01. IBM Cloud deploys a VMware vCenter Server instance with a combination of public and private VLANs. What are two components of traffic running on a private VLAN as part of the solution setup?
a) Public connectivity for TCP
b) vMotion and NFS storage traffic
c) Management communications and NSX VTEP
d) Tunneling for VMware workload deployments
e) Key encryption flows for secure KMIP exchange
02. A client wants to create multiple PowerVS instances in two different regions on IBM Cloud and has ordered Direct Link 2.0 providing connections to each region to achieve high availability. What is the secured way for these PowerVS instances to route network communication across regions?
a) It is not possible for PowerVS in different regions to communicate
b) Implement an IBM Transit Gateway to route between the PowerVS regions
c) Configure GRE tunnels on proxies in the IBM Cloud environment
d) Define public IPs for both instances allowing them to connect to each other over the internet
03. What are two valid status conditions when running a readiness check on the Juniper vSRX on IBM Cloud?
a) Ready
b) Blocked
c) Complete
d) Unchecked
e) Network status down
04. A client wants to move their existing workloads to IBM Cloud VMware solutions, Bare Metal, Power servers and KVM. What is the value for client using VMware vSphere 7.0 and NSX-T on IBM Cloud?
a) Client can route traffic between VMware ESX, Bare Metal, PowerVS, and KVM servers using NSX-T
b) Client can route traffic between VMware ESX, Bare Metal, and KVM servers using NSX-T
c) Client can create Tier 0/1 gateway allowing traffic to flow between VMware servers
d) VMware solutions offer comprehensive migration capability for other workloads
05. A Security Engineer is contacted by a developer who needs a virtual server instance (VSI) that is only allowed to send outbound traffic; all ingress traffic should be blocked. The Security Engineer decides to use the IBM Cloud console to create security rules on VSI groups.
Which additional modifications are required on this new security group to meet the stated requirements?
a) Add a rule to permit all egress traffic
b) No additional modifications are required
c) Apply the security group to the Public Gateway
d) Remove the default rule allowing all ingress traffic
06. The architecture of the IBM Cloud for VMware Regulated Workloads is designed for which two use cases?
a) Isolation of FedRAMP workloads only
b) Isolation of sensitive workloads
c) Integration of highly secure KMIP and DevSecOps regulations
d) Support compliance for financial services industry security standards only
e) Support compliance to industry security standards or governmental regulations
07. A national car dealership runs its point-of-sales system on IBM Cloud VPC. The Security Engineer is planning to create an IBM Cloud VPN Gateway between IBM Cloud VPC and on-premises network infrastructure. What type of VPN packets are accepted by IBM Cloud VPN Gateway?
a) SSL Framing Encapsulation
b) Extended Address Encapsulation
c) IP Encapsulating Security Payload
d) NAT-T Encapsulation
08. What are the two default deployment configuration options of a FortiGate Security Appliance?
a) Four VLAN
b) Multi-tenant
c) Virtual Domain
d) Four 10 Gbps bonded interfaces
e) Frontend Customer Router VLAN
09. A nutrition research lab requires IBM Cloud hardware to meet security and compliance requirements. The customer contacted the Security Engineer at IBM to discuss a hardware solution that will help protect against software attacks and protect the integrity of the data stored on the server.
Which enhanced security capabilities of IBM Cloud Bare Metal Servers were recommended by the Security Engineer?
a) Intel Trusted Execution Technology
b) Single Root I/O Virtualization
c) Intel Turbo Boost Technology
d) AMD Secure Virtualization
10. What type of information is required for an IPsec policy creation on an IBM Cloud VPC?
a) Encryption algorithm, IBM Cloud service endpoints, and Preshared key
b) Authentication algorithm, IKE Version, Key Lifetime, and Delegate-VPC
c) Authorization algorithm, IKE Version, Delegate-VPC, and Preshared key
d) Authentication algorithm, Encryption algorithm, Diffie-Hellman group, and Key Lifetime
The purpose of this Sample Question Set is to provide you with information about the IBM Cloud Security Engineer v1 Specialty exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the S2000-012 certification test. To get familiar with real exam environment, we suggest you try our Sample IBM Cloud Security Engineer Specialty Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual IBM Cloud Security Engineer v1 Specialty certification exam.