Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam OGEA-103 All Questions

View all questions & answers for the OGEA-103 exam

Exam OGEA-103 topic 1 question 51 discussion

Actual exam question from The Open Group's OGEA-103
Question #: 51
Topic #: 1
[All OGEA-103 Questions]

Please read this scenario prior to answering the question

Your role is that of a senior architect, reporting to the Chief Enterprise Architect, at a medium sized company with 400 employees. The nature of the business is such that the data and the information stored on the company systems is their major asset and is highly confidential.

The company employees travel extensively for work and must communicate over public infrastructure using message encryption, VPNs, and other standard safeguards. The company has invested in cybersecurity awareness training for all its staff. However, it is recognized that even with good education as well as system security, there is a dependency on third-party suppliers of infrastructure and software.

The company uses the TOGAF standard as the method and guiding framework for its Enterprise Architecture (EA) practice. The CTO is the sponsor of the activity. The Chief Security Officer (CSO) has noted an increase in ransomware (malicious software used in ransom demands) attacks on companies with a similar profile. The CSO recognizes that no matter how much is spent on education, and support, it is likely just a matter of time before the company suffers a significant attack that could completely lock them out of their information assets.

A risk assessment has been done and the company has sought cyber insurance that includes ransomware coverage. The quotation for this insurance is hugely expensive. The CTO has recently read a survey that stated that one in four organizations paying ransoms were still unable to recover their data, while nearly as many were able to recover the data without paying a ransom. The CTO has concluded that taking out cyber insurance in case they need to pay a ransom is not an option.


Refer to the scenario -

You have been asked to describe the steps you would take to improve the resilience of the current architecture?

Based on the TOGAF standard which of the following is the best answer?

  • A. You would ensure that the company has in place up-to-date processes for managing change to the current Enterprise Architecture. Based on the scope of the concerns raised you recommend that this be managed at the infrastructure level. Changes should be made to the baseline description of the Technology Architecture. The changes should be approved by the Architecture Board and implemented by change management techniques.
  • B. You would determine business continuity requirements, and undertake a gap analysis of the current Enterprise Architecture. You would make recommendations for change requirements to address the situation and create a change request. You would manage a meeting of the Architecture Board to assess and approve the change request. Once approved you would produce a new Request for Architecture Work to activate an ADM cycle to carry out a project to define the change.
  • C. You would request an Architecture Compliance Review with the scope to examine the company's resilience to ransomware attacks. You would identify the departments involved and have them nominate representatives. You would then tailor checklists to address the requirement for increased resilience. You would circulate to the nominated representatives for them to complete. You would then review the completed checklists, identifying and resolving issues. You would then determine and present your recommendations.
  • D. You would monitor for technology changes from your existing suppliers that could improve resilience. You would prepare and run a disaster recovery planning exercise for a ransomware attack and analyze the performance of the current Enterprise Architecture. Using the findings, you would prepare a gap analysis of the current Enterprise Architecture. You would prepare change requests to address identified gaps. You would add the changes implemented to the Architecture Repository.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
SubscriberHK
3 months, 3 weeks ago
Selected Answer: B
B - Business continuity is important to this company, hence the steps in B is make sense.
upvoted 1 times
...
Curiousity
7 months, 1 week ago
Selected Answer: B
A: This has no reference to risk/Continuity, Disaster Recovery B: It suggest to analyse the Improvement and then initiate a Formal ADM to address it. C: No change Request or vADM cycle D: Change request but no formal Request for Architectural work.
upvoted 1 times
Curiousity
7 months, 1 week ago
It suggests to analyse the Improvement potential and then initiate a Formal ADM to address it.
upvoted 1 times
...
...
k007
8 months ago
Explanation ?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...