1. What is the difference between object filter and event afilter ? (Top 50 Datapower Interview Questions And Answers Pdf)
Object filters allow only those log messages for specific objects to be written to the specific log target. Object filters are based on object classes. With this filter, you can create a log target that collects only log messages generated by particular instances of the specified object classes.
Event Filter allow only those log messages that contain the configured event codes to be written to this log target. With this filter, it is possible to create a log target that collects only log messages for a specific set of event codes. (Top 50 Datapower Interview Questions And Answers Pdf)
2. What Is A Trust Store ?A Trust Store ?
A trust store contains certificates from other parties that we expect to communicate with, or from Certificate Authorities that we trust to identify other parties. For example, google (chrome) contains certificate of many companies or websites. Whenever we browse that site the browser automatically check the site for its certificate form the store and compare it. If it is true, google will add the ‘s’ on ‘HTTP’. That way we know that website is secured and trustworthy.
3. What is API testing with runscope ?3. What is API testing with runscope ?at is API testing with runscope ?
Runscope is a web application that provides backend services and easy to use interface for testing APIs.
4. What Is Cryptography ?
Cryptography is to protect private communication in the public world. For example, two entities wanting to communicate – Ajitab and Mulu – are shouting their messages in a room full of people. Everyone can hear what they are saying. The goal of cryptography is to protect this communication so that only Ajitab and Mulu can understand the content of the messages.
5. Why do we need logtarget when there is already a default logging mechanism available in datapower ?
we need logtarget to capture messages that are posted by the various objects and services that are running on the appliance. In order to get a specific event or/and object log information, we utilize log targets.
6. Explain API framework ?
API framework is self-explanatory. Values for test run and for holding the configurable parts, config file is used. Automated test cases must represent in “ parse-table” format within config file. When testing API, it is not necessary to test each API so the config file have some section whose all API are activated for that specific run. (Top 50 Datapower Interview Questions And Answers Pdf)
7. How does the API Builder work ?
API Builder is a PLSQL program consists of four SQL files
For setting API parameters and starting the process one file is responsible
Two files are created for temporary tables and Master package to create the outputted code
Fourth file creates “spooled” output of the code into a file called “output_script_.sql”
8. What About Plug-in ?
plug-in is one of the modules it is interface between application server and web server, the plug-in process receives the request from the client first. If the request is for dynamic content, the plug-in diverts the request to the websphere application server. If the request is for static content, the plug-in forwards it to the Http server.
Top 50 Datapower Interview Questions And Answers Pdf
9. What Is The Global Security ?
It provides the authentication and authorization for websphere application server domain (administration client or console).
10. How to I collect a single log statement as alert as a mail when the object on which log target is enables goes down or comes up ?
It is done by setting up Event triggers. Event triggers perform actions only when triggered by a specified message ID or event code in this case the system goes up/down. With this filter, it is possible to create a log target that collects only the results of the specified trigger action. For example, to trigger the generation of an error report when a certain event occurs use the save error-report command and transfer to SMTP target format to send as an email alert.
11. Why do we need it ?
We need cryptography to share information confidentially which is ensuring the secrecy of communication
Authentication – Ajitabh can sign his message and Mulu can verify that he sent it based on his signature
Integrity checking -Mulu can generate a checksum of the message. Ajitab can either extract it from the message or recalculate it and verify that the message has not been changed.
Non-repudiation – if Ajitabh signs the message he cannot deny later that he sent it, because no one else could generate that same signature/private key.
12. Explain what are the principles of API test design ?
The principle for API test design are
Setup : Create objects, start services, initialize data etc
Execution: Steps to exercise API or scenario, also logging
Verification: Oracles to evaluate execution outcome
Reporting: Pass, failed or blocked
Clean up: Pre-test state
13. What are the weakness of symmetric key cryptography and what is the strength of the asymmetric key cryptography ?
Symmetric key cryptography–
– The biggest obstacle in successfully deploying a symmetric-key algorithm is the necessity for a proper exchange of private keys. This transaction must be completed in a secure manner. If face to-face meeting, which proves quite impractical in many circumstances when taking distance and time into account, cannot be possible to exchange private keys. If one assumes that security is a risk to begin with due to the desire for a secret exchange of data in the first place, the exchange of keys becomes further complicated.
– Another problem concerns the compromise of a private key. In symmetric key cryptography, every participant has an identical private key. As the number of participants in a transaction increases, both the risk of compromise and the consequences of such a compromise increase dramatically. Each additional user adds another potential point of weakness that an attacker could take advantage of. If such an attacker succeeds in gaining control of just one of the private keys in this world, every user, whether there are hundreds of users or only a few, is completely compromised. (Top 50 Datapower Interview Questions And Answers Pdf)
– Both Symmetric and Asymmetric-key cryptography also has vulnerabilities to attacks such as the man in the middle attack. In this situation, a malicious third party intercepts a public key on its way to one of the parties involved. The third party can then instead pass along his or her own public key with a message claiming to be from the original sender. An attacker can use this process at every step of an exchange in order to successfully impersonate each member of the conversation without any other parties having knowledge of this deception.
14. Asymmetric cryptography –More secure ?
– Asymmetric keys must be many times longer than keys in symmetric-cryptography in order to boast security. While generating longer keys in other algorithms will usually prevent a brute force attack from succeeding in any meaningful length of time, these computations become more computationally intensive. These longer keys can still vary in effectiveness depending on the computing power available to an attacker.
