50 IBM Assessment: Cloud Computing Infrastructure Architect v1 Practice Questions: Question Bank 2025

A team is designing a highly available web application on a cloud platform. They want to ensure that if one availability zone fails, the application remains available with minimal disruption. Which design best meets this requirement?

An architect is selecting a cloud service to decouple a microservices-based order processing system. The system needs asynchronous communication, buffering during traffic spikes, and retries without blocking the caller. Which platform service best fits?

A security team requires that all administrative access to cloud-hosted Linux servers uses short-lived credentials and does not allow inbound SSH from the public internet. Which approach is the best practice?

A company is planning a migration of several applications. One application is business-critical, requires minimal code changes, and must be moved quickly to reduce data center costs. Which migration strategy is most appropriate?

A retail application uses a cloud load balancer in front of multiple stateless web servers. Users report intermittent logouts when requests are routed to different servers. Session state is currently stored in server memory. What is the best architectural fix?

A platform team wants to standardize deployment of containerized applications and ensure automatic scaling, rolling updates, and self-healing of failed instances. Which cloud platform capability best addresses these requirements?

An organization must demonstrate compliance by ensuring customer data is encrypted at rest and that encryption keys are tightly controlled and auditable. Which approach best meets this requirement?

After migrating to the cloud, an application’s monthly compute spend is high and usage is unpredictable. Monitoring shows that average CPU is low most of the day, with short peaks during business hours. What is the most effective optimization approach?

A financial services company is building a multi-region active-active architecture. The application requires strongly consistent writes for account balances and must prevent double-spend. Latency requirements are strict, and the design must tolerate regional outages. Which data strategy is most appropriate?

A company must meet strict regulatory requirements for workload isolation between tenants on the same cloud platform. They want to minimize the risk of data leakage due to misconfiguration and need clear separation for auditing. Which design choice best satisfies this requirement?

A retailer is designing a highly available three-tier application across two availability zones. They want the web tier to scale horizontally, and the application tier instances must not be directly reachable from the internet. Which design best meets these requirements?

A team needs to enforce least-privilege access for administrators managing cloud resources. They want to avoid using long-lived credentials and require that elevated access be time-bound and auditable. Which approach is most appropriate?

An application experiences spiky traffic and the operations team wants to avoid managing servers while ensuring rapid scaling. Which cloud platform service model best fits this requirement?

A regulated enterprise must ensure that object storage data is encrypted at rest using customer-controlled keys and that key usage is auditable. Which solution best satisfies this requirement?

During a migration, an architect discovers that a legacy application stores user sessions on the local filesystem of each web server, causing users to lose sessions when load balanced across instances. What is the best cloud-native remediation?

A microservices application running on Kubernetes has intermittent outages. Investigation shows the liveness probe is configured to check a downstream dependency, causing pods to restart whenever the dependency is slow. What change is the best practice to improve stability?

A company must meet a requirement that production workloads cannot communicate with development workloads except through a controlled shared service (e.g., an API gateway). Which approach best enforces this in a cloud network design?

A data processing workload runs nightly and finishes in 2 hours, but it is currently deployed on always-on virtual machines. The goal is to reduce waste while maintaining the same completion time. Which optimization is most appropriate?

A financial services company requires that no cloud operator (including the provider) can decrypt customer data stored in the cloud, but the application must still be able to search over some fields. Which architecture best aligns with this requirement?

A global application must provide low-latency access for users in multiple regions and continue operating if an entire region becomes unavailable. Data writes must be accepted in multiple regions with conflict handling. Which design is most appropriate?

A team needs a quick way to validate that newly provisioned IBM Cloud Virtual Server Instances have correct routes to on-prem networks over a VPN. The test should not require installing extra tooling on the servers. What is the MOST appropriate approach?

An architect must design a cloud network for a multi-tier application where only the web tier should be reachable from the internet. The app and database tiers must not have public IPs, but they must be reachable from the web tier. Which design BEST meets this requirement?

A customer wants to ensure that administrative actions in their IBM Cloud account (for example, IAM policy changes and API key creation) can be investigated after the fact. What should the architect recommend?

A SaaS provider is deploying the same application stack to multiple isolated environments (dev, test, prod). They want consistent, repeatable provisioning and the ability to peer review changes before deployment. Which approach BEST supports this goal?

