OGEA-102 TOGAF Enterprise Architecture Part 2 Exam (English) Questions and Answers

Key aspects of the scenario:

Objective:

Integrating Artificial Intelligence (AI) into healthcare delivery, with a focus on improving patient care, enhancing workplace efficiency, and enabling seamless experiences.

Challenges:

Stakeholder concerns about risk management, adaptability to change, and ensuring alignment with regulations and policies.

Addressing the concerns of staff and top management about AI integration and achieving the desired goals.

CIO ' s Perspective:

Encouraging an agile approach to architecture development.

Addressing risks and ensuring stakeholder concerns are managed.

Areas for Evaluation:

AI usage by staff and impact on workflows.

Patient experience enhancement via AI.

New workplace platforms and tools powered by AI.

Option Analysis:

Option 1: Analysis of stakeholders and development of a Stakeholder Map

Pros:

Stakeholder analysis is critical for identifying concerns, viewpoints, and requirements.

TOGAF emphasizes stakeholder engagement early in the process to mitigate risks and align expectations.

Developing a Stakeholder Map ensures clear alignment with their interests and creates a foundation for regular feedback loops.

Cons:

Does not explicitly address the creation of architecture models or policies upfront.

Option 2: Creation of a Communications Plan

Pros:

A communications plan fosters effective stakeholder engagement by addressing their concerns and ensuring transparent reporting.

Risk mitigation as part of communication aligns with TOGAF’s stakeholder management practices.

Cons:

This focuses more on communication mechanics rather than advancing architectural development directly.

Option 3: Models for Draft Business, Data, Application, and Technology Architectures

Pros:

Aligns with the Architecture Development Method (ADM), ensuring compliance with requirements and regulations.

Helps formalize stakeholder feedback by verifying their concerns against tangible models.

Cons:

Developing detailed models early on may delay immediate resolution of stakeholder concerns and risk mitigation.

Option 4: Set of reusable business models for AI-related projects

Pros:

Standardized models ensure consistency and portability across the organization’s AI-related efforts.

Cons:

Too narrow in focus for the initial architecture development phase; does not address risk management or stakeholder concerns adequately.

Recommended Answer:

Option 1: You recommend that an analysis of the stakeholders is undertaken.

Reasoning:

The scenario highlights stakeholder concerns about risks, adaptability, and compliance. Addressing these concerns requires stakeholder analysis as the first step.

A Stakeholder Map aligns with TOGAF’s emphasis on stakeholder engagement, providing a structured way to manage their concerns and expectations.

Identifying concerns early and integrating feedback into the Architecture Vision document ensures alignment with goals and smooth progress.

Option 1 sets the foundation for collaboration and risk management, making it the best fit for the current phase.

The Target Architecture is a description of the future state of the architecture that addresses the business goals and drivers, and satisfies the stakeholder requirements and concerns. The Target Architecture is developed through the Architecture Development Method (ADM), which is the core process of the TOGAF standard that guides the development and management of the enterprise architecture. The Target Architecture is typically divided into four domains: Business, Data, Application, and Technology. The Target Architecture also includes a roadmap for change, which defines the Transition Architectures, the Capability Increments, and the work packages that enable the transition from the Baseline Architecture to the Target Architecture12

The best answer is B, because it describes the approach that should be taken to determine and organize the work to deliver the requested architectures, which are the Information Systems and Technology Architectures. The answer covers the following steps:

Refer to the end-to-end Target Architecture for guidance and direction. The end-to-end Target Architecture provides the overall vision, scope, and objectives of the architecture work, and the alignment with the business strategy and goals. The end-to-end Target Architecture also provides the high-level definitions and principles for the four architecture domains, and the roadmap for change that outlines the major milestones and deliverables.

