Pass the The Open Group Enterprise Architecture OGEA-103 Questions and answers with CertsForce

The Target Architecture is a description of the future state of the architecture that addresses the business goals and drivers, and satisfies the stakeholder requirements and concerns. The Target Architecture is developed through the Architecture Development Method (ADM), which is the core process of the TOGAF standard that guides the development and management of the enterprise architecture. The Target Architecture is typically divided into four domains: Business, Data, Application, and Technology. The Target Architecture also includes a roadmap for change, which defines the Transition Architectures, the Capability Increments, and the work packages that enable the transition from the Baseline Architecture to the Target Architecture12

The best answer is B, because it describes the approach that should be taken to determine and organize the work to deliver the requested architectures, which are the Information Systems and Technology Architectures. The answer covers the following steps:

Refer to the end-to-end Target Architecture for guidance and direction. The end-to-end Target Architecture provides the overall vision, scope, and objectives of the architecture work, and the alignment with the business strategy and goals. The end-to-end Target Architecture also provides the high-level definitions and principles for the four architecture domains, and the roadmap for change that outlines the major milestones and deliverables.

Identify projects, dependencies and synergies, then prioritize before initiating the projects. Projects are the units of work that implement the architecture work packages, which are the sets of actions or tasks that are required to implement a specific part of the architecture. Dependencies are the relationships and constraints that affect the order or priority of the projects, such as logical, temporal, or resource dependencies. Synergies are the benefits or advantages that result from the combination or coordination of the projects, such as cost savings, efficiency gains, or innovation opportunities. Prioritization is the process of ranking the projects according to their importance, urgency, or value, and assigning resources and schedules accordingly.

Develop high-level architecture descriptions. High-level architecture descriptions are the outputs of the architecture development phases (B, C, and D) of the ADM cycle, which describe the Business, Data, Application, and Technology Architectures in terms of the Architecture Building Blocks (ABBs) and the Solution Building Blocks (SBBs), which are reusable components of business, IT, or architectural capability. High-level architecture descriptions also include the Architecture Views, which are representations of the system of interest from the perspective of one or more stakeholders and their concerns.

For each project, estimate effort size, identify reference architectures, and candidate building blocks. Effort size is the measure of the amount of work, time, or resources required to complete a project. Effort size can be estimated using various techniques, such as analogy, expert judgment, parametric, or bottom-up. Reference architectures are standardized architectures that provide a common framework and vocabulary for a specific domain or industry. Reference architectures can be used as a source of best practices, patterns, and models for the architecture development. Candidate building blocks are the potential ABBs or SBBs that can be used to implement the architecture. Candidate building blocks can be identified from the Architecture Repository, which is a collection of architecture assets, such as models, patterns, principles, standards, and guidelines.

Identify the resource needs considering cost and value. Resource needs are the specifications and criteria that define the acceptable level and quality of the resources required to complete the project, such as human, financial, physical, or technological resources. Resource needs can be identified by analyzing the scope, complexity, and dependencies of the project, and the availability, capability, and suitability of the resources. Cost and value are the factors that influence the allocation and utilization of the resources, such as the budget, the return on investment, the benefits, or the risks.

Document options, risks, and controls to enable viability analysis and trade-off with the stakeholders. Options are the alternative ways of achieving the project objectives, such as different solutions, technologies, vendors, or approaches. Risks are the effects of uncertainty on the project objectives, such as threats or opportunities. Controls are the measures or actions that are taken to prevent, reduce, or mitigate the risks, such as policies, procedures, or standards. Viability analysis is the process of evaluating and comparing the options, risks, and controls, and determining the feasibility, suitability, and desirability of each option. Trade-off is the decision outcome that balances and reconciles the multiple, often conflicting, requirements and concerns of the stakeholders, and ensures alignment with the Architecture Vision and the Architecture Principles.

 1: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 5: Introduction to the ADM 2: The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 36: Building Blocks : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18: Phase A: Architecture Vision : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 19: Phase B: Business Architecture : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 20: Phase C: Information Systems Architectures : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 21: Phase F: Migration Planning : The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 23: Architecture Principles : The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 30: Trade-Off Analysis : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 46: Tools for Architecture Development : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework,Chapter 47: Architecture Board : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 48: Architecture Compliance : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 49: Architecture Contract : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 50: Architecture Governance : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 51: Architecture Maturity Models : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 52: Architecture Skills Framework

This question asks:

What needs to be done to make sure the company succeeds with the transformation and how should risks be managed?

