IBM Cloud Pak for Integration v1 Advanced Practice Exam: Hard Questions 2025

An enterprise is deploying IBM Cloud Pak for Integration on OpenShift across two availability zones (AZs). They need to support IBM MQ and App Connect workloads with persistent data, but their storage class provides zone-local volumes (not multi-zone). They also require a clear recovery procedure that avoids split-brain and ensures message integrity after an AZ loss. Which architecture decision best satisfies these requirements?

A platform team must expose APIs from multiple CP4I capabilities to external consumers. Requirements: terminate TLS at the edge, enforce OAuth2/JWT validation, apply consumer-specific rate limits, and keep internal service endpoints private. They also want a single, consistent entry point with minimal exposure of OpenShift routes. Which approach is the best fit?

After deploying CP4I, developers complain that integration runtimes intermittently fail to connect to IBM MQ and Event Streams. The failures appear only after a security hardening change that introduced strict namespace isolation. Pods start successfully, but connections time out. Which troubleshooting action is MOST likely to identify the root cause quickly?

An organization uses API Connect to expose an API backed by an App Connect flow. They need to enforce two policies: (1) reject requests without a required claim in a JWT, and (2) apply a burst limit per client while allowing higher sustained throughput for premium consumers. They also want to return a consistent error payload for policy violations. Which API management design best meets these requirements?

An API is published through API Connect. Consumers report intermittent 429 (Too Many Requests) responses even though their plan limits should not be exceeded. The issue correlates with a recent change where the API was moved behind a corporate proxy and an additional ingress layer. What is the MOST likely cause and best corrective action?

A team needs to expose a backend service that requires mutual TLS (mTLS) and also needs request transformation (header enrichment and JSON-to-XML mapping) at the gateway. They want to avoid modifying the backend and keep transformations versioned as part of API configuration. Which approach best fits API Connect capabilities and best practices?

A banking application uses IBM MQ and App Connect to process payments. The team must guarantee exactly-once processing semantics for each payment message as it flows from MQ through App Connect to a downstream database. Occasionally, the database becomes temporarily unavailable. Which design best maintains exactly-once behavior and avoids message loss or duplication?

A CP4I deployment uses Event Streams (Kafka) for events and MQ for command processing. An integration flow in App Connect consumes from Kafka and publishes to MQ. During a network partition, the flow sometimes publishes to MQ but then fails before committing Kafka offsets, leading to duplicate commands after recovery. Which approach best reduces duplicates while preserving at-least-once delivery from Kafka?

An App Connect flow calls an external REST API that enforces strict rate limits and sometimes returns 503. The business requires smoothing bursts, honoring the external rate limit, and ensuring no message is dropped. The input load is spiky and unpredictable. Which integration pattern using CP4I components is the best fit?

After a routine certificate rotation, multiple CP4I components (API gateway and integration runtimes) begin failing outbound TLS calls to internal services. Logs show x509 validation errors, but only in some namespaces. The cluster uses separate secrets per namespace and GitOps for configuration. Which operational practice most directly prevents this class of issue in future rotations?