Questions for the C1000-172 were updated on : Dec 01 ,2025
Which two options describe the capabilities of IBM Cloud Block Storage for VPC?
B, D
Explanation:
The capabilities of IBM Cloud Block Storage for VPC are:
Stores Volume Data Redundantly Across Multiple Physical Disks in an Availability Zone: IBM Cloud
Block Storage is designed to provide redundancy and durability by storing data across multiple
physical disks within the same availability zone. This ensures data availability and protection against
disk failures.
Provides Primary Boot Volumes and Secondary Data Volumes: Block Storage in IBM Cloud VPC can be
used as both primary boot volumes for the operating system and secondary data volumes for storing
additional data.
Reference from IBM Cloud Professional Architect Materials:
IBM documentation on IBM Cloud Block Storage for VPC outlines these capabilities, including
redundant data storage and support for both boot and data volumes.
Other options are incorrect:
A . Provides a highly available, durable, and secure platform for storing unstructured data describes
object storage, not block storage.
C . Provides storage in a separate zone is incorrect; storage is typically within the same zone as
compute resources.
E . Provides fast, flexible network-attached, NFS-based storage describes a different type of storage.
Therefore, the correct answers are B. Stores volume data redundantly across multiple physical disks
in an availability zone and D. Provides primary boot volumes and secondary data volumes.
What is used to allow provisioning of a large number of virtual server instances at the same time
when using IBM Cloud Virtual Private Cloud?
C
Explanation:
Instance Groups are used to allow provisioning of a large number of virtual server instances at the
same time when using IBM Cloud Virtual Private Cloud (VPC).
IBM Cloud VPC Instance Groups: Instance Groups provide a way to manage a group of identical
virtual server instances within a VPC. They support auto-scaling, load balancing, and rolling updates,
making it easier to manage a large number of instances.
Use Case for Large Deployments: When an organization needs to deploy multiple instances
simultaneously, Instance Groups simplify the process by providing a template and scaling policies.
Reference from IBM Cloud Professional Architect Materials:
IBM documentation on Instance Groups for VPC describes how they are used for managing large-
scale deployments.
Other options are incorrect:
A . Instance Models refer to the types or configurations of instances, not to mass provisioning.
B . Instance Replication Policies do not exist in this context.
D . Instance Scaling Policies manage scaling but are not used for the initial provisioning of multiple
instances.
An organization is using IBM Log Analysis to manage operating system logs, application logs, and
platform logs in IBM Cloud. A developer discovered their Red Hat OpenShift on IBM Cloud instance is
not being captured in the service.
What could be a reason Log Analysis is missing the Red Hat OpenShift on IBM Cloud instance logs?
D
Explanation:
The likely reason IBM Log Analysis is missing the Red Hat OpenShift on IBM Cloud instance logs is
that the logging agents were not created and deployed to this OpenShift instance.
IBM Log Analysis with Sysdig: To collect logs from a Red Hat OpenShift cluster, specific logging agents
must be deployed on the cluster. These agents are responsible for forwarding logs to the IBM Log
Analysis service.
Missing Logs Due to Missing Agents: If the agents are not deployed, the service will not capture logs
from the cluster, resulting in missing log data from that instance.
Reference from IBM Cloud Professional Architect Materials:
IBM documentation on Setting up Log Analysis explains the requirement of deploying logging agents
to the respective resources to ensure log collection.
Other options are incorrect:
A . The developer needs at least editor IAM role does not affect the log capture.
B . The administrator needs at least reader access does not address the missing agents.
C . The instance running in a different region does not prevent log capture if agents are configured
correctly.
An organization wants to secure its exposed APIs running on IBM Cloud API Connect Reserved
Instances using OAuth and OpenID.
Which capabilities can help in this case?
A
Explanation:
IBM API Connect offers both authentication and authorization capabilities to secure APIs using OAuth
and OpenID.
IBM API Connect Security Features: IBM API Connect provides built-in capabilities for managing
OAuth and OpenID Connect authentication and authorization flows. It allows users to define security
policies that enforce these protocols to protect APIs.
Use of OAuth and OpenID: API Connect enables organizations to create user registries, apply security
policies, and manage tokens for OAuth 2.0 and OpenID Connect, providing end-to-end security
management for APIs.
