The Open Group TOGAF Enterprise Architecture Part 2 Sample Questions:

1. You are working as an Enterprise Architect within an Enterprise Architecture (EA) team at a large government agency with multiple divisions. The agency has a well-established EA practice and follows the TOGAF standard as its method for architecture development. The government has mandated that the agency prepare for an "AI-first" world.
The agency wants to determine the impact and role of AI in its future services. The CIO has approved a Request for Architecture Work to explore the use of AI in services. Some leaders are concerned about reliance on AI, security, and employees' need to acquire new skills.
The EA team leader seeks suggestions on managing the risks associated with a new architecture for the AI-first project. Based on the TOGAF standard, which of the following is the best answer?

A) Create an organization map to show the links between different agency parts. Hold a meeting to teach stakeholders to interpret the models. Manage risks as part of Security Architecture development.
B) Identify key stakeholders and develop a Communication Plan that addresses their needs. Ensure the architecture addresses risk management and summarizes features of the architecture.
C) Separate stakeholders into groups and categorize them. Develop models for each group and verify that their concerns are addressed in Phase G, Implementation Governance.
D) Conduct an analysis of stakeholders, documenting their concerns and recording them in the Architecture Vision document. Risks should be recorded in the Architecture Requirements Specification and reviewed regularly.

2. Please read this scenario prior to answering the question
You are employed as an Enterprise Architect within a clinical research and health technologies company. The company is dedicated to transforming healthcare with new ideas and advancements. The company has multiple divisions that cover different aspects of the business.
The company's Enterprise Architecture (EA) department has mature, well-developed architecture governance and development processes following the TOGAF standard.
In addition to the EA program, the company has a number of management
frameworks in use. The Architecture Board includes representatives from each division of the company. The Chief Information Officer (CIO) is the sponsor of the Enterprise Architecture program. The CIO has actively encouraged architecting with agility within the EA department as the preferred approach for projects.
Many of the company's rivals have begun using Artificial Intelligence (Al) in their operations, and the indications are that this will be transformative for healthcare delivery. This is something the EA department has been interested in for a while, and they had recently submitted an architecture Change Request which was approved. As a result, the CIO has approved a Request for Architecture Work to investigate the implementation of Al in the company.
Areas for evaluation include:
How can staff use Al daily in their current roles?
How can Al enhance access to care for patients, and how to make that experience seamless?
How can Al offer new workplace platforms and tools to increase efficiency?
Some of the top managers are worried about a change in the way of working, and if it will achieve the goals. Many are not confident that the company's risk management processes are adequate for a company-wide integration of generative Al. There are also questions from staff about whether enough specific guidelines and polices have been put in place for responsible use of Al.
Refer to the scenario
You have been assigned to the architecture development and asked how to address the concerns and manage risk for the project. How do you begin?
Based on the TOGAF standard which of the following is the best answer?

A) You recommend that an analysis of the stakeholders is carried out. This willallow the architects to define groups of stakeholders who have commonconcerns and include development of a Stakeholder Map. The concerns andrelevant views should then be defined for each group and recorded in theArchitecture Vision document. To mitigate risk, you include a requirement thatthere be progressive development of the target architecture to ensure there isregular feedback.
B) You recommend creation of a simple solution concept diagram to show howthe stakeholders will be impacted, and the benefits to the firm. You would alsocreate a benefits diagram showing the various opportunities from adoption ofAl-based solutions. A meeting should be held with the main stakeholders toreview the diagrams. They can then decide the priorities and sequencingdecisions for the architecture development. Risk will be evaluated whendefining the Architecture Roadmap.
C) You recommend that models be created for the Draft Business, Data,Application, and Technology Architectures. These can be used to minimize risk,and make sure that the system meets the local regulations for each division.Together with the problem description, and requirements, these should beincluded in the Architecture Vision document. A formal review should be heldwith the stakeholders to verify that their concerns are included in theArchitecture Vision.
D) You recommend that all the stakeholders be identified, and a CommunicationsPlan created to address the most powerful and influential stakeholders. Thisplan should include a report that summarizes the key features of thearchitecture with respect to each division and reflects the stakeholders'requirements. You will check with each key stakeholder that their concerns arebeing addressed. Risk mitigation should be explicitly addressed as acomponent of the architecture being developed.

