50 IBM Cloud Platform Application Development v2 Practice Questions: Question Bank 2025

A developer needs to store IBM Cloud API keys for a CI/CD pipeline so they are not hard-coded in scripts. Which IBM Cloud service is the best practice to centrally store and access these secrets?

An application running on IBM Cloud needs to call multiple IBM Cloud services using short-lived credentials without embedding a long-lived API key. What is the recommended approach?

A team wants an HTTP API endpoint that triggers a backend function to resize images when new objects arrive in storage. They prefer a serverless approach with minimal operations. Which architecture best meets this requirement on IBM Cloud?

A developer is troubleshooting why a microservice cannot reach an IBM Cloud database service. The database requires IAM authentication, but the microservice returns authorization errors. What is the MOST likely missing configuration?

A team uses IBM Cloud Kubernetes Service and wants to ensure application pods can be rescheduled automatically if a worker node fails. Which Kubernetes construct primarily provides this resilience for stateless workloads?

A company needs to audit who changed access policies and who created or deleted resources in an IBM Cloud account. Which service is used to capture and search these platform audit events?

A team is building a containerized application and wants to automate building, scanning, and deploying to a Kubernetes cluster with approvals between stages. Which IBM Cloud capability best fits this end-to-end requirement?

A developer deployed an application to Code Engine that should receive traffic from the public internet. The application is running, but external requests time out. Which is the MOST likely cause?

A team needs to process messages from multiple producers with at-least-once delivery, consumer groups, and the ability to replay events for debugging. Which IBM Cloud integration service best meets these requirements?

A financial services team must ensure that only specific microservices can call a payment API, even if another workload in the cluster is compromised. They want identity-based access control between services and centralized policy management. What is the BEST approach on IBM Cloud?

A developer is new to IBM Cloud and needs to quickly locate a deployed application, view its environment variables, and access runtime logs in one place. Which IBM Cloud interface is most appropriate?

A team is deploying an API to IBM Cloud and wants the service to scale automatically based on incoming HTTP traffic with minimal operational overhead. Which runtime option best fits this requirement?

A developer needs to store a database password for an application running on IBM Cloud and rotate it without redeploying the app. Which service is the best practice for managing and retrieving this secret securely?

A microservice running in a private network must call a managed database endpoint that is reachable only over private connectivity. What should be used to ensure traffic stays on IBM Cloud private networking instead of the public internet?

A team needs a repeatable way to provision an application’s IBM Cloud resources (e.g., a database, service credentials, and a container registry namespace) across multiple environments. Which approach best supports infrastructure as code on IBM Cloud?

An application on IBM Cloud needs to publish events whenever an order is created. Multiple downstream services must consume the events independently, and the producer should not need to know the consumers. Which integration pattern/service is the best fit?

A containerized service deployed on IBM Cloud intermittently fails health checks and restarts. Logs show the app binds to port 3000, but the platform expects the service to listen on a different port provided at runtime. What is the most likely fix?

A CI/CD pipeline must deploy the same application to dev, test, and prod while ensuring approvals are required before production deployment. Which pipeline capability best addresses this requirement?

A company must ensure only approved images are deployed to a Kubernetes-based runtime on IBM Cloud. They want automated vulnerability scanning and the ability to block deployments that use images with critical vulnerabilities. What is the best approach?

A regulated workload requires that application logs and metrics be retained, searchable, and correlated across multiple IBM Cloud services and runtimes to support incident response. Which design best meets this requirement?

A developer wants to deploy an application on IBM Cloud and avoid managing servers while still being able to run custom code packaged as a container. Which IBM Cloud compute option best fits this requirement?

A team is using IBM Cloud Continuous Delivery with a pipeline that builds and deploys to production. They want every change to require peer review before merging to the main branch. What is the best approach?

An application needs to store API keys and database credentials and retrieve them at runtime without hardcoding secrets in the source code. Which IBM Cloud service is the best fit?

A microservice deployed on IBM Cloud Kubernetes Service (IKS) cannot reach an IBM Cloud Databases instance. The database is configured to allow only private endpoint connections. What is the most likely cause?

A team wants to deploy the same application to dev, test, and prod with consistent configuration, but with environment-specific values (e.g., URLs, feature flags). Which approach is the best practice on IBM Cloud?