Reference from IBM Cloud Professional Architect Materials:
IBM documentation on API Security in IBM API Connect confirms that API Connect handles both
authentication and authorization for securing APIs.
Other options are incorrect:
B . IBM API Connect APIs must be secured by a third party is false; API Connect itself provides these
capabilities.
C . IBM API Connect is providing authentication, but authorization can be provided by IAM is
incorrect because API Connect manages both.
D . IBM API Connect creates user registries, but OAuth isn't allowed is incorrect; OAuth is fully
supported.
What describes a feature of IBM Cloud Transit Gateway when interconnecting multiple virtual private
clouds (VPC)?
C
Explanation:
IBM Cloud Transit Gateway provides the ability to provision and define connections between
resources on the IBM Cloud network.
IBM Cloud Transit Gateway: This service allows you to connect multiple Virtual Private Clouds (VPCs)
and on-premises networks to a central gateway. It simplifies network management by providing a
single entry point for interconnecting multiple resources across the IBM Cloud.
Connectivity Between Resources: By creating connections through the Transit Gateway, an
organization can establish a scalable and flexible network architecture that integrates various cloud
resources.
Reference from IBM Cloud Professional Architect Materials:
According to IBM documentation on IBM Cloud Transit Gateway, it provides centralized management
and provisioning of connections across different IBM Cloud environments.
Other options are incorrect:
A . Client designates which traffic remains within the private IBM Cloud backbone is not specifically
managed by the Transit Gateway.
B . Provides private interconnectivity for on-premises workloads and the designated VPC is more
related to Direct Link.
D . Provides a decentralized hub for better regional connectivity and load balancing is incorrect since
Transit Gateway is a centralized solution.
Monitoring data can be considered sensitive by some clients. How can a client configure IBM Cloud
Monitoring so that sensitive monitoring data is not traveling across the public internet?
B
Explanation:
To ensure that sensitive monitoring data does not travel across the public internet, a client can
configure the monitoring instance and monitoring agents to only use private endpoints.
IBM Cloud Monitoring Private Endpoints: IBM Cloud Monitoring with Sysdig allows users to configure
their monitoring instance and agents to communicate only over private endpoints. This configuration
ensures that monitoring data remains within IBM’s private network, thus avoiding exposure to the
public internet.
Private Endpoints for Data Security: Using private endpoints is crucial for clients who require that
their sensitive data, such as monitoring metrics, never leave the secure IBM Cloud network,
enhancing overall security.
Reference from IBM Cloud Professional Architect Materials:
IBM Cloud documentation on Configuring Private Endpoints for IBM Cloud Monitoring confirms that
monitoring data can be restricted to private endpoints to avoid exposure to the public internet.
Other options are incorrect:
A . Encrypt all monitoring data with a user-controlled key from Key Protect or Hyper Protect Crypto
Services does not prevent data from traveling across the public internet.
C . Ensure that all resources being monitored are in the same region as the IBM Cloud monitoring
instance is a good practice for performance but does not specifically ensure that data doesn’t travel
over the public internet.
D . Use only private endpoints to store monitoring data in IBM Cloud Object Storage is related to
storage, not monitoring data transmission.
Therefore, the correct answer is B. Configure the monitoring instance and monitoring agents to only
use private endpoints.
Which encryption option allows clients to have control over the keys used to encrypt their block
storage volumes, file shares, and custom images?
B
Explanation:
Client-managed encryption allows clients to have full control over the encryption keys used to
protect their block storage volumes, file shares, and custom images on IBM Cloud. This option
ensures that only the client has access to the keys and, therefore, to the data.
Benefits of Client-Managed Encryption: Clients retain control over key management, including
generation, rotation, and deletion, ensuring compliance with security policies and regulatory
requirements.
Comparison with Other Options:
A (Provider-managed encryption): Managed by IBM, not by the client.
C (IBM-managed encryption): Similar to provider-managed, where IBM controls the keys.
D (Custom encryption): Not a specific term used in IBM Cloud documentation for this feature.
Reference:
IBM Cloud Data Encryption Documentation
IBM Cloud Architect Exam Study Guide
Which two are benefits of using the IBM Cloud Transit Gateway to connect IBM Cloud VPCs?
B, D
Explanation:
IBM Cloud Transit Gateway provides secure and scalable connectivity between multiple IBM Cloud
VPCs (Virtual Private Clouds) and other IBM Cloud resources, including PowerVS (Power Virtual
Servers) and classic networking environments.
