Practice Free S2000-023 Exam Online Questions
A cloud engineer is writing an Infrastructure as Code (IaC) script to deploy a database. The requirement is to comply with the "PCI DSS" standard regarding data at rest.
Review the Terraform resource snippet:
resource "ibm_database" "payments_db" {
name = "credit-card-transactions"
plan = "standard"
location = "us-south"
key_protect_key = var.hpcs_root_key_crn # Customer Managed Key
# … other settings
}
Which specific PCI DSS requirement is effectively addressed by the inclusion of the key_protect_key parameter in this configuration?
- A . Requirement 3: Protect stored cardholder data (specifically, rendering PAN unreadable via encryption).
- B . Requirement 7: Restrict access to cardholder data by business need to know.
- C . Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
- D . Requirement 9: Restrict physical access to cardholder data.
A cloud engineer is writing an Infrastructure as Code (IaC) script to deploy a database. The requirement is to comply with the "PCI DSS" standard regarding data at rest.
Review the Terraform resource snippet:
resource "ibm_database" "payments_db" {
name = "credit-card-transactions"
plan = "standard"
location = "us-south"
key_protect_key = var.hpcs_root_key_crn # Customer Managed Key
# … other settings
}
Which specific PCI DSS requirement is effectively addressed by the inclusion of the key_protect_key parameter in this configuration?
- A . Requirement 3: Protect stored cardholder data (specifically, rendering PAN unreadable via encryption).
- B . Requirement 7: Restrict access to cardholder data by business need to know.
- C . Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
- D . Requirement 9: Restrict physical access to cardholder data.
A solution architect is designing a "Payment Gateway" that must tolerate the complete failure of a single data center without violating its SLA.
Which two architectural components are essential to ensure the connectivity layer meets this availability requirement? (Choose 2.)
- A . A public gateway attached to a single subnet.
- B . A dedicated VPN tunnel to a single zone.
- C . A single "Floating IP" attached to one specific virtual server.
- D . IBM Cloud Transit Gateway to route traffic across zones/VPCs.
- E . Application Load Balancer (ALB) configured with backend pools spanning multiple zones.
A financial institution is acquiring a smaller fintech startup that already has its own standalone IBM Cloud account.
What is the operational process and benefit of bringing this existing account into the bank’s Enterprise hierarchy?
- A . Resource Migration: The fintech must delete all resources and recreate them in the bank’s account.
- B . Import Account: The bank initiates an import request. Once accepted by the fintech, the account becomes a child account. Benefit: The fintech’s billing is immediately consolidated into the bank’s invoice, and its resources fall under the bank’s Enterprise governance (e.g., private catalogs) without requiring a migration of resources.
- C . Account Deletion: The fintech account is deleted, and credit is transferred.
- D . VPC Peering: The accounts are peered but remain financially separate.
The IBM Cloud for Financial Services offers validated reference architectures for different compute patterns.
Which distinct compute platform serves as the foundation for the primary, cloud-native reference architecture, offering the highest degree of managed automation and built-in compliance controls?
- A . Virtual Servers for VPC: An Infrastructure-as-a-Service (IaaS) solution for running standalone OS instances.
- B . Red Hat OpenShift on IBM Cloud (ROKS): A managed Kubernetes platform designed for containerized microservices.
- C . IBM Cloud Bare Metal Servers (Classic): A legacy non-VPC hardware solution.
- D . IBM Cloud for VMware Solutions: A dedicated hypervisor environment for lifting and shifting legacy VMs.
Financial institutions must navigate a complex landscape of overlapping regulations.
Which of the following standards are integrated into the IBM Cloud Framework for Financial Services to ensure comprehensive coverage? (Select all that apply.)
- A . NIST 800-53 (Security and Privacy Controls)
- B . PCI DSS (Payment Card Industry Data Security Standard)
- C . GDPR (Data Protection)
- D . ISO 27001 (Information Security Management)
- E . IEEE 802.11 (Wireless LAN Standards)
A DevOps team wants to ensure their infrastructure is always compliant. They are deciding between using a third-party scanner or the IBM Cloud Security and Compliance Center (SCC).
What is the "Native Integration" value that SCC provides for IBM Cloud workloads?
- A . Programming Language Support: SCC writes Java code.
- B . Open Source Code: SCC is fully open source.
- C . Context-Aware Scanning: SCC is integrated directly with the IBM Cloud control plane, allowing it to automatically discover new resources (no agent installation required for resource config scanning) and access deep configuration properties that external scanners might miss without complex permission setups.
- D . Offline Capabilities: SCC works without an internet connection.
A DevOps team wants to ensure their infrastructure is always compliant. They are deciding between using a third-party scanner or the IBM Cloud Security and Compliance Center (SCC).
What is the "Native Integration" value that SCC provides for IBM Cloud workloads?
- A . Programming Language Support: SCC writes Java code.
- B . Open Source Code: SCC is fully open source.
- C . Context-Aware Scanning: SCC is integrated directly with the IBM Cloud control plane, allowing it to automatically discover new resources (no agent installation required for resource config scanning) and access deep configuration properties that external scanners might miss without complex permission setups.
- D . Offline Capabilities: SCC works without an internet connection.
A bank requires "Quantum-Safe" protection for its data encryption keys to future-proof against quantum computer attacks.
Which feature of IBM Cloud Hyper Protect Crypto Services (HPCS) addresses this advanced requirement?
- A . Larger Keys: It forces 1024-bit AES keys.
- B . Blockchain: It puts keys on a blockchain.
- C . Air Gapping: The HSM is disconnected from electricity.
- D . Quantum Safe Cryptography (Dilithium/Kyber): HPCS supports quantum-safe algorithms for key exchange and digital signatures within the HSM firmware and API, protecting the root of trust against "Harvest Now, Decrypt Later" threats.
A "Continuous Integration" (CI) strategy for regulated workloads requires maintaining a "Secure Chain of Custody" for software artifacts.
Which technical practice supports this requirement within an IBM Cloud DevSecOps toolchain?
- A . Emailing the compiled binary files to the operations manager for approval.
- B . Storing source code on a developer’s local laptop to prevent cloud breaches.
- C . Using IBM Cloud Container Registry to sign container images (e.g., using Red Hat signing or Notary) after they pass vulnerability scans, ensuring only signed/trusted images can be deployed to production.
- D . Using public Docker Hub repositories for all base images to ensure they are up to date.