IBM Assessment: Cloud Computing Infrastructure Architect v1 Advanced Practice Exam: Hard Questions 2025

An enterprise is building a multi-region IBM Cloud architecture for a customer-facing API. Requirements: (1) survive a full region outage without manual intervention, (2) RPO near-zero for transactional data, (3) global users must be routed to the closest healthy endpoint, (4) minimize split-brain risk. Which design best meets these requirements?

A regulated workload requires strict network isolation between three environments (dev/test/prod) while still allowing shared access to a central logging and security tooling VPC. The organization also requires centralized control of inbound/outbound egress and the ability to deny lateral movement between environments. Which architecture is most appropriate?

A latency-sensitive microservices platform runs on Kubernetes and must support: (1) predictable low tail latency, (2) node-level isolation for certain services, (3) rapid scale-out during bursts, and (4) reduced operational overhead for node lifecycle. Which approach best balances these requirements?

A platform team must expose internal services to multiple application teams across accounts/projects while enforcing consistent authN/authZ, rate limiting, and request logging. Teams deploy independently and the organization wants minimal coupling to each service implementation. Which solution best fits?

A company needs an event-driven ingestion pipeline that must handle bursty traffic, guarantee at-least-once delivery, and allow reprocessing of events for up to 30 days. Downstream processing includes both real-time enrichment and batch analytics. Which design is most appropriate?

A team is troubleshooting intermittent failures when pulling container images in a private Kubernetes cluster. Symptoms: pulls succeed from some nodes but fail from others; failures increase during autoscaling; DNS resolution is healthy. The registry is private and requires authentication. Which is the most likely root cause and best corrective action?

A financial services workload requires: (1) encryption in transit and at rest for all data, (2) separation of duties so cloud admins cannot access application secrets, (3) evidence of key usage for audits, and (4) ability to rotate keys without re-encrypting large datasets when feasible. Which approach best meets these requirements?

A company must design network egress for workloads that process sensitive data. Requirements: (1) all outbound traffic must be inspected and logged, (2) only approved destinations allowed, (3) prevent data exfiltration via DNS tunneling and direct-to-internet access, (4) support both VM and Kubernetes workloads. Which solution is most appropriate?

During an audit, an organization must prove that production changes to cloud network policies and IAM roles are: (1) reviewed/approved, (2) traceable to an individual, (3) immutable once recorded, and (4) quickly reconstructable for a given incident window. Which control design best satisfies these requirements?

A legacy three-tier application is being migrated to IBM Cloud. The database cannot be changed for 9 months, and the application tier is tightly coupled to on-premises LDAP and NFS. The business requires minimal downtime and the ability to roll back quickly. Network connectivity to on-prem will be available but has occasional latency spikes. Which migration strategy is the best first step?