Free The Open Group OGEA-103 Practice Exam with Questions & Answers | Set: 4

According to the TOGAF standard, the Target Architecture is the description of a future state of the architecture being developed for an organization. It should be aligned with the Architecture Vision, Principles, and Requirements that have been agreed with the stakeholders. To address the incompatibilities between key stakeholder preferences, the TOGAF standard recommends creating and evaluating multiple alternative Target Architectures that meet different sets of criteria. These criteria should reflect the value preferences and priorities of the stakeholders, as well as the business drivers and objectives. The alternative Target Architectures should be illustrated using a set of architecture views that show the impact of each alternative on the business, data, application, and technology domains. The impact on planned projects should also be identified and analyzed. The strengths and weaknesses of each alternative should be understood and documented. A formal stakeholder review should then be conducted to decide which alternative is the most fit for purpose and should be moved forward with. The funding required for implementing the chosen alternative should also be determined and secured. References:

The TOGAF Standard, Version 9.2 - Phase B: Business Architecture - The Open Group

The TOGAF Standard, Version 9.2 - Phase C: Information Systems Architectures - The Open Group

[The TOGAF Standard, Version 9.2 - Phase D: Technology Architecture - The Open Group]

[The TOGAF Standard, Version 9.2 - Phase E: Opportunities and Solutions - The Open Group]

[The TOGAF Standard, Version 9.2 - Phase F: Migration Planning - The Open Group]

In the TOGAF framework, understanding and addressing stakeholder concerns is crucial, particularly for complex projects with high stakes like the AI-first initiative described in the scenario. This approach aligns well with TOGAF’s ADM (Architecture Development Method) and its emphasis on effective stakeholder management and risk assessment. Here’s why this is the best course of action:

Stakeholder Analysis and Documentation:Conducting a stakeholder analysis is foundational in the early stages of any TOGAF project, particularly during the Preliminary and Architecture Vision phases. This process involves identifying the different stakeholders, understanding their positions, documenting their concerns, and considering any cultural factors that might influence their perspective on the AI-first initiative. Given the diverse concerns raised (such as job security, skill requirements, and cybersecurity), it’s essential to have a clear understanding of each stakeholder group’s priorities and fears.

Recording Concerns in the Architecture Vision Document:The Architecture Vision phase in TOGAF focuses on defining the high-level scope and objectives of the architecture project. By documenting stakeholder concerns and the corresponding views in the Architecture Vision document, the EA team ensures that these concerns are transparently acknowledged and addressed as part of the strategic direction. This step not only aligns with TOGAF best practices but also helps in building stakeholder buy-in and trust.

Architecture Requirements Specification and Risk Management:Risk management is a key aspect of TOGAF’s ADM, particularly in the Requirements Management and Implementation Governance phases. Documenting the requirements for addressing specific risks in the Architecture Requirements Specification provides a structured way to ensure that identified risks are acknowledged and managed throughout the transformation. Regular assessments and feedback loops ensure ongoing alignment and adaptability to emerging risks, which is particularly important given the dynamic nature of AI and its associated challenges.

Alignment with TOGAF ADM Phases:This approach follows the prescribed flow of TOGAF’s ADM, starting with stakeholder engagement in the Preliminary and Architecture Vision phases and progressing to risk assessment in the Requirements Management phase. By maintaining afocus on stakeholder needs and formalizing these into architecture requirements, the EA team can ensure that the architecture not only meets business objectives but also mitigates stakeholder concerns.

TOGAF Reference on Stakeholder Management Techniques:TOGAF places significant emphasis on managing stakeholder concerns through its stakeholder management techniques, which highlight the need to systematically identify, analyze, and address the concerns of all involved parties. This practice helps ensure that the architecture is viable and accepted across the organization.

By conducting a thorough stakeholder analysis and integrating the findings into both the Architecture Vision and the Architecture Requirements Specification, the EA team can proactively address stakeholder concerns, manage risks, and align the AI-first initiative with the agency’s strategic objectives. This approach is consistent with TOGAF’s guidance and provides a structured framework for addressing both business and technical challenges in the context of an AI-first transformation.

At this stage in the scenario:

Astrategic architecturehas been completed.