An application hosted on Code Engine must call an IBM Cloud service that requires IAM authentication. The team wants to avoid storing long-lived credentials. What is the recommended solution?

A team is troubleshooting intermittent latency in a production application deployed across multiple microservices on IBM Cloud. They need to identify which service and which downstream call is causing slow requests. Which capability best addresses this need?

A company requires that all traffic from the public internet to their IBM Cloud Kubernetes Service application be protected by a Web Application Firewall (WAF) and also wants global caching for static assets. What is the best architecture choice?

A regulated workload must ensure that only specific microservices can call a sensitive internal API. The team also wants an auditable, policy-based way to enforce these access rules across the platform. Which design best meets the requirement?

A team wants to implement a blue-green deployment for a stateless web app on IBM Cloud Kubernetes Service to minimize downtime and enable quick rollback. Which approach is most appropriate?

A team is new to IBM Cloud and wants a simple way to logically separate resources for development and production while controlling access for each environment. Which IBM Cloud construct best meets this need?

A developer is troubleshooting why their application cannot call an IBM Cloud service API. They suspect their IAM permissions are insufficient. What is the most direct way to verify and diagnose whether the correct IAM authorizations are in place?

A microservice running on IBM Cloud needs to store configuration values (non-secret) such as feature flags and endpoint URLs. The values should be changeable without redeploying the service. Which approach is most appropriate?

An application running on IBM Cloud Code Engine must access a database without embedding long-lived credentials in the container image. Which is the best practice to achieve this?

A team wants to integrate IBM Cloud Continuous Delivery so that every pull request triggers unit tests and static code checks before merge. Which capability should they configure?

An IBM Cloud app must process bursts of events from multiple producers. The system should buffer incoming events and allow consumers to process them asynchronously at their own pace. Which IBM Cloud integration pattern best fits?

A Cloud Foundry application can no longer access an IBM Cloud service after the service instance was recreated. The app still has a binding, but calls fail with authentication errors. What is the most likely fix?

A security requirement states that only specific microservices may call an internal API. The team wants to enforce this at the network layer within IBM Cloud. Which design is most appropriate?

A team is building a multi-region active-active web application on IBM Cloud. They need users to be routed to the closest healthy region and to fail over automatically if a region becomes unavailable. Which solution best meets this requirement?

An application uses IBM Cloud Secrets Manager with automatic rotation enabled for a database credential. The app intermittently fails to connect after rotations. The team wants a design that minimizes downtime and avoids manual restarts. What should they implement?

A developer wants to quickly verify which IBM Cloud account, region, and resource group their CLI session is currently targeting before creating any resources. Which IBM Cloud CLI command best provides this context?

A team uses IBM Cloud Container Registry to store images for their Kubernetes workloads. They need to allow the cluster to pull images without embedding a personal API key in the pipeline. Which approach is the best practice?

An application running on IBM Cloud needs to connect to a managed service using TLS. The developer wants to avoid storing static credentials in code and instead use a platform-managed way to inject service credentials. What is the recommended approach?

A team is deploying a stateless API to IBM Cloud Code Engine. They want to split traffic between the current revision and a new revision to validate behavior with a small percentage of live requests before fully promoting. Which capability should they use?

A microservice deployed on IBM Cloud must consume events emitted by multiple producers. The team needs at-least-once delivery, consumer groups, and the ability to replay events for debugging. Which IBM Cloud service best fits these requirements?

A developer is troubleshooting a containerized app running in IBM Cloud Kubernetes Service. The pod is stuck in ImagePullBackOff. The image exists in IBM Cloud Container Registry and is private. What is the most likely cause?

A team uses IBM Cloud Continuous Delivery with a Tekton-based pipeline. They want to ensure that only a specific set of approvers can promote builds from staging to production. Which mechanism best enforces this within a pipeline workflow?

An API deployed on IBM Cloud must call an IBM Cloud managed database. The security team requires that the API can reach the database over private network paths without traversing the public internet. Which design best meets this requirement?

A regulated workload on IBM Cloud must ensure application secrets (API keys, database passwords) are not only encrypted at rest but also have controlled access, auditability, and the ability to centrally rotate secrets without redeploying the app. Which solution best addresses this requirement?

A company is deploying multiple microservices across several resource groups and wants to enforce that only a dedicated CI/CD service can create and update Code Engine applications, while developers can only view logs and read configurations. What is the most appropriate IBM Cloud access control design?