Quick Reference: Scenario Analysis
Fast-track refresher for reading, annotating, and architecting from a CTA scenario document. The 180-minute preparation phase is your most constrained resource — how you spend it determines your entire board performance.
The 180-Minute Battlefield
gantt
title CTA Preparation Phase (180 min)
dateFormat mm
axisFormat %M min
section Reading
Pass 1 - Skim for structure :p1, 00, 20m
Pass 2 - Annotate by domain :p2, after p1, 30m
section Design
System Landscape + Data Model :d1, after p2, 40m
Security + Integration :d2, after d1, 30m
Migration + Governance + DevOps :d3, after d2, 20m
section Prepare
Presentation flow + speaking notes :pr, after d3, 20m
Review + gap check + buffer :rv, after pr, 20m
Time Allocation by Scenario Type
| Phase | Standard (3-4 systems) | Integration-Heavy (5+ systems) | Org-Strategy (complex BU) |
|---|---|---|---|
| Pass 1: Skim | 15-20 min | 15 min | 20 min |
| Pass 2: Annotate | 25-30 min | 20-25 min | 25-30 min |
| Solution design & diagrams | 90 min | 100 min | 90 min |
| Presentation prep | 20 min | 15 min | 20 min |
| Review & buffer | 15-20 min | 15 min | 15-20 min |
The number one time trap
Spending too long on the data model or system landscape and running out of time for governance, dev lifecycle, and presentation prep. Set hard timers for each phase and move on even if the diagram is not perfect.
What Every Scenario Contains
Regardless of industry, every CTA scenario includes these elements:
| Element | What to Extract | Maps to Domain |
|---|---|---|
| Company overview (industry, size, regions) | Scale, regulatory implications | D1 System Architecture |
| Current state systems | Integration landscape, technical debt | D5 Integration |
| User types & counts | License strategy, sharing model | D1, D2 Security |
| Business requirements | Solution components | D4 Solution Architecture |
| Data volumes & growth | LDV strategy, archival needs | D3 Data |
| External systems | Integration patterns, middleware decisions | D5 Integration |
| Compliance / regulatory mentions | Security model, encryption, audit | D2 Security |
| Timeline & phasing | Environment strategy, release plan | D6 Dev Lifecycle |
| Stakeholder concerns | Prioritization, change management | D7 Communication |
The 9 Essential Artifacts Checklist
| # | Artifact | Domain(s) | Must Show |
|---|---|---|---|
| 1 | Company Overview & Context | D7 | Business context, scope, success criteria |
| 2 | Actors & Licenses | D1, D2 | All user types, license types, access channels |
| 3 | System Landscape | D1, D5 | All orgs, external systems, integration points |
| 4 | Data Model (ERD) | D3 | Key objects, relationships, cardinality, volumes |
| 5 | Role Hierarchy & Sharing | D2 | Role tree, OWD settings, sharing rules |
| 6 | Identity & Access (SSO) | D2 | Auth flow, IdP, SSO protocol, MFA |
| 7 | Data Migration Strategy | D3 | Source-to-target, sequencing, tooling, cutover |
| 8 | Governance Model | D6, D7 | Decision structure, change mgmt, stakeholder cadence |
| 9 | Development & Deployment | D6 | Environments, branching, CI/CD, testing |
Hidden Requirements — What the Scenario Won’t Say Explicitly
These are never stated but always expected in your solution:
| Category | Scenario Clue | What to Address |
|---|---|---|
| Performance | Data volume numbers, user counts | LDV strategies, caching, async processing |
| Scalability | ”Plans to expand,” growth projections | Elastic design, multi-tenant considerations |
| Availability | Global ops, 24/7, mission-critical | DR strategy, backup, SLA commitments |
| Security | Regulated industry, data sensitivity | Encryption, audit trails, compliance |
| Maintainability | Multiple dev teams, ongoing ops | Code standards, documentation, governance |
Implicit Requirements by Industry
| Industry | You Must Address (Even If Not Stated) |
|---|---|
| Healthcare | HIPAA, PHI handling, consent, audit trails |
| Financial Services | SOX, PCI DSS, encryption, regulatory reporting |
| Government | FedRAMP, data sovereignty, accessibility |
| Retail | PCI for payments, seasonal scaling, CCPA/GDPR |
| Any global company | Data residency, GDPR, multi-currency, time zones |
The “Big 3” Diagram Priority
Spend 80% of diagram time on your first 3 diagrams. A polished Big 3 scores higher than 6 rough diagrams.
| Scenario Signal | Diagram 1 (Must) | Diagram 2 (Should) | Diagram 3 (Should) |
|---|---|---|---|
| Multi-system enterprise | Integration / Data Flow | System Landscape | Security Model |
| Complex business units | System Landscape (Org) | Data Model (ERD) | Integration Flow |
| Large data volumes | Data Model (ERD) | Migration / ETL Flow | System Landscape |
| Regulated industry | Security Architecture | System Landscape | Data Flow |
Ambiguity Handling — The Five-Finger Method (study-aid mnemonic)
When you encounter vague or missing information (and you will), use this structure:
| Finger | Say This |
|---|---|
| 1. “In order to…” | State the business requirement |
| 2. “I recommend…” | State your solution |
| 3. “Assuming that…” | State your assumption |
| 4. “I considered…” | Name the alternative |
| 5. “But I chose this because…” | Justify your decision |
Example
“In order to support real-time inventory sync between SAP and Salesforce, I recommend a Platform Events integration via MuleSoft, assuming that SAP supports outbound real-time notifications. I considered a batch polling approach, but I chose event-driven because the scenario specifies ‘near real-time’ visibility for the sales team.”
Reverse-Engineered Use Cases
Use Case 1: The Buried Mobile Requirement
Scenario: A manufacturing company scenario mentions in a stakeholder quote on page 6: “Our field reps need to update work orders on-site, even in areas with poor connectivity.”
What most candidates miss: This buried sentence requires offline-capable mobile architecture — Salesforce Mobile App with offline briefcase or a custom mobile solution.
What to do: During Pass 2, when you color-code this as a D1 (System Architecture) requirement, flag it prominently. Address it in your system landscape with a mobile architecture component and in your solution architecture with the offline data sync strategy.
Use Case 2: The Conflicting Stakeholder Priorities
Scenario: The VP of Sales wants “real-time pipeline visibility across all regions” while the CIO wants “minimal integration complexity and low TCO.”
What to do: Acknowledge the tension explicitly. “These priorities are in tension — real-time visibility requires more integration infrastructure. I balance this by using Change Data Capture for the highest-priority pipeline data (satisfying the VP) while keeping the integration architecture event-driven and serverless to minimize operational overhead (satisfying the CIO). The trade-off is a 5-minute data freshness lag on secondary objects.”
Use Case 3: The Unstated Compliance Requirement
Scenario: A financial services company operating in the US and EU. The scenario mentions “customer financial data” but never says “GDPR” or “SOX.”
What to do: Address both regulations proactively. State your assumption: “Given the EU operations and financial data handling, I assume GDPR and SOX compliance are required.” Then design for data residency (EU data stays in EU), encryption at rest (Shield Platform Encryption), audit trails, and data retention policies. Judges expect you to identify implicit compliance needs.
Deep-Dive References
- Scenario Patterns & Domain Coverage Strategies — full scenario analysis guide
- Complete Review Board Guide — exam structure, prerequisites, scoring
- Review Board Preparation Guide — comprehensive prep strategies
- Reading Framework Quick-Reference