IBM Cloud Advocate v1 Advanced Practice Exam: Hard Questions 2025

A regulated enterprise is adopting IBM Cloud for the first time. They need to restrict resource creation to approved regions, prevent public access to Object Storage buckets by default, and enforce tagging for cost allocation across all accounts in an enterprise hierarchy. Which approach best meets these requirements with centralized governance and minimal manual effort?

A team uses IBM Cloud to run workloads in multiple accounts (dev/test/prod). They report intermittent 'access denied' errors when CI pipelines deploy resources, even though the pipeline service ID has the correct roles in each account. The errors correlate with jobs running from different IP ranges. What is the most likely root cause and best corrective action?

A SaaS provider needs a highly available API layer that scales to zero during idle periods, supports rapid deployments, and must connect privately to a database service without exposing the database to the public internet. Which architecture best satisfies these constraints on IBM Cloud?

An analytics workload ingests event data from mobile apps globally. Requirements: (1) durable ingestion even when downstream processing is offline, (2) ordering per device is preferred but not required globally, (3) replay capability for reprocessing, and (4) low operational overhead. Which IBM Cloud service combination is the best fit?

A team hosts a static website with millions of small assets in IBM Cloud Object Storage. Users in multiple geographies report inconsistent performance and occasional stale content after deployments. The team currently overwrites existing objects with the same keys. What is the best solution to improve global performance and eliminate stale-content issues with minimal complexity?

A fintech company must ensure encryption in transit and at rest, least-privilege access, and rapid key rotation for multiple IBM Cloud services (Object Storage, Databases, and Kubernetes secrets). They also need auditability of key usage. Which solution best meets these requirements?

A production application runs on IBM Cloud VPC across three zones. The team wants to minimize blast radius and ensure the app remains available if an entire zone fails. They currently run all compute instances in one zone behind a load balancer and use a single subnet. Which redesign best meets the availability goal while following best practices?

A security review flags that several workloads in VPC can reach the public internet directly. The target state is: only approved egress paths, private access to IBM Cloud services where possible, and no inbound exposure except via a controlled edge. Which combination of controls is most appropriate?

A team is implementing Infrastructure as Code for IBM Cloud across multiple environments. They must avoid long-lived credentials, enable separation of duties, and support automated deployments from a CI system. Which is the best practice approach for authentication and authorization?

During a customer workshop, stakeholders disagree on whether to use containers, serverless, or VMs. The customer’s constraints: strict data residency, a mix of stateless APIs and a legacy monolith, a requirement to demonstrate progress in 4 weeks, and an eventual goal to modernize. As an IBM Cloud Advocate, what is the best engagement outcome and recommendation strategy?