3. Please read this scenario prior to answering the question
Your role is consultant to the Lead Architect within a multinational company that manufactures electronic components. The company has several manufacturing divisions located worldwide and a complex supply chain. After a recent study, senior management have stated a concern about business efficiency considering the company's multiple data centers and duplication of applications.
The company has a mature Enterprise Architecture (EA) practice and uses the TOGAF architecture development method in its EA practice. In addition to the EA program, the company has several management frameworks in use, including business planning, project/portfolio management, and operations management. The EA program is sponsored by the CIO.
A strategic architecture has been defined to improve the ability to meet customer demand and improve management of the supply chain. The strategic architecture includes the consolidation of multiple Enterprise Resource Planning (ERP) applications that have been operating independently in the divisions' production facilities.
Each division has completed the Architecture Definition documentation to meet its own specific manufacturing requirements. The enterprise architects have defined a set of work packages that address the gaps identified. They have identified the value produced, effort required, and dependencies between work packages to reach a farget architecture that would integrate a new ERP environment into the company.
Because of the risks posed by change from the current environment, the architects have recommended that a phased approach occurs to implement the target architecture with several transition states. The overall implementation process is estimated to take several years.
Refer to the scenario
You have been asked what the next steps are for the migration planning.
Based on the TOGAF standard which of the following is the best answer?

A) You assess how the Implementation and Migration plan impacts the other frameworks in use in the organization. Minimally, you ensure that the plan is coordinated with the business planning, project/portfolio management and operations management frameworks. You would then assign a business value to each work package, considering available resources and strategic fit. You then use the work packages to identify projects that will be in the Implementation and Migration Plan
B) You place the Architecture Definition Document under configuration control. This will ensure that the architecture remains relevant and responsive to the needs of the enterprise. You would identify the development resources to undertake the projects. You would then produce an Implementation Governance Model to manage the lessons learned prior to finalizing the plan. You recommend that lessons learned be applied as changes to the architecture without review.
C) You conduct a series of Compliance Assessments to ensure that the architecture is being implemented according to the contract. The Compliance Assessment should verify that the implementation team is using the proper development methodology. It should include deployment of monitoring tools and ensure that performance targets are being met. If they are not met, then you would identify changes to performance requirements and update those in the Implementation and Migration Plan.
D) You estimate the business value for each project by applying the Business Value Assessment Technique to prioritize the implementation projects and project increments. The assessment should focus on return on investment and performance evaluation criteria that can be used to monitor the progress of the architecture transformation. You would confirm and plan a series of Transition Architecture phases using an Architecture Definition Increments Table that lists the projects.

4. Please read this scenario prior to answering the question
Your role is that of a senior architect, reporting to the Chief Enterprise Architect, at a medium-sized company with 400 employees. The nature of the business is such that the data and the information stored on the company systems is their major asset and is highly confidential.
The company employees travel extensively for work and must communicate over public infrastructure using message encryption, VPNs, and other standard safeguards. The company has invested in cybersecurity awareness training for all its staff. However, it is recognized that even with good education as well as system security, there is a dependency on third-parly suppliers of infrastructure and software.
The company uses the TOGAF standard as the method and guiding framework for its Enterprise Architecture (EA) practice. The CTO is the sponsor of the activity.
The Chief Security Officer (CSO) has noted an increase in ransomware (malicious software used in ransom demands) attacks on companies with a similar profile. The CSO recognizes that no matter how much is spent on education, and support, it is likely just a matter of time before the company suffers a significant attack that could completely lock them out of their information assets.
A risk assessment has been done and the company has sought cyber insurance that includes ransomware coverage. The quotation for this insurance is hugely expensive. The CTO has recently read a survey that stated that one in four organizations paying ransoms were still unable to recover their data, while nearly as many were able to recover the data without paying a ransom. The CTO has concluded that taking out cyber insurance in case they need to pay a ransom is not an option.
Refer to the scenario
You have been asked to describe the steps you would take to improve the resilience of the current architecture?
Based on the TOGAF standard which of the following is the best answer?

A) You would request an Architecture Compliance Review with the scope to examine the company's resilience to ransomware attacks. You would identify the departments involved and have them nominate representatives. You would then tailor checklists to address the requirement for increased resilience. You would circulate to the nominated representatives for them to complete. You would then review the completed checklists, identifying and resolving issues. You would then determine and present your recommendations.
B) You would ensure that the company has in place up-to-date processes for managing change to the current Enterprise Architecture. Based on the scope of the concerns raised you recommend that this be managed at the infrastructure level. Changes should be made to the baseline description of the Technology Architecture. The changes should be approved by the Architecture Board and implemented by change management techniques.
C) You would determine business continuity requirements, and undertake a gap analysis of the current Enterprise Architecture. You would make recommendations for change requirements to address the situation and create a change request. You would manage a meeting of the Architecture Board to assess and approve the change request. Once approved you would produce a new Request for Architecture Work to activate an ADM cycle to carry out a project to define the change.
D) You would monitor for technology changes from your existing suppliers that could improve resilience. You would prepare and run a disaster recovery planning exercise for a ransomware attack and analyze the performance of the current Enterprise Architecture. Using the findings, you would prepare a gap analysis of the current Enterprise Architecture. You would prepare change requests to address identified gaps. You would add the changes implemented to the Architecture Repository.

Solutions: