-103 Question # 26 Topic 3 Discussion

 The Open Group Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

The Open Group TOGAF Enterprise Architecture Combined Part 1 and Part 2 Exam OGEA-103 Question # 26 Topic 3 Discussion

OGEA-103 Exam Topic 3 Question 26 Discussion:
Question #: 26
Topic #: 3

Please read this scenario prior to answering the question

You are employed as an Enterprise Architect, reporting to the Chief Enterprise Architect, at a technology company. The company uses the TOGAF standard as the method and guiding framework for its Enterprise Architecture (EA) practice.

The nature of the business is such that the data and the information stored on the company systems is the company's major asset and is highly confidential. The company employees travel a lot for work and need to communicate over public infrastructure. They use message encryption, secure internet connections using Virtual Private Networks (VPNs), and other standard security measures. The company has provided computer security awareness training for all its staff. However, despite good education and system security, there is still a need to rely on third-party suppliers for infrastructure and software.

The Chief Security Officer (CSO) has noted an increase in ransomware (malicious software used in ransom demands) attacks on companies with a similar profile. The CSO recognizes that no matter how much is spent on education, and support, the company could be a victim of a significant attack that could completely lock them out of their important data.

A risk assessment has been completed and the company has looked for cyber insurance that covers ransomware. The price for this insurance is very high. The CTO recently saw a survey that said 1 out of 4 businesses that paid ransoms could not get their data back, and almost the same number were able to recover the data without paying. The CTO has decided not to get cyber insurance to cover ransom payment.

The Chief Technology Officer (CTO) is the sponsor of the EA project. The practice uses an iterative approach for its architecture development. This has enabled the decision makers to gain valuable insights into the different aspects of the business.

Refer to the scenario

You have been asked to describe the steps you would take to strengthen the current architecture to improve data protection.

Based on the TOGAF standard which of the following is the best answer?
A.

You would ensure that the business value and cost of continuity measures are understood by key stakeholders and would ensure that the company has in place up-to-date processes for managing change to the current Enterprise Architecture. You recommend that mitigation for a ransomware attach be addressed at the infrastructure level with specific technology controls. Changes should be made to the baseline description of the Technology Architect

B.

You would hold an Architecture Compliance Review with the scope to examine the company's ability to respond to ransomware attacks. You would identify the departments involved and have them nominate representatives. You would then tailor checklists to address the requirement for increased business continuity and resilience. You would circulate to the nominated representatives for them to complete. You would then review the completed checklis

C.

You would run an assessment to identify the business continuity requirements and analyze the

current Enterprise Architecture for gaps. You would create a change request to start a further cycle of architecture work to address changes to mitigate such an attack. You would arrange a meeting of the Architecture Board to assess and approve the change request. Once approved you would create a new Request for Architecture Work to begin an A

D.

You would contact existing suppliers for technology that could enhance the company's capabilities to detect, react, and recover from an incident. You would perform an analysis and assessment of a simulated ransomware attack to evaluate the current Enterprise Architecture's resilience and recovery capabilities. Using the findings, you would prepare a gap analysis of the current Enterprise Architecture. You would prepare change requests to ad

Get Premium OGEA-103 Questions
Actual exam question for The Open Group OGEA-103 exam by Xander569 at Dec 27, 2025, 1:15:00 PM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next