IBM Cloud Pak for Integration v2021.2 Administration Advanced Practice Exam: Hard Questions 2025

During an IBM Cloud Pak for Integration installation on OpenShift, the operator subscriptions install successfully, but no platform UI is reachable and the Platform Navigator CR remains in a Pending/NotReady state. Cluster admins report that default IngressController is restricted and only a custom IngressController with a specific ingressClassName is allowed. What is the most appropriate fix to make the Platform UI routable while keeping the restricted ingress policy?

You are deploying Cloud Pak for Integration in a cluster with strict Security Context Constraints (SCC) and Pod Security controls. The installation fails when creating certain capability pods due to forbidden runAsUser/fsGroup settings. The security team will not allow granting cluster-wide privileged SCC, but they will allow least-privilege, namespace-scoped adjustments. What is the best approach to satisfy installation requirements while maintaining least privilege?

After installing Cloud Pak for Integration, you discover that common services are installed in a shared namespace used by other IBM Cloud Paks. The organization requires strict isolation: CPI admins must not impact other Cloud Paks, and changes to foundational services should be coordinated centrally. Which administrative pattern best meets this requirement without breaking operator reconciliation?

A CPI administrator needs to perform a controlled rotation of container image pull secrets used by CPI operators and operands. The cluster uses a mirrored registry with ImageContentSourcePolicy and all workloads must continue running during rotation. What is the safest sequence to rotate credentials with minimal disruption?

Your organization mandates per-team tenancy on CPI where different teams deploy integration runtimes (e.g., ACE, MQ, Event Streams) but must not see or modify each other’s instances. At the same time, a central platform team must operate the operators. Which design best enforces this model?

A team reports that changes to an App Connect Enterprise (ACE) integration server configuration applied via a custom resource are not taking effect. The ACE operator shows successful reconciliation, but pods do not restart and the old configuration remains active. You suspect immutable configuration in a mounted ConfigMap and a rollout strategy issue. What is the most likely root cause and best corrective action?

After enabling network policies in the CPI namespaces, Event Streams clients (running in a different namespace) intermittently fail to connect. DNS resolves correctly, but connections time out. You need a secure policy that allows only required traffic without opening broad namespace access. What is the best next step?

Multiple CPI capabilities are running, and you observe periodic spikes in CPU and memory, followed by pod evictions in one namespace. The OpenShift nodes have sufficient overall capacity, but the namespace has several LimitRanges and ResourceQuotas applied. Which troubleshooting approach most directly identifies the root cause and guides a durable fix?

After an upgrade, the Platform Navigator UI loads but shows missing capability tiles and intermittent 'permission denied' errors for some users who previously had access. The cluster uses an external identity provider integrated with OpenShift OAuth. What is the most likely cause and the best fix?

You need to design an integration solution on CPI where: (1) event-driven microservices require high-throughput pub/sub with replay for audit, (2) some legacy apps require guaranteed once-only message delivery and transactional semantics, and (3) operations wants centralized governance and lifecycle management across runtimes. Which capability mapping best fits these requirements?