All divisions have completed theirArchitecture Definition Documents.

Work packageshave been defined.

Transition Architecturesbetween Baseline and Target are already identified.

Adraft roadmapexists for a multi-year phased migration.

You are now asked toplan the next steps for the migration, which aligns exactly withTOGAF ADM Phase F: Implementation and Migration Planning.

In Phase F, TOGAF prescribes the following key activities:

Evaluate and prioritize projects and work packages

Determine business value, cost, risk, dependencies

Confirm Transition Architectures and sequencing

Update and finalize the Implementation & Migration Plan

OptionBis the ONLY answer that correctly follows these required TOGAF steps.

✔Why Option B is correct

Option B states:

“Estimate the business value for each project by applying the Business Value Assessment Technique … to prioritize the migration projects.”✔This is a TOGAF-recommended technique specifically for Phase F to evaluate and prioritize transformations using value, risk, and ROI.

“Confirm and plan a series of Transition Architecture phases … using a table of Architecture Definition Increments.”✔Exactly aligned with TOGAF:

Transition Architectures were identified earlier.

In Phase F, they must beconfirmed, sequenced, and documented.

“Update the Implementation and Migration Plan.”✔This is the required output of ADM Phase F.✔At this point, the plan must be validated and finalized based on value and prioritization.

Thus,Option Bdirectly matches TOGAF’s prescribed migration planning process.

✘Why the other options are incorrect

A – Incorrect

Suggests finalizing Architecture Definition documentation—this was already completed by each division.

Introduces an “Implementation Governance Model,” which is not a TOGAF artifact at this stage.

Focuses on lessons learned BEFORE execution, which is not appropriate for migration planning.

C – Incorrect

Focuses only on project selection and resource assignment.

Does not use TOGAF techniques for value/risk evaluation.

Does not reference Transition Architectures, which are central in the scenario.

Oversimplifies Implementation & Migration Planning to resource scheduling.

D – Incorrect

Compliance Assessments occur DURING execution, notbeforemigration planning.

At this stage, no implementation has started, so compliance reviews are premature.

Adjusting performance requirements now has no alignment with TOGAF’s ADM sequence.

The correct answer is B, as it aligns with TOGAF's stakeholder management approach, ensuring that stakeholder concerns are captured and addressed iteratively throughout the architecture development process.

Analysis of the Correct Answer (Option B):

Stakeholder Analysis and Mapping

The scenario highlights that top managers and staff are worried about the changes AI will bring.

TOGAF recommends stakeholder analysis early in the ADM process to ensure that concerns, expectations, and risks are documented.

Creating a Stakeholder Map groups stakeholders by common concerns, allowing architects to develop tailored viewpoints.

Recording Concerns in the Architecture Vision Document

The Architecture Vision (ADM Phase A) serves as a high-level guiding document.

Capturing stakeholder concerns in the Vision document ensures alignment between business goals and technology implementation.

Iterative Development and Regular Feedback

The scenario describes an AI-powered system with major business impacts, so incremental validation is necessary.

TOGAF emphasizes progressive development to manage risk and validate requirements continuously.

Regular feedback loops help mitigate resistance from top managers and staff.

Why Other Options Are Incorrect?

Option A: Creating Models for Business, Application, and Technology Architectures

Incorrect because while compliance is important, it does not address stakeholder concerns directly.

The scenario is about ensuring buy-in from top managers and employees, not just regulatory compliance.

Option C: Using Uniform Business Models Across AI Projects

Incorrect because a one-size-fits-all model does not allow for regional and functional differences within the company.

The scenario emphasizes the need to address specific concerns of top managers and different locations, which requires stakeholder-specific customization.

Option D: Creating a Communications Plan

Incorrect because communication alone does not resolve stakeholder concerns.

While communication is useful, the architecture development process should include stakeholder engagement and progressive validation, not just reporting.

In this scenario, the CTO hasnotpurchased cyber-insurance, the CSO is concerned about increased DDoS risk, and YOU (the EA) are asked“to describe the steps you would take to strengthen the current architecture to improve data protection.”