Benefits:
Connectivity Between Multiple VPCs and PowerVS: Allows seamless networking between VPCs and
PowerVS, supporting hybrid and multi-cloud architectures.
Direct Link Connectivity: Supports direct, high-speed private connectivity between VPCs and classic
IBM Cloud infrastructure, enabling secure communication without traversing the public internet.
Comparison with Other Options:
A (Connectivity over the internet): Transit Gateway provides private connectivity, not public internet
connectivity.
C (Default connectivity to services in multiple regions): Not a direct benefit of Transit Gateway, as
regional connectivity may require additional configuration.
Reference:
IBM Cloud Transit Gateway Documentation
IBM Cloud Architect Exam Study Guide
What is an advantage of choosing IBM Cloud VMware for regulated workloads?
A
Explanation:
IBM Cloud VMware offers a "secure-by-default" architecture, which is particularly beneficial for
regulated workloads. This means that security best practices are integrated into the default
configuration, providing enhanced security controls, compliance readiness, and data protection
measures from the outset.
Why Secure-by-Default is Advantageous: It simplifies compliance for regulated workloads by
ensuring that security is baked into the infrastructure, reducing the effort required to meet
regulatory requirements.
Comparison with Other Options:
B (Bring your own VMware license): This is a feature, but not the main advantage for regulated
workloads.
C (Manage the guest OS): Not specific to the security or regulatory compliance needs.
D (Bring your own AIX license): Irrelevant for VMware workloads.
Reference:
IBM Cloud VMware Solutions
IBM Cloud Architect Exam Study Guide
What are the basic components in an event-driven architecture?
D
Explanation:
In an event-driven architecture, the basic components are:
Event Producer: The source that generates events, such as a service or application emitting a
message whenever a significant change or action occurs.
Router (sometimes called an Event Router or Event Bus): Routes the event to the appropriate
consumer(s). The router can handle complex event processing, filtering, and transformation before
delivering the event.
Event Store: A component that persists events, making them available for future analysis, auditing,
or replaying if needed.
Why These Components are Core:
These components are essential to ensure that events are generated, routed to the correct
consumers, and stored for traceability and recovery purposes. This architecture is crucial for building
scalable, decoupled, and responsive systems.
Comparison with Other Options:
A, B, and C: Do not provide a complete representation of all three core components needed in an
event-driven architecture.
Reference:
IBM Cloud Event-driven Architecture
IBM Cloud Architect Exam Study Guide
A data analyst working for a retail company uses IBM Cloud Watson Discovery service to analyze
client dat
a. The company's customer support team has been experiencing an increase in customer complaints
regarding delayed deliveries. The analyst has been asked to identify the root cause of this issue.
Which feature of Watson Discovery would be most helpful in this situation?
D
Explanation:
The feature of Watson Discovery most helpful in identifying the root cause of customer complaints
regarding delayed deliveries is Pattern and Trend Analysis.
Pattern and Trend Analysis in Watson Discovery: This feature helps to identify recurring themes,
trends, or patterns within large datasets. For a data analyst investigating customer complaints,
pattern and trend analysis can help reveal common factors or trends contributing to the delays, such
as issues with specific delivery locations, times, or processes.
Use Case for Analyzing Customer Complaints: By analyzing patterns and trends in the text data from
customer complaints, the analyst can pinpoint potential bottlenecks or root causes leading to delays
in deliveries.
Reference from IBM Cloud Professional Architect Materials:
IBM's Watson Discovery documentation highlights its ability to perform pattern and trend analysis to
extract meaningful insights from unstructured data.
Other options are incorrect:
A . AI-powered search engine is for retrieving relevant documents or information.
B . Natural language processing processes text but does not focus on identifying patterns or trends.
C . User behavior tracking is not relevant in this context.
Microservices need to be deployed to a platform where container communication can be
orchestrated and customized. Which IBM Cloud solution should be selected to meet this
requirement?
A
Explanation:
To deploy microservices where container communication can be orchestrated and customized, the
best IBM Cloud solution is the IBM Cloud Kubernetes Service.
IBM Cloud Kubernetes Service: This service provides a managed Kubernetes environment to
orchestrate and manage containerized applications. It supports microservices architecture by
providing tools for managing container communication, scaling, deployment, and load balancing.