The scenario involves:

Large-scale business transformation

Integration of acquired companies

Significant organizational change

Need to assess risk, readiness, and obstacles

This strongly aligns with TOGAF’s Business Transformation Readiness Assessment and Risk Management guidance (primarily in the Preliminary Phase, Phase A, and Phase F).

✅ Why Option D Is Correct

✔ Matches TOGAF’s Business Transformation Readiness Assessment

TOGAF explicitly states that before undertaking major business change, the architecture team must assess:

Readiness factors

Obstacles

Risks

Degree of organizational preparedness

Option D describes exactly this process:

“identify obstacles that could hinder the project … determine the readiness level … understand urgency, readiness, and degree of difficulty … evaluate initial risks and areas needing attention.”

That wording maps directly to the TOGAF Readiness Assessment steps, including:

Readiness Factor Evaluation

Risk Identification

Mitigation Strategy Development

✔ Addresses Success Factors of Transformation

TOGAF emphasizes that large transformations succeed when:

Readiness factors are understood

Organizational obstacles are identified early

Appropriate preparation is made for people, processes, and systems

Option D describes these success actions.

❌ Why the Other Options Are Incorrect

A – Implementation Factor Catalog

The catalog helps consider implementation constraints, but it is not the primary mechanism for evaluating overall transformation readiness.

It is more relevant later (Phase F), not at the strategic transformation level described in the scenario.

B – Business Scenarios

Business Scenarios help define requirements and validate the architecture.

They do NOT cover readiness assessment, organizational preparedness, or comprehensive transformation risk management.

Too narrow for the scale of change described.

C – Develop Business Architecture Views + Maturity Model

While views can expose stakeholder concerns, TOGAF does not prescribe evaluating transformation readiness via a “maturity model” in this context.

This is partially correct but not the TOGAF‑aligned method for ensuring change success.

???? Relevant TOGAF Sources

TOGAF 9.2 — Business Transformation Readiness Assessment

Includes evaluation of:

Organizational readiness

Barriers and obstacles

Culture and motivation

Dependencies and risks

Readiness factors scoring

TOGAF ADM Guidance

Readiness assessment is required when conducting large-scale transformation.

Helps ensure risks are identified, understood, and mitigated.

In the TOGAF framework, understanding and addressing stakeholder concerns is crucial, particularly for complex projects with high stakes like the AI-first initiative described in the scenario. This approach aligns well with TOGAF’s ADM (Architecture Development Method) and its emphasis on effective stakeholder management and risk assessment. Here’s why this is the best course of action:

Stakeholder Analysis and Documentation:Conducting a stakeholder analysis is foundational in the early stages of any TOGAF project, particularly during the Preliminary and Architecture Vision phases. This process involves identifying the different stakeholders, understanding their positions, documenting their concerns, and considering any cultural factors that might influence their perspective on the AI-first initiative. Given the diverse concerns raised (such as job security, skill requirements, and cybersecurity), it’s essential to have a clear understanding of each stakeholder group’s priorities and fears.

Recording Concerns in the Architecture Vision Document:The Architecture Vision phase in TOGAF focuses on defining the high-level scope and objectives of the architecture project. By documenting stakeholder concerns and the corresponding views in the Architecture Vision document, the EA team ensures that these concerns are transparently acknowledged and addressed as part of the strategic direction. This step not only aligns with TOGAF best practices but also helps in building stakeholder buy-in and trust.

Architecture Requirements Specification and Risk Management:Risk management is a key aspect of TOGAF’s ADM, particularly in the Requirements Management and Implementation Governance phases. Documenting the requirements for addressing specific risks in the Architecture Requirements Specification provides a structured way to ensure that identified risks are acknowledged and managed throughout the transformation. Regular assessments and feedback loops ensure ongoing alignment and adaptability to emerging risks, which is particularly important given the dynamic nature of AI and its associated challenges.

Alignment with TOGAF ADM Phases:This approach follows the prescribed flow of TOGAF’s ADM, starting with stakeholder engagement in the Preliminary and Architecture Vision phases and progressing to risk assessment in the Requirements Management phase. By maintaining afocus on stakeholder needs and formalizing these into architecture requirements, the EA team can ensure that the architecture not only meets business objectives but also mitigates stakeholder concerns.

TOGAF Reference on Stakeholder Management Techniques:TOGAF places significant emphasis on managing stakeholder concerns through its stakeholder management techniques, which highlight the need to systematically identify, analyze, and address the concerns of all involved parties. This practice helps ensure that the architecture is viable and accepted across the organization.

