OGEA-103 Exam Dumps | Please read this scenario prior to answering the question You are employed as an Enterprise Architect,

<< Prev Question Next Question >>

Question 49/56

Please read this scenario prior to answering the question
You are employed as an Enterprise Architect, reporting to the Chief Enterprise Architect, at a technologycompany. The company uses the TOGAF standard as the method and guiding framework for its EnterpriseArchitecture (EA) practice.
The nature of the business is such that the data and the information stored on the company systems is thecompany's major asset and is highly confidential. The company employees travel a lot for work and need tocommunicate over public infrastructure. They use message encryption, secure internet connections usingVirtual Private Networks (VPNs), and other standard security measures. The company has providedcomputer security awareness training for all its staff. However, despite good education and system security,there is still a need to rely on third-party suppliers for infrastructure and software.
The Chief Security Officer (CSO) has noted an increase in ransomware (malicious software used in ransomdemands) attacks on companies with a similar profile. The CSO recognizes that no matter how much isspent on education, and support, the company could be a victim of a significant attack that could completelylock them out of their important data.
A risk assessment has been completed and the company has looked for cyber insurance that coversransomware. The price for this insurance is very high. The CTO recently saw a survey that said 1 out of
4businesses that paid ransoms could not get their data back, and almost the same number were able torecover the data without paying. The CTO has decided not to get cyber insurance to cover ransom payment.
The Chief Technology Officer (CTO) is the sponsor of the EA project. The practice uses an iterativeapproach for its architecture development. This has enabled the decision makers to gain valuable insightsinto the different aspects of the business.
Refer to the scenario
You have been asked to describe the steps you would take to strengthen the current architecture toimprove data protection.
Based on the TOGAF standard which of the following is the best answer?

A. You would ensure that the business value and cost of continuity measures are understood by keystakeholders and would ensure that the company has in place up-to-date processes for managingchange to the current Enterprise Architecture. You recommend that mitigation for a ransomwareattach be addressed at the infrastructure level with specific technology controls. Changes shouldbe made to the baseline description of the Technology Architecture. The changes should beapproved by the Architecture Board and a change request approved.

B. You would hold an Architecture Compliance Review with the scope to examine the company'sability to respond to ransomware attacks. You would identify the departments involved and havethem nominate representatives. You would then tailor checklists to address the requirement forincreased business continuity and resilience. You would circulate to the nominated representativesfor them to complete.
You would then review the completed checklists, identifying and resolvingissues. You would then determine and present your recommendations.

C. You would run an assessment to identify the business continuity requirements and analyze the current Enterprise Architecture for gaps. You would create a change request to start a further cycleof architecture work to address changes to mitigate such an attack. You would arrange a meetingof the Architecture Board to assess and approve the change request. Once approved you wouldcreate a new Request for Architecture Work to begin an ADM cycle to implement the changes.

D. You would contact existing suppliers for technology that could enhance the company's capabilitiesto detect, react, and recover from an incident. You would perform an analysis and assessment of asimulated ransomware attack to evaluate the current Enterprise Architecture's resilience andrecovery capabilities. Using the findings, you would prepare a gap analysis of the currentEnterprise Architecture.You would prepare change requests to address identified gaps. You wouldadd the changes implemented to the Architecture Repository.

Correct Answer: C

The question asks:
"What steps would you take to strengthen the current architecture to improve data protection?" This requires understanding how TOGAF handles:
* Business continuity requirements
* Gap analysis in existing architecture
* Architecture change requests
* Triggering a new ADM cycle
* Governance via the Architecture Board
OptionCis the only answer that aligns correctly with TOGAF's formalArchitecture Change Management process (ADM Phase H) and how to progress from identifying gaps to initiating a new cycle.
#Why Option C Is Correct
#1. Starts with identifying business continuity requirements
TOGAF Phase A and Phase B require understanding business continuity and information security requirements as part of architecture development.
#2. Analyzes the current architecture for gaps
Gap analysis is a required step in:
* Phase B (Business Architecture)
* Phase C (Data/Application Architecture)
* Phase D (Technology Architecture)
It is also part of Architecture Change Management (Phase H) when examining existing threats or deficiencies.
#3. Creates a Change Request
In TOGAF, if gaps or new risks require architectural enhancements, aformal Change Requestis submitted.
This is a mandatory TOGAF mechanism.
#4. Architecture Board evaluates the Change Request
The Architecture Board approves major changes before a new cycle starts - exactly as described in option C.
#5. Initiates a new ADM cycle with a RfAW
TOGAF explicitly states:
A new or major architecture change requires aRequest for Architecture Workbefore beginning a new ADM cycle.
Option C follows this sequencing precisely:
* Identify requirements # analyze gaps # issue change request # Architecture Board approval # create RfAW # start new ADM cycle.
This is textbook TOGAF.
#Why the Other Options Are Incorrect
A - Too narrow and focuses only on Technology Architecture
* The problem spans business continuity, data protection, and enterprise-wide readiness - not just infrastructure.
* Does not include gap analysis, stakeholder analysis, or initiating a formal ADM cycle.
* Incorrectly reduces ransomware mitigation to technology controls.
B - Architecture Compliance Review is inappropriate here
A Compliance Review is used to:
* Ensureimplementationconforms to architectureNot to:
* Identify new risks
* Strengthen the architecture
* Conduct gap analysisThis option is misusing the review process.
D - Supplier-driven, not TOGAF-driven
* Involves contacting suppliers prematurely - not aligned with TOGAF's architecture-first methodology.
* Does not involve Architecture Board approval before pursuing solutions.
* Jumps into solutioning before architectural approval.
#Relevant TOGAF References
* Phase H: Architecture Change Management
* Manage changes
* Evaluate impacts
* Generate change requests
* Architecture Board Roles
* Approves Change Requests
* Governs new ADM cycles
* Request for Architecture Work
* Used to formally launch a new ADM cycle

Question 49/56

LEAVE A REPLY

Download PDF File