Identify projects, dependencies and synergies, then prioritize before initiating the projects. Projects are the units of work that implement the architecture work packages, which are the sets of actions or tasks that are required to implement a specific part of the architecture. Dependencies are the relationships and constraints that affect the order or priority of the projects, such as logical, temporal, or resource dependencies. Synergies are the benefits or advantages that result from the combination or coordination of the projects, such as cost savings, efficiency gains, or innovation opportunities. Prioritization is the process of ranking the projects according to their importance, urgency, or value, and assigning resources and schedules accordingly.

Develop high-level architecture descriptions. High-level architecture descriptions are the outputs of the architecture development phases (B, C, and D) of the ADM cycle, which describe the Business, Data, Application, and Technology Architectures in terms of the Architecture Building Blocks (ABBs) and the Solution Building Blocks (SBBs), which are reusable components of business, IT, or architectural capability. High-level architecture descriptions also include the Architecture Views, which are representations of the system of interest from the perspective of one or more stakeholders and their concerns.

For each project, estimate effort size, identify reference architectures, and candidate building blocks. Effort size is the measure of the amount of work, time, or resources required to complete a project. Effort size can be estimated using various techniques, such as analogy, expert judgment, parametric, or bottom-up. Reference architectures are standardized architectures that provide a common framework and vocabulary for a specific domain or industry. Reference architectures can be used as a source of best practices, patterns, and models for the architecture development. Candidate building blocks are the potential ABBs or SBBs that can be used to implement the architecture. Candidate building blocks can be identified from the Architecture Repository, which is a collection of architecture assets, such as models, patterns, principles, standards, and guidelines.

Identify the resource needs considering cost and value. Resource needs are the specifications and criteria that define the acceptable level and quality of the resources required to complete the project, such as human, financial, physical, or technological resources. Resource needs can be identified by analyzing the scope, complexity, and dependencies of the project, and the availability, capability, and suitability of the resources. Cost and value are the factors that influence the allocation and utilization of the resources, such as the budget, the return on investment, the benefits, or the risks.

Document options, risks, and controls to enable viability analysis and trade-off with the stakeholders. Options are the alternative ways of achieving the project objectives, such as different solutions, technologies, vendors, or approaches. Risks are the effects of uncertainty on the project objectives, such as threats or opportunities. Controls are the measures or actions that are taken to prevent, reduce, or mitigate the risks, such as policies, procedures, or standards. Viability analysis is the process of evaluating and comparing the options, risks, and controls, and determining the feasibility, suitability, and desirability of each option. Trade-off is the decision outcome that balances and reconciles the multiple, often conflicting, requirements and concerns of the stakeholders, and ensures alignment with the Architecture Vision and the Architecture Principles.

 1: The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 5: Introduction to the ADM 2: The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 36: Building Blocks : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 18: Phase A: Architecture Vision : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 19: Phase B: Business Architecture : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 20: Phase C: Information Systems Architectures : The TOGAF Standard, Version 9.2, Part II: Architecture Development Method (ADM), Chapter 21: Phase F: Migration Planning : The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 23: Architecture Principles : The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 30: Trade-Off Analysis : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 46: Tools for Architecture Development : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 47: Architecture Board : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 48: Architecture Compliance : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 49: Architecture Contract : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 50: Architecture Governance : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 51: Architecture Maturity Models : The TOGAF Standard, Version 9.2, Part VI: Architecture Capability Framework, Chapter 52: Architecture Skills Framework

In this scenario, the CTO has not purchased cyber-insurance, the CSO is concerned about increased DDoS risk, and YOU (the EA) are asked “to describe the steps you would take to strengthen the current architecture to improve data protection.”

Because the company follows the TOGAF standard and uses an iterative ADM cycle, the correct response must:

Start with the risk/continuity concern

Use the formal TOGAF change management process

Lead to a Request for Architecture Work

Initiate a new ADM cycle to update the architecture properly

Ensure Architecture Board governance

Option B is the only answer that matches TOGAF’s required process.

✔ Why Option B is correct (TOGAF-aligned)

Option B follows TOGAF’s Architecture Change Management (Phase H) process:

Assess the business continuity requirements– Correct: Phase H requires evaluating change triggers such as new risks, threats, or incidents.– DDoS risk → business continuity concern → legitimate architecture change trigger.