By conducting a thorough stakeholder analysis and integrating the findings into both the Architecture Vision and the Architecture Requirements Specification, the EA team can proactively address stakeholder concerns, manage risks, and align the AI-first initiative with the agency’s strategic objectives. This approach is consistent with TOGAF’s guidance and provides a structured framework for addressing both business and technical challenges in the context of an AI-first transformation.

In TOGAF, when an enterprise undergoes a significant strategic shift—particularly one initiated by executive leadership without a clearly defined scope, vision, or objectives—the correct starting point is always Phase A: Architecture Vision, and only after a formal Request for Architecture Work is created or updated. The scenario explicitly states that the CEO has approved a request for architecture change but has not defined scope, constraints, or direction. This aligns precisely with TOGAF guidance that Phase A must establish the high-level vision, stakeholder concerns, business drivers, and initial requirements before moving into the detailed architecture development phases (B, C, D).

Answer choice C reflects this: it requires producing a new Request for Architecture Work and developing a new Architecture Vision, which is the foundational step for any enterprise-wide transformational effort. TOGAF also requires application of the trade-off method to balance stakeholder needs in the Vision phase before detailed architectures are designed.

Choices A and D incorrectly assume architecture definition can begin without a clear approved vision. Choice B focuses solely on Technology Architecture, which contradicts TOGAF’s requirement that Business Architecture must lead the effort during major transformation.

Thus, the only answer compliant with TOGAF ADM is C.

In this scenario, the CTO has not purchased cyber-insurance, the CSO is concerned about increased DDoS risk, and YOU (the EA) are asked “to describe the steps you would take to strengthen the current architecture to improve data protection.”

Because the company follows the TOGAF standard and uses an iterative ADM cycle, the correct response must:

Start with the risk/continuity concern

Use the formal TOGAF change management process

Lead to a Request for Architecture Work

Initiate a new ADM cycle to update the architecture properly

Ensure Architecture Board governance

Option B is the only answer that matches TOGAF’s required process.

✔ Why Option B is correct (TOGAF-aligned)

Option B follows TOGAF’s Architecture Change Management (Phase H) process:

Assess the business continuity requirements– Correct: Phase H requires evaluating change triggers such as new risks, threats, or incidents.– DDoS risk → business continuity concern → legitimate architecture change trigger.

Analyze the current architecture for gaps– Correct: TOGAF Phase H requires assessing whether the current baseline architecture can support required resilience.

Create a formal Change Request– Exactly correct: Phase H outputs Architecture Change Requests (ACRs) for significant changes.– ACR includes description, rationale, and impact (in this case: resilience, continuity, and data protection).

Architecture Board reviews/approves the change request– Correct: All major architecture changes must go through Architecture Governance.

Create a new Request for Architecture Work (RFAW)– Required when the change is significant and needs a new ADM cycle.– Strengthening data protection and business continuity DEFINITELY qualifies as a major change.

Begin a new ADM cycle to implement the changes– Perfectly aligned with TOGAF’s iterative approach:Business continuity → update Technology Architecture → updated security patterns → updated Target Architecture.

This is exactly the TOGAF-prescribed method to strengthen an architecture when significant new risks appear.

Therefore, Option B is the correct and TOGAF-compliant answer.

✘ Why the other options are incorrect

A – Not TOGAF-aligned

Starts with vendors and simulations (not TOGAF-first steps).

No mention of Architecture Board or Change Management.

No Request for Architecture Work.

Gap analysis alone is not the first step for significant architectural risk.

C – Too narrow and skips TOGAF governance

Jumps straight to modifying the Technology Architecture baseline.

No Change Request, no RFAW, no ADM cycle initiation.

Recommends a solution (“DDoS mitigation at infrastructure level”) before architectural assessment.

D – Misuses Architecture Compliance Review

Architecture Compliance Reviews check conformity to an existing architecture—not evaluate new risks or design resilience enhancements.

A compliance review is not the correct first step for addressing new threats.

The question asks:

“What steps would you take to strengthen the current architecture to improve data protection?”

This requires understanding how TOGAF handles:

Business continuity requirements

Gap analysis in existing architecture

Architecture change requests

Triggering a new ADM cycle

Governance via the Architecture Board

Option C is the only answer that aligns correctly with TOGAF’s formal Architecture Change Management process (ADM Phase H) and how to progress from identifying gaps to initiating a new cycle.

✅ Why Option C Is Correct

✔ 1. Starts with identifying business continuity requirements

TOGAF Phase A and Phase B require understanding business continuity and information security requirements as part of architecture development.