Because the company follows theTOGAF standardand uses aniterative ADM cycle, the correct response must:

Start with therisk/continuity concern

Use the formal TOGAFchange management process

Lead to aRequest for Architecture Work

Initiate anew ADM cycleto update the architecture properly

Ensure Architecture Board governance

OptionBis the only answer that matches TOGAF’s required process.

✔Why Option B is correct (TOGAF-aligned)

Option B follows TOGAF’sArchitecture Change Management (Phase H)process:

Assess the business continuity requirements– Correct: Phase H requires evaluating change triggers such as new risks, threats, or incidents.– DDoS risk → business continuity concern → legitimate architecture change trigger.

Analyze the current architecture for gaps– Correct: TOGAF Phase H requires assessing whether the current baseline architecture can support required resilience.

Create a formal Change Request– Exactly correct: Phase H outputsArchitecture Change Requests (ACRs)for significant changes.– ACR includes description, rationale, and impact (in this case: resilience, continuity, and data protection).

Architecture Board reviews/approves the change request– Correct: All major architecture changes must go through Architecture Governance.

Create a new Request for Architecture Work (RFAW)– Required when the change is significant and needs a new ADM cycle.– Strengthening data protection and business continuity DEFINITELY qualifies as a major change.

Begin a new ADM cycle to implement the changes– Perfectly aligned with TOGAF’s iterative approach:Business continuity → update Technology Architecture → updated security patterns → updated Target Architecture.

This is exactly the TOGAF-prescribed method to strengthen an architecture when significant new risks appear.

Therefore,Option B is the correct and TOGAF-compliant answer.

✘Why the other options are incorrect

A – Not TOGAF-aligned

Starts with vendors and simulations (not TOGAF-first steps).

No mention of Architecture Board or Change Management.

No Request for Architecture Work.

Gap analysis alone is not the first step for significant architectural risk.

C – Too narrow and skips TOGAF governance

Jumps straight to modifying the Technology Architecture baseline.

No Change Request, no RFAW, no ADM cycle initiation.

Recommends a solution (“DDoS mitigation at infrastructure level”) before architectural assessment.

D – Misuses Architecture Compliance Review

Architecture Compliance Reviews check conformity to an existing architecture—not evaluate new risks or design resilience enhancements.

A compliance review isnotthe correct first step for addressing new threats.

A Consolidated Gaps, Solutions and Dependencies Matrix is a technique that can be used to create work packages for an incremental rollout of the architecture. A work package is a set of actions or tasks that are required to implement a specific part of the architecture. A work packagecan be associated with one or more Architecture Building Blocks (ABBs) or Solution Building Blocks (SBBs), which are reusable components of business, IT, or architectural capability. A work package can also be associated with one or more Capability Increments, which are defined, discrete portions of the overall capability that deliver business value. A Capability Increment can be realized by one or more Transition Architectures, which are intermediate states of the architecture that enable the transition from the Baseline Architecture to the Target Architecture123

The steps for creating work packages using this technique are:

For each gap between the Baseline Architecture and the Target Architecture, identify a proposed solution and classify it as new development, purchased solution, or based on an existing product. A gap is a difference or deficiency in the current state of the architecture that needs to be addressed by the future state of the architecture. A solution is a way of resolving a gap by implementing one or more ABBs or SBBs.

Group similar solutions together to define the work packages. Similar solutions are those that have common characteristics, such as functionality, technology, vendor, or location.

Identify dependencies between work packages, such as logical, temporal, or resource dependencies. Dependencies indicate the order or priority of the work packages, and the constraints or risks that may affect their implementation.

Regroup the work packages into a set of Capability Increments to transition to the Target Architecture. Capability Increments should be defined based on the business value, effort, and risk associated with each work package, and the schedule and objectives of the clinical trials. Capability Increments should also be aligned with the Architecture Vision and the Architecture Principles.

Document the work packages and the Capability Increments in an Architecture Definition Increments Table, which shows the mapping between the work packages, the ABBs, the SBBs, and the Capability Increments. The table also shows the dependencies, assumptions, and issues related to each work package and Capability Increment.

Therefore, the best answer is B, because it describes the approach to identify the work packages for an incremental rollout meeting the requirements, using the Consolidated Gaps, Solutions and Dependencies Matrix as a planning tool.

