S2000-023 시험 - IBM실제시험문제와 답 - 100문항

Question No : 1

An Enterprise Administrator notices that a new "Trading" business unit has exhausted its budget, while the "Retail" unit has unused credits. Both units are in the same Enterprise Account hierarchy.
How does the Enterprise Account structure automatically handle this subscription usage scenario?

A.It requires the Retail administrator to manually transfer credits to the Trading account.
B.It immediately shuts down the Trading unit's resources until a new credit card is entered.
C.It charges the Trading unit a 50% penalty fee for overage.
D.It utilizes Subscription Credit Pooling, where the commitment is at the Enterprise level, allowing the Trading unit to seamlessly consume unused credits from the shared Enterprise pool without service interruption.

정답:

Question No : 2

A security engineer detects that a legitimate user's credentials (API Key) were stolen and used to access the cloud account from a suspicious IP address in a foreign country.
Which IBM Cloud mitigation strategy effectively blocks this "Stolen Credential" attack vector, even if the username/password/API key are correct?

A.User Education: Sending an email about phishing.
B.Key Rotation: Rotating the key every 90 days.
C.Password Complexity: Requiring a 20-character password.
D.Context-Based Restrictions (CBR): Creating a rule that restricts access to resources based on network context (e.g., "Allow only from Corporate VPN IP range"). If the request comes from an unknown IP, CBR denies it at the IAM layer, neutralizing the stolen credential.

정답:

Question No : 3

A bank wants to modernize its "Core Banking" mainframe applications but cannot move the data off-premises due to latency and data gravity.
What is the specific value of IBM Cloud Satellite in this modernization scenario?

A.Cost Increase: It guarantees higher costs than public cloud.
B.Data Migration: It acts as a truck to move hard drives.
C.Consistent Operations Anywhere: It allows the bank to deploy managed IBM Cloud services (like OpenShift) directly onto their on-premises infrastructure (Satellite Location). This brings the cloud operating model to the data, enabling low-latency modernization without the risk and complexity of migrating the mainframe storage to the public cloud.
D.Mainframe Emulation: It turns x86 servers into mainframes.

정답:

Question No : 4

A bank is deploying IBM Cloud Satellite to extend their regulated workload to an on-premises data center.
Which statement accurately describes the flow of application data (customer PII) versus management metadata (operational logs) in this hybrid architecture?

A.The Satellite Link blocks all traffic, isolating the on-prem location completely from IBM Cloud.
B.Both application data and management metadata must be stored in the IBM Cloud public region to ensure availability.
C.Application data is sent to IBM Cloud, while metadata remains local.
D.Application data remains local within the on-premises Satellite Location (meeting sovereignty), while management metadata is sent to the IBM Cloud Control Plane for visibility and operations.

정답:

Question No : 5

An architect is reviewing the "East-West" traffic flow between a "Shared Services VPC" (hosting scanners/logging) and a "Production VPC" (hosting banking apps).
To meet the principle of Private Connectivity, how should these VPCs be interconnected within the same region?

A.IBM Cloud Transit Gateway: Attaching both VPCs to a local Transit Gateway allows high-throughput, private routing between them without traffic ever touching the public internet or requiring complex VPN tunnels.
B.IBM Cloud Object Storage: Using a bucket as a drop folder to transfer packets.
C.Public Floating IPs: Assigning public IPs to all servers and routing traffic via the internet.
D.Manual Routing: Logging into routers to add static routes.

정답:

Question No : 6

A security analyst is investigating a suspected data exfiltration attempt. They need to see exactly which IP addresses connected to a specific virtual server interface and whether the traffic was accepted or rejected.
What is the unique forensic value of IBM Cloud Flow Logs for VPC compared to standard application logs?

A.Application Tracing: Flow Logs show the Java stack trace of the error.
B.Deep Packet Inspection: Flow Logs decrypt and store the full payload of every packet.
C.Non-Intrusive Network Visibility: Flow Logs capture packet metadata at the hypervisor level (vNIC), providing an objective "truth" about network traffic flows (Source IP, Destination Port, Action) without requiring agents to be installed on the guest OS or relying on potentially compromised application logs.
D.User Identity: Flow Logs show the username of the person who initiated the connection.

정답:

Question No : 7

A cloud architect is preparing to deploy a new regulated workload. They are currently in the "Implement" phase of the IBM Cloud for Financial Services lifecycle model.
Which specific asset or tool is most central to executing this phase correctly according to best practices?

A.The Excel spreadsheet containing the list of NIST 800-53 controls.
B.Financial Services Validated Deployable Architectures (Terraform/IaC) that have the controls pre-configured.
C.Manual configuration of each virtual server via the GUI console to ensure customization.
D.IBM Cloud Security and Compliance Center (SCC) generic reports.

