Back

Practice Free S2000-023 Exam Online Questions

Question #91

What is the primary "Supply Chain Risk" associated with using non-validated third-party software in a regulated environment?

  • A . The vendor might update the user interface unexpectedly.
  • B . The software might cost too much.
  • C . The software might not run on IBM Power Systems.
  • D . Inherited Vulnerabilities: If the third-party vendor does not follow strict security practices (patching, scanning, access control), their application becomes a weak point that attackers can exploit to pivot into the bank’s broader network or exfiltrate data.

Reveal Solution Hide Solution

Correct Answer: D
Question #91

What is the primary "Supply Chain Risk" associated with using non-validated third-party software in a regulated environment?

  • A . The vendor might update the user interface unexpectedly.
  • B . The software might cost too much.
  • C . The software might not run on IBM Power Systems.
  • D . Inherited Vulnerabilities: If the third-party vendor does not follow strict security practices (patching, scanning, access control), their application becomes a weak point that attackers can exploit to pivot into the bank’s broader network or exfiltrate data.

Reveal Solution Hide Solution

Correct Answer: D
Question #93

Match the DevSecOps term to its definition within the IBM Cloud FS implementation context. (Choose 2.)

  • A . Continuous Integration (CI): The practice of frequently merging code changes into a central repository where automated builds and tests (including CRA scans) are run. -> Correct.
  • B . Continuous Integration (CI): Manually copying files to a server once a year. -> Incorrect.
  • C . Infrastructure as Code (IaC): Writing documentation in Microsoft Word. -> Incorrect.
  • D . Infrastructure as Code (IaC): Managing and provisioning infrastructure through machine-readable definition files (like Terraform) rather than physical hardware configuration or interactive configuration tools. -> Correct.

Reveal Solution Hide Solution

Correct Answer: A, D
Question #94

A "Forensic Analysis" is required after a security incident. The network team needs to determine if a specific external IP address attempted to connect to the internal database port (5432) and if the connection was ACCEPTED or REJECTED by the firewall.

Which tool provides the raw data necessary for this network-level forensic investigation?

  • A . IBM Cloud Flow Logs for VPC: Records the 5-tuple (Source IP, Dest IP, Ports, Protocol) and the Action (Accept/Reject) for network flows.
  • B . IBM Cloud DNS Services: Logs DNS lookups, not TCP connection attempts.
  • C . IBM Cloud Logs: Records application text logs (e.g., "Login Failed"), but usually not the packet-level accept/reject decision of the network fabric itself.
  • D . IBM Cloud Activity Tracker: Records the creation of the firewall rule, but not the traffic hitting it.

Reveal Solution Hide Solution

Correct Answer: A