 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 30: Gap Analysis 2: The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 36: Building Blocks 3: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 31: Architecture Change Management : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 23: Phase E: Opportunities and Solutions : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 21: Phase F: Migration Planning : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18: Phase A: Architecture Vision : The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 23: Architecture Principles

Comprehensive and Detailed Step-by-Step Explanation

Context of the Scenario

The agency is initiating a strategic “AI-first” plan to transform processes using AI and improve efficiency while ensuring service improvements for citizens. Several stakeholder concerns have been raised, such as:

Job security for employees.

Skill development for adapting to new technologies.

Cybersecurity and resilience risks due to reliance on digital platforms.

TOGAF emphasizes the importance of stakeholder management, communication, and risk management to ensure successful adoption and implementation of new architecture. These concerns need to be addressed methodically by gathering requirements, analyzing stakeholder positions, and ensuring proper communication of risks and benefits.

Option Analysis

Option A:

Strengths:

Proposes creating an Organization Map to identify the links between different parts of the agency and the impact of the strategic change.

Suggests holding stakeholder meetings to address concerns.

Includes managing risks as part of Security Architecture development.

Weaknesses:

Focusing solely on creating business models and teaching stakeholders how to interpret them does not directly address cultural and positional concerns about job loss, skill development, and security.

Risk management is addressed as part of Security Architecture development but lacks broader integration into stakeholder requirements.

Conclusion: Incorrect, as it fails to systematically document stakeholder concerns and map them into requirements and architecture decisions.

Option B:

Strengths:

Highlights the importance of formal stakeholder identification and creating a Communication Plan.

Suggests addressing stakeholder concerns through communication and risk management.

Weaknesses:

Does not go into detail on analyzing stakeholder concerns, cultural positions, or specific requirements.

Lacks the inclusion of stakeholder feedback in architecture artifacts like the Architecture Vision or Requirements Specification, which are critical TOGAF outputs.

Conclusion: Incorrect, as it does not include a systematic and structured approach for stakeholder analysis and integration into architecture deliverables.

Option C:

Strengths:

Emphasizes conducting a thorough stakeholder analysis to document concerns, positions, and cultural factors, which aligns with TOGAF’s approach in Phase A (Architecture Vision).

Ensures stakeholder views and requirements are recorded in the Architecture Vision document and reflected in the Architecture Requirements Specification.

Includes continuous assessment and feedback, ensuring concerns are addressed and risks managed effectively.

Aligns with TOGAF's principle of involving stakeholders in architecture development to ensure alignment and success.

Weaknesses:

Could further detail how risk management is included across all phases, but this is implied through integration into the Architecture Requirements Specification.

Conclusion: Correct, as it provides a structured and detailed approach for addressing stakeholder concerns and managing risks within TOGAF’s framework.

Option D:

Strengths:

Suggests categorizing stakeholders into groups and creating models for each category.

Proposes arranging meetings to verify that concerns have been addressed.

Includes risk management as part of the process.

Weaknesses:

Dividing stakeholders into generic categories (e.g., corporate functions, project team) may not adequately capture specific cultural factors and concerns raised in the scenario.

Lacks integration of stakeholder feedback into architecture deliverables such as the Architecture Vision and Architecture Requirements Specification.

Conclusion: Incorrect, as it provides a generalized and less targeted approach to stakeholder concerns compared to Option C.

TOGAF References

Stakeholder Management (Phase A): TOGAF emphasizes analyzing stakeholders’ positions, concerns, and issues to shape architecture development and communication (TOGAF 9.2, Section 24.2).

Architecture Vision: Captures high-level requirements and stakeholder views to ensure alignment with business goals (TOGAF 9.2, Section 6.2).

Architecture Requirements Specification: Records detailed requirements, including those related to risk management, to guide the development of target architectures (TOGAF 9.2, Section 35.5).

Iterative Feedback: Regular assessments and feedback loops are critical to ensure stakeholder concerns are addressed effectively throughout the ADM cycle.

By selecting Option C, the approach adheres to TOGAF's principles of stakeholder analysis, communication, and integration of concerns into architecture development.