정답:

Question No : 8

A developer is designing the network connectivity for a new microservice that processes credit card transactions.
Review the proposed Terraform configuration for the security group:
resource "ibm_is_security_group_rule" "allow_all_inbound" {
group = ibm_is_security_group.db_sg.id
direction = "inbound"
remote = "0.0.0.0/0"
protocol = "tcp"
port_min = 5432
port_max = 5432
}
Which design principle for financial services workloads does this configuration violate?

A.Network Isolation / Micro-Segmentation: The rule allows access from the entire public internet (0.0.0.0/0) instead of restricting it to specific allowed source workloads (e.g., the app subnet).
B.Resiliency: The rule does not specify a backup region.
C.Performance: Opening the port to the world causes latency.
D.Observability: The rule does not enable logging.

정답:

Question No : 9

A bank is designing a new "Open Banking" platform to allow third-party fintechs to retrieve customer account data via APIs, as mandated by new government regulations (e.g., PSD2).
This initiative introduces a conflict between two opposing industry challenges.
Which pair correctly identifies this conflict? (Choose 2.)

A.The mandate to open up data interfaces (Open Banking / Interoperability).
B.The need to stop using computers and return to paper ledgers.
C.The mandate to protect customer data privacy and prevent unauthorized access (Security / Zero Trust).
D.The need to reduce the number of customers to save money.
E.The need to increase the physical size of data centers.

정답:

Question No : 10

In the context of IBM Cloud for Financial Services, what is the primary distinction between a Service Level Agreement (SLA) and a Service Level Objective (SLO)?
A. SLA applies only to free services, while SLO applies to paid services.
B. SLA is a financially backed commitment between the cloud provider and the client regarding availability, often involving service credits for failures. SLO is a target operational value that the service provider aims to achieve to meet the SLA.
C. SLA is the internal engineering goal for uptime, while SLO is the marketing brochure number.
D. SLA guarantees 100% uptime, while SLO guarantees 50% uptime.

정답: B

Question No : 11

Under GDPR, data transfers outside the European Economic Area (EEA) are restricted.
If a European bank uses the IBM Cloud "EU Supported" setting for their account, what specific assurance does this provide regarding the "Follow-the-Sun" support model?

A.It means the bill will be paid in Euros.
B.It guarantees that support tickets raised for that account will be handled only by support staff physically located within the EU (or adequate countries), preventing technical data (logs, screenshots in tickets) from traversing to non-EU support teams.
C.It ensures the data is stored in the U
D.It automatically translates all logs into French.

정답:

Question No : 12

When migrating a legacy database to the cloud, the architect must consider the "RTO" (Recovery Time Objective).
If the migration strategy involves a "Big Bang" cutover (shutdown on-prem, copy data, start cloud), how does the dataset size (Data Gravity) impact the RTO?

A.Linear Impact: As data volume increases, the transfer time (and thus the downtime/cutover window) increases linearly. For multi-terabyte databases, a "Big Bang" approach may violate the business's maximum allowable downtime (RTO), necessitating a different strategy like CDC (replication).
B.Data size has no impact on transfer time.
C.The RTO is determined by the CPU speed only.
D.Larger data transfers faster.

정답:

Question No : 13

Regarding "East-West Traffic Inspection" (traffic between different workload tiers, e.g., Web -> App -> DB), how do the OpenShift and VPC (VSI) architectures typically differ in their native security controls?

A.OpenShift: Uses Security Groups for pods. VPC: Uses Kubernetes Network Policies for VMs.
B.OpenShift: Often utilizes Network Policies (Calico/OVN) inside the cluster to control pod-to-pod traffic. VPC: Relies heavily on Security Groups applied to virtual network interfaces (vNICs) to control instance-to-instance traffic.
C.OpenShift: Uses physical firewalls. VPC: Uses magic.
D.OpenShift: Has no internal traffic controls. VPC: Blocks all traffic by default.

정답:

Question No : 14

A legacy application team is migrating to IBM Cloud. Their application requires Multicast networking support to function (e.g., for a specific clustering heartbeat).
Which reference architecture constraint must they be aware of?

A.OpenShift supports Multicast, but VSI does not.
B.IBM Cloud VPC (and thus OpenShift/VSI on VPC) does not natively support Multicast networking; the application must be refactored to use Unicast or deployed on IBM Cloud Bare Metal (Classic) if refactoring is impossible.
C.All IBM Cloud architectures support Multicast by default.
D.VSI supports Multicast, but OpenShift does not.

정답:

Question No : 15

A bank operates a "Hybrid Cloud" environment. They have workloads on IBM Cloud, AWS, and on-premises VMware. The challenge is maintaining a consistent compliance posture across all three.
Does the IBM Security and Compliance Center (SCC) support this hybrid scope?

A.No, hybrid cloud compliance is impossible.
B.No, it only scans IBM Cloud resources.
C.Yes, SCC creates a Unified Compliance View by allowing the definition of scopes and attachments for non-IBM resources (e.g., via specialized collectors or multi-cloud support features), enabling the bank to manage risk across the entire hybrid estate from a single console.
D.Yes, but it requires copying all AWS data to IBM Cloud first.

정답:

IBM S2000-023 시험