Analyze the current architecture for gaps– Correct: TOGAF Phase H requires assessing whether the current baseline architecture can support required resilience.

Create a formal Change Request– Exactly correct: Phase H outputs Architecture Change Requests (ACRs) for significant changes.– ACR includes description, rationale, and impact (in this case: resilience, continuity, and data protection).

Architecture Board reviews/approves the change request– Correct: All major architecture changes must go through Architecture Governance.

Create a new Request for Architecture Work (RFAW)– Required when the change is significant and needs a new ADM cycle.– Strengthening data protection and business continuity DEFINITELY qualifies as a major change.

Begin a new ADM cycle to implement the changes– Perfectly aligned with TOGAF’s iterative approach:Business continuity → update Technology Architecture → updated security patterns → updated Target Architecture.

This is exactly the TOGAF-prescribed method to strengthen an architecture when significant new risks appear.

Therefore, Option B is the correct and TOGAF-compliant answer.

✘ Why the other options are incorrect

A – Not TOGAF-aligned

Starts with vendors and simulations (not TOGAF-first steps).

No mention of Architecture Board or Change Management.

No Request for Architecture Work.

Gap analysis alone is not the first step for significant architectural risk.

C – Too narrow and skips TOGAF governance

Jumps straight to modifying the Technology Architecture baseline.

No Change Request, no RFAW, no ADM cycle initiation.

Recommends a solution (“DDoS mitigation at infrastructure level”) before architectural assessment.

D – Misuses Architecture Compliance Review

Architecture Compliance Reviews check conformity to an existing architecture—not evaluate new risks or design resilience enhancements.

A compliance review is not the correct first step for addressing new threats.

In this scenario you are right at the start of an ADM cycle: a Request for Architecture Work has been approved to investigate AI, and there are strong stakeholder concerns and risk questions. According to the TOGAF standard, the correct place to start is Phase A: Architecture Vision, with a strong focus on stakeholder management and capturing their concerns and required views.

Option A is the only answer that correctly reflects this:

Stakeholder analysis & Stakeholder Map (Phase A core task)TOGAF explicitly states that in Phase A you must:

Identify stakeholders

Analyze and group them by common concerns

Use a Stakeholder Map to understand their influence, interest, and required engagement

Determine which views/viewpoints are needed to address their concerns in the architecture description coe.qualiware.com+1

Option A says:

“analysis of the stakeholders … define groups of stakeholders who have common concerns and include development of a Stakeholder Map. The concerns and relevant views should then be defined for each group and recorded in the Architecture Vision document.”

This is exactly how TOGAF describes stakeholder management and views in Phase A:

Stakeholder Map to classify and prioritize stakeholders

Concerns and required views captured and traced

These elements feeding into the Architecture Vision deliverable Visual Paradigm TOGAF+1

Concerns, views, and Architecture VisionTOGAF emphasizes that architecture views are constructed to address specific stakeholder concerns; you do not just build generic models. opengroup.org+1

Option A explicitly links concerns → views → Architecture Vision, which aligns with TOGAF guidance for early phases.

Capturing this in the Architecture Vision provides a high-level, shared understanding of what the AI initiative is trying to achieve and how stakeholder issues (e.g., responsible AI, risk processes, change in way of working) will be addressed.

Risk management and “architecting with agility”In the scenario, the CIO has encouraged architecting with agility. TOGAF is compatible with incremental and iterative development of the target architecture, especially when there is high uncertainty and risk. conexiam.com

Option A includes:

“a requirement that there be progressive development of the target architecture to ensure there is regular feedback.”

This “progressive development” and frequent feedback loop is exactly how you mitigate risk in an AI-heavy, change-sensitive initiative:

Frequent stakeholder feedback

Early validation of assumptions

Ability to adjust scope, constraints, and principles as risk and understanding evolve

This directly addresses management’s worry about the change in the way of working and whether risk management and responsible AI policies are adequate: these become explicit stakeholder concerns and requirements that are iteratively refined.