OptionCaligns best withTOGAF Phase F: Migration Planning, which deals with developing adetailed Implementation and Migration Plan, ensuringalignment with other enterprise frameworks, and assigningbusiness valueto work packages and projects.

????TOGAF Phase F Activities (from the standard):

Confirm Management Framework Interactions:

Per TOGAF,Phase Fensures that the migration planning isaligned with the business planning, portfolio/project management, and operations management frameworksused by the enterprise (which are mentioned in the scenario).

TOGAF emphasizes coordination between EA and other enterprise governance processes.

Prioritize Projects:

TOGAF recommends usingbusiness value, resource availability, and strategic alignmentto prioritize the various work packages and projects for implementation.

This is directly referenced in option C:"assign a business value to each project, considering the available resources and how well they align with the strategy."

Update Roadmaps and Implementation Plan:

After coordination and prioritization, theArchitecture Roadmapand theImplementation and Migration Planare updated.

This is essential before formal governance (Phase G).

❌Why the Other Options Are Incorrect:

A: Incorrect focus on updating the Architecture Definition Document and lessons learned.

The Architecture Definition Document is mostly finalized in Phases B–E.

Lessons learned and governance modeling are more relevant toPhase G(Implementation Governance) andPhase H(Architecture Change Management), not Phase F.

B: Although it mentions theBusiness Value Assessment Technique(a valid tool in TOGAF), it includesArchitecture Definition Increments Table, which isnot a standard TOGAF artifact.

Also, "document the lessons learned" isprematurein Phase F; these are more applicable inPhase H.

D: Focuses onCompliance Assessment, which is part ofPhase G(Implementation Governance),not Phase F.

Changing performance requirements based on monitoring tools is handled duringoperations and change management, not during migration planning.

????Source References from TOGAF:

TOGAF 9.2 – Section 11.3 (Phase F: Migration Planning)

"Activities include confirming the enterprise's capability for transition, prioritizing projects, identifying dependencies and resource availability, and co-ordinating with other management frameworks."

TOGAF 9.2 – Section 11.4 Outputs:

Architecture Roadmap (updated)

Implementation and Migration Plan (updated)

Business Value Assessment

Consolidated Gaps, Solutions, and Dependencies

A security domain model is a technique that can be used to define the security requirements and policies for the architecture. A security domain is a grouping of assets that share a common level of security and trust. A security policy is a set of rules and procedures that govern the access and protection of the assets within a security domain. A security domain model can help to identify the security domains, the assets within each domain, the security policies for each domain, and the relationships and dependencies between the domains1

Since the data is being shared across partners, a security federation is needed to establish a trust relationship and a common security framework among the different parties. A security federation is a collection of security domains that have agreed to interoperate under a set of shared security policies and standards. A security federation can enable secure data exchange and collaboration across organizational boundaries, while preserving the autonomy and privacy of each party. A security federation requires contractual arrangements, and a definition of the responsibility areas for the data exchanged, as well as security implications2

A risk assessment is a process that identifies, analyzes, and evaluates the risks that may affect the architecture. A risk assessment can help to determine the likelihood and impact of the threats and vulnerabilities that may compromise the security and privacy of the data assets. A risk assessment can also help to prioritize and mitigate the risks, and to monitor and review the risk situation3

Therefore, the best answer is D, because it describes the risk and security considerations that would be included in the current phase of the architecture development, which is focused on the Business Architecture. The answer covers the security domain model, the security federation, and the risk assessment techniques that are relevant to the scenario.

 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 35: Security Architecture and the ADM 2: The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 38: Security Architecture 3: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 32: Risk Management

A-Architecture Repository: This is a part of the Architecture Metamodel that contains artifacts structured according to the metamodel. It includes the Architecture Landscape which is adopted by the enterprise and governed by certain standards and practices.

B-Governing Board: The Governing Board ensures visibility and escalation, meaning it oversees and manages the capability of the architecture landscape. It plays a crucial role in governance.

C-Enterprise Capability: This refers to how well an enterprise can execute its mission, meet business objectives or satisfy its stakeholders’ needs and expectations. It’s influenced by both internal factors (like resources, processes) and external ones (like market trends).

TOGAF Version 9.1, Chapter 34: 1