✔ 2. Analyzes the current architecture for gaps

Gap analysis is a required step in:

Phase B (Business Architecture)

Phase C (Data/Application Architecture)

Phase D (Technology Architecture)

It is also part of Architecture Change Management (Phase H) when examining existing threats or deficiencies.

✔ 3. Creates a Change Request

In TOGAF, if gaps or new risks require architectural enhancements, a formal Change Request is submitted. This is a mandatory TOGAF mechanism.

✔ 4. Architecture Board evaluates the Change Request

The Architecture Board approves major changes before a new cycle starts — exactly as described in option C.

✔ 5. Initiates a new ADM cycle with a RfAW

TOGAF explicitly states:

A new or major architecture change requires a Request for Architecture Work before beginning a new ADM cycle.

Option C follows this sequencing precisely:

Identify requirements → analyze gaps → issue change request → Architecture Board approval → create RfAW → start new ADM cycle.

This is textbook TOGAF.

❌ Why the Other Options Are Incorrect

A – Too narrow and focuses only on Technology Architecture

The problem spans business continuity, data protection, and enterprise-wide readiness — not just infrastructure.

Does not include gap analysis, stakeholder analysis, or initiating a formal ADM cycle.

Incorrectly reduces ransomware mitigation to technology controls.

B – Architecture Compliance Review is inappropriate here

A Compliance Review is used to:

Ensure implementation conforms to architectureNot to:

Identify new risks

Strengthen the architecture

Conduct gap analysisThis option is misusing the review process.

D – Supplier-driven, not TOGAF-driven

Involves contacting suppliers prematurely — not aligned with TOGAF’s architecture-first methodology.

Does not involve Architecture Board approval before pursuing solutions.

Jumps into solutioning before architectural approval.

???? Relevant TOGAF References

Phase H: Architecture Change Management

Manage changes

Evaluate impacts

Generate change requests

Architecture Board Roles

Approves Change Requests

Governs new ADM cycles

Request for Architecture Work

Used to formally launch a new ADM cycle

This statement best describes iteration and the ADM. The ADM is iterative over the whole process between phases and within phases because it allows for feedback loops and refinements at any point in the architecture development and transition process. Iteration enables architects to address changing requirements, assumptions, constraints, and environments; to validate and improve architectures; to manage risks and issues; and to ensure stakeholder satisfaction and value realization. Reference: The TOGAF® Standard | The Open Group Website, Section 3.1 Introduction to the ADM.

The Architecture Landscape is a class of information within the Architecture Repository that shows an architectural view of the building blocks that are in use within the organization today (the Baseline Architecture), as well as those that are planned for the future (the Target Architecture). The Architecture Landscape typically contains a list of the applications in use within the enterprise, along with their relationships and dependencies, as well as other relevant architectural information. The Architecture Landscape helps to identify opportunities for re-use, consolidation, or retirement of existing applications, as well as gaps or overlaps in the current or future architecture.

The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 34: Architecture Landscape : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 47: Architecture Repository

According to the TOGAF Standard, an architecture view is a representation of a system from the perspective of a related set of concerns1. An architecture viewpoint is a specification of the conventions for a particular kind of architecture view1. Presenting different architecture views and architecture viewpoints to stakeholders helps architects to extract hidden agendas, principles, and requirements that could impact the final target architecture. This is because different stakeholders may have different concerns and interests in the system, and by showing them how the system addresses their concerns from different perspectives, the architects can elicit more feedback and validation from them2. For example, a business stakeholder may be interested in the business architecture view, which focuses on the business processes, functions, and capabilities of the system3. A security stakeholder may be interested in the enterprise security view, which addresses the security aspects of the system, such as confidentiality, integrity, and availability3. By presenting these views to the respective stakeholders, the architects can ensure that the system meets their expectations and needs, and also identify any potential issues or gaps that may affect the target architecture. References: 1: The TOGAF Standard, Version 9.2 - Architectural Artifacts - The Open Group1; 2: Understanding TOGAF Views and Viewpoints in Enterprise Architecture2; 3: Developing Architecture Views - The Open Group4

Gap Analysis is a technique that compares the Baseline Architecture and the Target Architecture to identify the differences and gaps between them. The purpose of this technique is to determine the changes and additions that are required to achieve the desired future state of the architecture. One of the main aspects of Gap Analysis is to identify the functions that are missing or overlapping in the current and future architectures, and to plan how to address them. This helpsto ensure that the architecture is complete, consistent, and aligned with the business objectives and requirements3