Why the other options are weaker / not TOGAF-aligned as a starting point

Option B

Focuses mainly on a Communications Plan and powerful stakeholders.

While TOGAF does expect a stakeholder communications plan, it is derived from a proper stakeholder analysis and Stakeholder Map, not a substitute for it.

It also treats risk as a “component of the architecture” rather than something to be addressed early through stakeholder concerns, principles, and iteration.

Option C

Jumps straight to a solution concept diagram and benefits diagram and defers risk evaluation to when the Architecture Roadmap is defined (Phase E).

In TOGAF, risk and stakeholder concerns must be addressed already in Phase A and refined throughout, not postponed to roadmap development.

Option D

Proposes creating draft Business, Data, Application, and Technology models and putting them into the Architecture Vision.

This is too detailed for the starting point: Phase A is about high-level vision, not full draft core architecture models (those belong in Phases B, C, D).

It also doesn’t emphasize Stakeholder Mapping and grouping by concerns, which is central to resolving the worries about way of working, risk, and responsible AI.

In summary, Option A is the best and TOGAF-consistent way to begin:

Start in Phase A: Architecture Vision

Perform stakeholder analysis and create a Stakeholder Map

Define stakeholder concerns and relevant views

Record them in the Architecture Vision

Add an explicit requirement for progressive (iterative) development of the target architecture for continuous feedback and risk mitigation

In this scenario, the enterprise is undergoing significant transformation due to a merger and the adoption of new technology (hand-held devices). Several key principles from TOGAF ' s ADM Techniques—particularly those focused on promoting enterprise-wide standardization, adaptability, and data utilization—are pertinent here:

Maximize Benefit to the Enterprise:This principle emphasizes that all architectural decisions should deliver maximum business value. Given that the company is integrating systems to cut costs and improve offerings, maximizing the benefit is crucial. Ensuring that the EA efforts align with enterprise-wide benefits supports the goal of optimizing costs and enhancing offerings, which aligns with the CEO’s vision for the merger.

Common Use Applications:Standardizing applications across the merged entity will be essential to achieve cost savings and to simplify operations. The goal of reducing the number of applications fits with this principle, ensuring that reusable and widely adopted applications support business functions across the organization. Adopting this principle will also aid in harmonizing the systems from both organizations and avoiding unnecessary diversity.

Data is an Asset:Data plays a central role in the company ' s operations, especially with the use of AI-driven inventory management and the integration of systems. Treating data as an asset is essential for reliable and accurate decision-making. This principle ensures that data is viewed as a critical enterprise resource and is managed with care, maintaining integrity, accuracy, and value.

Responsive Change Management:The organization’s ability to adapt quickly and effectively to changes, such as integrating new handheld devices and merging systems, is essential. This principle will facilitate the smooth transition required for integrating the new handheld devices and the merger-related system updates while minimizing disruption to store operations.

Technology Independence:Since the enterprise will likely encounter varied technologies from the merger, it is crucial to maintain flexibility. This principle advocates for using technology solutions that are adaptable and not bound to a single vendor or specific technology. This ensures that the enterprise can integrate various technological components from both organizations and evolve with minimal constraints.

These principles align well with TOGAF ' s broader recommendations for guiding architectural changes, as found in Section 2.6 of the TOGAF ADM Techniques. They ensure that the EA practice is aligned with business objectives while maintaining flexibility, data integrity, and a focus on enterprise-wide benefits. These guiding principles are critical for the successful execution of the integration and adoption of new technologies while achieving cost efficiencies and improving service delivery.

For reference, TOGAF ' s ADM Techniques highlight the importance of architectural principles in guiding transformational initiatives, ensuring that decisions are made consistently across the enterprise. Each principle supports organizational agility, system integration, and the efficient use of technology resources, all of which are vital for the enterprise ' s stated objectives.

