IBM C1000-172 IBM Cloud Professional Architect v6 Exam Practice Test

Answer : C

A security feature of IBM Cloud VPN for virtual private cloud (VPC) service is Perfect Forward Secrecy (PFS).

Perfect Forward Secrecy (PFS): PFS ensures that the compromise of one session key does not compromise the confidentiality of past sessions. It provides additional security for encrypted communications by generating unique keys for each session, making it a critical feature for VPN services.

IBM Cloud VPN for VPC: This service utilizes PFS to secure communication between the cloud environment and external networks, ensuring high levels of data protection and encryption.

Reference from IBM Cloud Professional Architect Materials:

The IBM documentation on IBM Cloud VPN describes PFS as a fundamental security feature for protecting data transmitted over the network.

Other options are incorrect:

A . Passive Peer Detection is not a security feature.

B . RSA key exchange is a cryptographic algorithm but does not describe a VPN-specific security feature.

D . Post-shared key is not a relevant term.

Answer : A

A key tenet of Modern Hybrid Cloud is that it focuses on the portability and automatic scaling of workloads.

Modern Hybrid Cloud: This concept revolves around the ability to seamlessly move and manage workloads across multiple cloud environments (public, private, and on-premises) with consistent security, management, and operational practices. Portability and automatic scaling are essential components that enable workloads to be dynamically allocated and scaled based on demand.

Portability and Scalability: By focusing on these aspects, a modern hybrid cloud provides flexibility and efficiency, ensuring that workloads can run optimally across different environments without being tied to a specific infrastructure.

Reference from IBM Cloud Professional Architect Materials:

IBM's materials on Hybrid Cloud emphasize the importance of workload portability and scalability as key factors in modern cloud architectures.

Other options are incorrect:

B . Focuses on lifting and shifting workloads quickly to the cloud is more of a migration strategy, not a core principle of a modern hybrid cloud.

C . Designed to mimic on-premises and D. Based on extending on-premises infrastructure do not encompass the broader goals of a hybrid cloud strategy.

Answer : A

IBM Cloud Hyper Protect Crypto Services is the correct service to use for encrypting IBM Cloud Kubernetes Service secrets and the etcd store with the organization's own root keys on FIPS 140-2 Level 4-certified hardware.

IBM Cloud Hyper Protect Crypto Services: This service provides a highly secure key management system and supports encryption operations using FIPS 140-2 Level 4-certified hardware. It ensures that the keys used to encrypt data never leave the secure boundary of the Hardware Security Module (HSM), which meets the highest level of security certification (Level 4).

Use Case Suitability: For organizations needing to meet stringent regulatory and compliance requirements (such as those demanding FIPS 140-2 Level 4 certification), Hyper Protect Crypto Services offers the necessary security controls to protect Kubernetes secrets and other sensitive data.

Reference from IBM Cloud Professional Architect Materials:

The IBM documentation on Hyper Protect Crypto Services confirms that it uses FIPS 140-2 Level 4-certified hardware, making it the correct choice for this requirement.

Other options are incorrect:

B . IBM Cloud Secrets Manager and C. IBM Cloud Key Protect do not utilize FIPS 140-2 Level 4-certified hardware.

D . IBM Cloud Managed Encryption Services is not a specific service related to the required encryption hardware.

Answer : A, C

When an organization has deployed Red Hat OpenShift on an IBM Cloud cluster on a Virtual Private Cloud (VPC) infrastructure and needs to connect to resources hosted on the IBM Cloud Classic infrastructure, IBM Cloud Direct Link and Transit Gateway are the two most suitable connectivity options.

IBM Cloud Direct Link:

IBM Cloud Direct Link provides dedicated, high-speed, and secure connectivity between IBM Cloud infrastructure components, including between VPCs and IBM Cloud Classic infrastructure. By establishing a Direct Link connection, traffic can securely flow between the Red Hat OpenShift workloads in the VPC and the applications or services running on the Classic infrastructure without traversing the public internet.

Transit Gateway:

IBM Cloud Transit Gateway allows organizations to establish a hub-and-spoke model of connectivity, facilitating communication between different networks, such as VPCs and Classic infrastructure, across IBM Cloud. With Transit Gateway, you can interconnect multiple VPCs and Classic networks, allowing seamless communication across the cloud environments. This option is ideal for managing traffic between isolated network segments while maintaining control over traffic routing and security policies.

These two options are typically used in multi-cloud or hybrid cloud architectures to ensure smooth, secure, and scalable communication between cloud environments (VPC and Classic infrastructure) in IBM Cloud.

IBM Cloud Documentation Reference:

IBM Cloud Direct Link

IBM Cloud Transit Gateway

Answer : C, E

When deploying an application to an IBM Cloud OpenShift cluster that requires persistent storage across zones within a region, Portworx and Block Storage are viable options.

Portworx: This is a cloud-native storage solution designed for containerized environments like Kubernetes and OpenShift. Portworx provides highly available, scalable, and persistent storage that spans multiple zones within a region, ensuring data redundancy and availability.

Block Storage: IBM Cloud Block Storage provides persistent, high-performance storage that can be attached to virtual servers or containers. It is designed to offer cross-zone availability when configured with the necessary replication and redundancy settings.

Comparison with Other Options:

A (Kubernetes local volume storage): Not suitable for spanning multiple zones as it is tied to specific nodes.

B (Object Storage): Designed for storing large amounts of unstructured data; it is not typically used for persistent storage in Kubernetes.

D (NetApp on Tap): Primarily used for network-attached storage and might not be optimized for persistent storage across multiple zones in OpenShift.

IBM Cloud Block Storage Documentation

Portworx on IBM Cloud

IBM Cloud Architect Exam Study Guide

Answer : C

IBM Cloud follows the FedRAMP (Federal Risk and Authorization Management Program) to ensure its services meet the security and compliance standards of the US government.

FedRAMP: It is a U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP authorization is mandatory for any cloud services used by federal agencies, ensuring they meet strict security requirements.

IBM Cloud Compliance: IBM Cloud adheres to FedRAMP standards to provide its services to government agencies, ensuring that its cloud solutions meet stringent security and compliance requirements, as documented in IBM's FedRAMP Certification.

Why Other Options are Incorrect:

A . CIS (Center for Internet Security) and B. NIST (National Institute of Standards and Technology) are frameworks and standards organizations but not specific programs like FedRAMP.

D . FIPS (Federal Information Processing Standards) defines security and interoperability standards but does not pertain to the overall authorization of cloud services.

Answer : A

IBM Cloud Analytics Engine supports several programming languages for developing big data analytics. The correct answer is Java, Scala, Python, and R.

IBM Cloud Analytics Engine: This service provides a fully managed Apache Spark service designed to handle big data analytics. Apache Spark, the core engine behind IBM Cloud Analytics Engine, supports multiple programming languages like Java, Scala, Python, and R to build, test, and deploy big data applications.

Supported Languages: According to the IBM Cloud Analytics Engine documentation, developers can use Java, Scala, Python, and R to interact with Spark. This flexibility allows data scientists and engineers to use the language they are most comfortable with or that best suits their project requirements.

Why Other Options are Incorrect:

B . Scala, Python, and R is incomplete as it omits Java.

C . Python and R only is incorrect since it excludes both Java and Scala.

D . C, C++, Java, Scala, Python, and R is incorrect because C and C++ are not supported by Apache Spark in this context.