Module 5

Question 1

Identity

Answer 1

The identity concept consists of user identities, service and app identities, API keys, and resources. Users are identified by their IBMid, SoftLayer, or AppID user ID. Service IDs are a second type of identity that is used in an account.

Question 2

Access Management

Answer 2

The concept of access management consists of a few interrelated components, including users, service IDs, access groups, resources, policies, roles, actions, and the IBM Cloud IAM control system, which allows users to take actions on resources within an account.

Question 3

How IBM Cloud IAM works

Answer 3

There are two common types of IAM systems in cloud providers and understanding each of these models can help users gain a better understanding of how IAM works in IBM Cloud.

Question 4

Security in the Virtual Private Clouds (VPCs)

Answer 4

Security groups and ACLs provide ways to control the traffic across the subnets and instances in acompany’sIBM Cloud Virtual Private Cloud, using rules that they specify.

Question 5

two types of network access controls comprise the layers of VPC security:

Answer 5

Access control lists (ACLs) and security group

Question 6

Network Security

Answer 6

Computer network security protects the integrity of information contained by a network and controls who access that information

Question 7

Secure Sockets Layer (SSL)

Answer 7

Secure Sockets Layer (SSL) is a technology that encrypts traffic between the client application and the server application.

Question 8

btaining an SSL/TLS Certificate

Answer 8

SSL/TLS certificates are issued to a specific domain or sub-domains by certificate authorities, also known as CAs.

Question 9

IBM Certificate Manager

Answer 9

Is aservice helps users manage and deploy SSL/TLS certificates for their apps and services. Certificate Manager provides users with a security-rich repository for their certificates and their associated private keys.

Question 10

how user data is stored and encrypted in Block Storage

Answer 10

IBM Cloud Block Storage that is provisioned with either Endurance or Performance option is secured with provider-managed encryption, at no extra cost and no impact to performance.

Question 11

Provisioning Storage with Encryption

Answer 11

The provider-managed encryption-at-rest feature is available for Block Storage that is provisioned in most data centers.

Question 12

IBM Object Storage Security

Answer 12

Uses an innovative approach for cost-effectively storing large volumes of unstructured data that ensures security, availability, and reliability.

Question 13

IBM Secrets Manager

Answer 13

Secrets managementservices enable the secure management of digitalcredentials that ultimately allow entitiesto securely interact with services.

Question 14

How user data is stored and encrypted in Secrets Manage

Answer 14

Their secrets are encrypted at rest by usingenvelope encryption. At no time are their credentials available in clear text while they are stored by the service.

Question 15

Continuous Delivery

Answer 15

Allowsdevelopment teams to automate the process that moves software through the software development lifecycle.

Question 16

Managing security and compliance with Continuous Delivery

Answer 16

Continuous Delivery is integrated with the Security and Compliance Center to help users manage security and compliance for their organization.

Question 17

ontinuous Delivery − Delivery Pipeline

Answer 17

A delivery pipelineautomates the continuous deployment of a project. In a project’s pipeline, sequences of stages retrieve input and run jobs, such as builds, tests, and deployments.

Question 18

Code Engine and Security

Answer 18

The IBM code engine architecture is built with a security-first mindset. Code Engine components aremanaged and owned by IBM.

Question 19

When it comes to protecting user data from internal security threats, which of the following is considered the most popular and effective control?

Answer 19

Encryption

Question 20

Which of the following is considered a list of rules that limit who can access a particular subnet within theVPC.

Answer 20

Access Control

Question 21

Security groups and ACLs provide ways to control the traffic across the __________and instances in a company’sIBM Cloud Virtual Private Cloud, using rules that they specify. (Fill in the blank.)

Answer 21

Subnets

Question 22

Which ID is considered asecond type of identity that is used in an account?

Answer 22

Service

Question 23

Which IBM service enables users to run containerized applications in a secure enclave on an IBM Cloud Kubernetes host, providing data-in-use protection.

Answer 23

Data Shield

Question 24

In an IBM Cloud platform management role who would be permitted to modify the state of the resource such as create, delete, and edit, as well as create and delete sub-resources in a VPC?

Answer 24

Editor

Question 25

Users need to install and register which type of worker so that IBM Cloud continuous delivery development teams can use them in their toolchain configuration?

Answer 25

Private

Question 26

When using IBM Cloud Object Storage, what types of data are encrypted?

Answer 26

Data at Rest

Question 27

Which IBM Cloud storage services are provisioned with either an endurance or performance option, is secured with provider-managed encryption, and where the customer incurs no extra cost and no impact to performance?

Answer 27

B.Block

C.Database

Question 28

Which of the following IBM service is used to manage SSL/TSL certificates?

Answer 28

Certificate manager