A security domain model is a technique that can be used to define the security requirements and policies for the architecture. A security domain is a grouping of assets that share a common level of security and trust. A security policy is a set of rules and procedures that govern the access and protection of the assets within a security domain. A security domain model can help to identify the security domains, the assets within each domain, the security policies for each domain, and the relationships and dependencies between the domains1

Since the data is being shared across partners, a security federation is needed to establish a trust relationship and a common security framework among the different parties. A security federation is a collection of security domains that have agreed to interoperate under a set of shared security policies and standards. A security federation can enable secure data exchange and collaboration across organizational boundaries, while preserving the autonomy and privacy of each party. A security federation requires contractual arrangements, and a definition of the responsibility areas for the data exchanged, as well as security implications2

A risk assessment is a process that identifies, analyzes, and evaluates the risks that may affect the architecture. A risk assessment can help to determine the likelihood and impact of the threats and vulnerabilities that may compromise the security and privacy of the data assets. A risk assessment can also help to prioritize and mitigate the risks, and to monitor and review the risk situation3

Therefore, the best answer is D, because it describes the risk and security considerations that would be included in the current phase of the architecture development, which is focused on the Business Architecture. The answer covers the security domain model, the security federation, and the risk assessment techniques that are relevant to the scenario.

 1: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 35: Security Architecture and the ADM 2: The TOGAF Standard, Version 9.2, Part IV: Architecture Content Framework, Chapter 38: Security Architecture 3: The TOGAF Standard, Version 9.2, Part III: ADM Guidelines and Techniques, Chapter 32: Risk Management

In TOGAF, creating a Business Scenario is a foundational step in defining and understanding the business problem, especially for complex transformations involving multiple stakeholders and systems, such as in this scenario. This method aligns with Phase A (Architecture Vision) of the TOGAF Architecture Development Method (ADM). Here’s why this approach is the most effective:

Understanding Business Requirements:A Business Scenario provides a structured way to capture and analyze the business requirements, stakeholder concerns, and the contextual elements related to the problem. In this scenario, the company faces challenges in integrating newly acquired companies with existing operations, which includes complex stakeholder concerns across different functional areas. Developing a Business Scenario allows the EA team to break down these complexities into identifiable and manageable parts.

Risk Evaluation and Management:By using the Business Scenario approach, the EA team can not only define the requirements but also assess associated risks systematically. TOGAF emphasizes the importance of risk management through identifying potential risks, evaluating their impact, and defining strategies for handling these risks. The process includes assessing how risks can be avoided, transferred, or reduced—a necessary step in large-scale transformations to ensure that risks are proactively managed.

Residual Risks and Governance:Any risks that cannot be fully resolved should be identified as residual risks and escalated to the Architecture Board, which is aligned with TOGAF’s governance approach. The Architecture Board’s role in TOGAF is to provide oversight and make critical decisions on risks that exceed the control of the EA team. This ensures that unresolved risks are managed at the appropriate level of the organization.

Alignment with TOGAF ADM Phases:The Business Scenario approach directly aligns with the Preliminary and Architecture Vision phases of the TOGAF ADM, which focuses on establishing a baseline understanding of the business context and the strategic transformation required. The detailed understanding of requirements, stakeholder concerns, and risks identified here will guide the subsequent phases of the ADM, including Business Architecture and Information Systems Architecture.

TOGAF Reference (Section 2.6, ADM Techniques):TOGAF provides guidelines on the creation of Business Scenarios as part of ADM Techniques, highlighting the importance of defining a business problem comprehensively to ensure successful transformation. This method includes identification of stakeholders, business requirements, and associated risks, which aligns well with the company ' s need for strategic and systematic integration of new business units.

By utilizing a Business Scenario, the EA team ensures that all aspects of the transformation are well understood, risks are identified early, and residual risks are managed effectively, aligning with the company ' s strategic objectives and the TOGAF framework’s guidance on risk management and stakeholder alignment.