Kubernetes allows for custom networking policies, service meshes, and other tools necessary for
microservices communication and orchestration.
Microservices and Kubernetes: Kubernetes is designed to manage and scale microservices. It can
handle the orchestration of complex, interdependent services and provides features such as service
discovery, traffic routing, load balancing, and monitoring.
Reference from IBM Cloud Professional Architect Materials:
IBM documentation on IBM Cloud Kubernetes Service confirms its suitability for managing
microservices architecture with container orchestration capabilities.
Other options are incorrect:
B . IBM Cloud Code Engine is a serverless platform, not specifically designed for microservices
orchestration.
C . IBM Cloud for VMware Solutions is used for running VMware workloads in the cloud.
D . IBM Cloud Functions is used for running serverless functions, not for orchestrating containers.
Which two use cases for IBM Cloud Flow logs can be supported by a single collector?
A, E
Explanation:
A single collector in IBM Cloud Flow logs can support the following two use cases:
Collect Data for a Single Network Interface in a Virtual Server Instance: IBM Cloud Flow logs can
collect network traffic data specific to a single network interface, which allows detailed monitoring
and analysis of traffic patterns and security incidents for that specific instance.
Collect Data for All Network Interfaces in a Subnet: A single collector can also be configured to gather
data from all network interfaces in a given subnet. This provides a comprehensive view of the
network traffic within that subnet, useful for monitoring, troubleshooting, and security analysis.
Reference from IBM Cloud Professional Architect Materials:
IBM documentation on IBM Cloud Flow Logs supports these use cases, showing how collectors can
be set up to monitor specific network interfaces or entire subnets.
Other options are incorrect:
B . Collect data for all network interfaces in an IBM Cloud Classic infrastructure and C. Collect data for
all network interfaces in an IBM Cloud region are too broad for a single collector.
D . Collect data for all network interfaces in an IBM Cloud account would require multiple collectors.
Therefore, the correct answers are A. Collect data for a single network interface in a virtual server
instance and E. Collect data for all network interfaces in a subnet.
Which two are the private registry options available to IBM Cloud OpenShift clusters?
B, D
Explanation:
The two private registry options available to IBM Cloud OpenShift clusters are IBM Cloud Container
Registry and the internal registry setup at cluster creation time.
IBM Cloud Container Registry: This is a private image registry that integrates with IBM Cloud
OpenShift. It allows users to store and manage Docker images in a private repository securely. This
option is specifically designed to work seamlessly with Kubernetes and OpenShift clusters in IBM
Cloud.
Internal Registry at Cluster Creation Time: IBM Cloud OpenShift also supports an internal image
registry that is set up during cluster creation. This internal registry allows for the storage and
management of container images directly within the OpenShift cluster, providing a secure and
private environment for images that are not meant to be publicly accessible.
Reference from IBM Cloud Professional Architect Materials:
According to IBM Cloud OpenShift documentation on Configuring Private Registries, these two
options are available for IBM Cloud OpenShift clusters.
Other options are incorrect:
A . GitHub and C. Docker Hub are public registries.
E . Red Hat Quay is another private registry solution but is not directly listed as an option specific to
IBM Cloud OpenShift clusters.
Therefore, the correct answers are B. IBM Cloud Container Registry and D. The internal registry setup
at cluster creation time.
The client requires 99.99% uptime. Why would a Citrix NetScaler help in this case?
D
Explanation:
A Citrix NetScaler (now known as Citrix ADC) is designed to improve the availability of applications by
providing advanced load balancing, traffic management, and redundancy features. It ensures that
applications remain accessible even in the event of server failures or high traffic volumes.
Why Citrix NetScaler Improves Availability: It distributes incoming traffic across multiple servers to
prevent overload on a single server, thus maintaining application uptime. It also provides failover
capabilities, ensuring that if one server fails, traffic is rerouted to other healthy servers.
Comparison with Other Options:
A (Predictability): While Citrix NetScaler can improve predictability, its main function is related to
availability.
B (Scalability): Citrix NetScaler can aid in scalability, but this is not the primary benefit for achieving
99.99% uptime.
C (Reliability): While reliability is an aspect, the key feature directly supporting 99.99% uptime is
availability.
Reference:
Citrix ADC Documentation
IBM Cloud Load Balancer Services
IBM Cloud Architect Exam Study Guide