A microservices application experiences sporadic timeouts between services. The platform team suspects intermittent DNS resolution issues within the VPC. What is the MOST effective first troubleshooting step?

A regulated customer requires that encryption keys used for object storage be controlled by their security team, with strict access controls and the ability to rotate keys. Which solution BEST addresses this requirement?

A team wants to build an event-driven ingestion pipeline where new objects uploaded to storage trigger downstream processing, without managing servers. Which design is MOST appropriate?

A bank is migrating a legacy application to the cloud. The application currently depends on hard-coded IP allowlists between tiers, and frequent scaling is expected after migration. What is the BEST architectural change to reduce operational risk while maintaining strong network controls?

During a compliance review, auditors ask for proof that production access is granted using least privilege and is regularly revalidated. Which set of controls BEST satisfies this requirement?

A global application requires low-latency access for users in multiple regions and must remain available if a single region becomes unavailable. The database is stateful and cannot tolerate split-brain writes. Which architecture BEST meets these requirements?

A financial services company must ensure that database backups stored in the cloud cannot be deleted or altered for a defined retention period to satisfy regulatory requirements. Which approach best meets this requirement?

A team is designing a multi-tier cloud application and wants to reduce the attack surface by ensuring web servers have internet access while application and database tiers are not directly reachable from the public internet. Which design best follows this requirement?

A development team needs an event-driven integration where an object upload triggers downstream processing without polling. Which cloud platform capability best fits this requirement?

A company’s application experiences unpredictable traffic spikes. They want to maintain performance while minimizing manual intervention. Which strategy best addresses this need?

A company must enforce that only approved images are deployed to production Kubernetes clusters. Which control best supports this requirement?

A microservices application uses a message queue for asynchronous processing. During peak periods, backlog grows and processing latency increases. Which change most directly improves throughput while preserving decoupling?

A company is migrating a legacy application to the cloud. The application writes files to a local shared filesystem and expects low-latency access from multiple compute instances. Which cloud storage pattern is most appropriate?

After migrating to the cloud, an application intermittently fails to connect to an external API. Logs show connections timing out, and the failures correlate with periods of high outbound traffic. What is the most likely cause and best first mitigation?

A healthcare organization requires that cloud administrators cannot access sensitive application data, but operations teams must still be able to manage infrastructure. Which design best supports this separation of duties?

A global SaaS provider is designing for resilience against a regional cloud outage. The application uses a relational database with strict consistency requirements for writes. Which architecture best meets high availability across regions?

An architect is reviewing a new cloud network design. The team wants strict separation between public-facing services and backend systems while still allowing controlled application-to-database access. Which approach best meets this requirement?

A security team requires that all API calls to cloud resources be traceable to an individual identity and retained for forensic analysis. What is the BEST control to implement?

A team is moving a stateless web API to the cloud and wants to automatically add or remove instances based on demand without changing application code. Which solution is MOST appropriate?

A hybrid environment connects on-premises to cloud via VPN. Users report intermittent timeouts to a private cloud service. Monitoring shows spikes in latency only during large file transfers. Which change is MOST likely to resolve the issue?

A financial services customer must ensure encryption keys are controlled by the organization and that key usage is auditable. Which design BEST satisfies this requirement?

A microservices application experiences occasional spikes in response time. Tracing indicates many synchronous calls between services, and failures cascade when one dependency is slow. Which platform pattern MOST directly improves resilience?

A company is designing a multi-region active/active application with a global user base. They require low latency, fast failover, and minimal manual intervention when a region becomes unavailable. Which solution BEST meets these requirements?

A migration team is lifting and shifting a legacy application. After moving to the cloud, the monthly compute usage is higher than expected because instances run at low average utilization. What is the BEST next step to optimize costs without sacrificing availability?

A regulated workload requires that administrators cannot read sensitive customer data in object storage, but applications must still be able to decrypt it at runtime. Which control BEST addresses this requirement?

An enterprise is implementing a landing zone for multiple teams. They need guardrails that prevent teams from deploying internet-facing resources without explicit approval, while still allowing self-service provisioning within approved boundaries. What is the BEST approach?