15. Explain all MQ API calls. (Not just the calls but explain them) ?
–>MQCONN….it will connect to queue manager
–>MQOPEN…..it will open the queue manager
–>MQPUT/GET/INQ….it is to put message, to get message and to inquire message,
–>MQCLOSE…….to close the connection,
16. What are the tools used for API test automation ?
While testing Unit and API testing, both target source code, if an API method is using code based on .NET then the tool which is supporting should have .NET
Automation tools for API testing can be used are
NUnit for .NET
JUnit for Java
Top 50 Datapower Interview Questions And Answers Pdf
17. In API document explain how to document each function ?What are the tools used for documentation ?
Description: Small description about what a function does
Syntax: Syntax about the parameter of the code, the sequence in which they occur, required and optional elements etc.
Parameters: Functions parameters
Error Messages: Syntax of error messages
Example Code: Small snippet of code
Related Links: Related functions
18. What is the default log size in the logtarget? What happens when that log size is reached ?
Log size: 500 kilobytes,
When the log file reached the limit, the system will uploaded it to the FTP server and if it is successfully uploaded, the appliance will delete the log in the system to free space.19. What Is The Application Server ?Answer:
The application server provides a runtime environment in which to deploy, manage, and run j2ee applications. (Top 50 Datapower Interview Questions And Answers Pdf)
20. Who issues a certificate, explain in detail ?
Certificate authorities act as trusted third parties that verify the identity of the sender of an encrypted message and issue digital certificates as evidence of authorization. These digital certificates contain the public key of the sender, which is then passed along to the intended recipient. The Certificate authorities do extensive background checks before giving an organization or a given individual a certificate. (Top 50 Datapower Interview Questions And Answers Pdf)
21. Application Installed But Not Working. What Are Troubleshooting Step ?
see jvm & application are up, check plugin-cfg.xml file for the root context used by the web application if it does not exist generate plugin and restart web server.
22. How do you gauge the strength of the key, what is the parameter used ?
The algorithm should be known to the public; but the key needs to be confidential
1. Key size
2. Performance/ Response time for Encryption or Decryption (depends on the system we use)
3. Mathematical proof for standardization of security provided by that algorithm
4. Who provided the certificate for the algorithm and the date of expiration date.
23. Explain what is TestApi ?
TestApi is a library of utility and test APIs that enables testers and developers to create testing tools and automated tests for .NET and Win32 application. It provides a set of common test building blocks, types, data-structure and algorithms.
24. What is Input injection and what are different ways of doing it ?
Input Injection: It is the act of simulating user input, in several ways you can simulate user input.
Direct Method Invocation
Invocation using an accessibility interface
Simulation using low-level input
Simulation using a device driver
Simulation using a robot
25. What are the common tests performed on API’s ?
The common tests performed on API’s
Verification of the API whether it is updating any data structure
Verify if the API does not return anything
Based on input conditions, returned values from the API’s are checked
Verification of the API whether it triggers some other event or calls another API (Svr technologies)
Top 50 Datapower Interview Questions And Answers Pdf
26. What is the difference between object type and object name and what happens when I keep the add referenced object option to ‘off’?
Object Type, specify the type of object. This filter restricts log messages to only those messages generated by the selected object.
Whereas, Object name specify the name of an existing object of the selected type.
When the add referenced object option is turned ‘off’, the appliance generates no additional object filters anymore and includes events for only the specified object.
27. What Is The Log Target Type For Sending The Logs To Email, What Is The Field Name That Has To Be Given A Value For Subject Representation Of An Email ?
SMTP, forwards log entries as email to the configured remote SNMP servers and email addresses. Before sending, the contents of the log can be encrypted or signed. The processing rate can be limited.
28. Mention the key difference between UI level testing and API testing ?
UI ( User Interface) refers to testing graphical interface such as how user interacts with the applications, testing application elements like fonts, images, layouts etc. UI testing basically focuses on look and feel of an application.
While, API enables communication between two separate software systems. A software system implementing an API contains functions or sub-routines that can be executed by another software system.
29. Explain what is REST API ?
It is a set of functions to which the developers performs requests and receive responses. In REST API interaction is made via HTTP protocol
REST – stands for Representational State Transfer, it is quickly becoming defacto standard for API creation.
30. WHEN APPLICATION IS DOWN WHAT U WILL DO ?
First look at the logs for errors. If you find the error, save the logs and start ur application. Then start troubleshoot.
If no error found, run a trace and look for FFDC etc.. (Top 50 Datapower Interview Questions And Answers Pdf)
31. WHERE TO GIVE APPLICATION PRIORITY WHILE STARTING SERVER ?
it will be under Enterprise applications ->app name -> startup behaviour ->Startup order in the admin console
32. What Is The Difference Between Web Server And Application Server ?
Web server serves pages for viewing in web browser, application server provides exposes business logic for client applications through various protocols
Web server exclusively handles https requests.application server serves business logic to application programs through any number of protocols.
Web server delegation model is fairly simple,when the request comes into the web server,it simply passes the request to the program best able to handle it(Server side program). It may not support transactions and database connection pooling.
Application server is more capable of dynamic behaviour than webserver. We can also configure application server to work as a web server.Simply applic! ation server is a superset of web server.
33. WHAT IS SSL?WHEN IT ENCRYPT & DECRYPT THE DATA ?
SSL are digital signed certificates. user for message /communication integrity and confidentiality. Generally encrypt at Sender side and decrypt at receiver side
(Top 50 Datapower Interview Questions And Answers Pdf)
34. Diff B/w Weblogic And Websphere ?
Both BEA Weblogic and IBM’s WebSphere provide J2EE based application servers which are competitors. WebSphere leverages more on connectivity issues with MQ and legacy systems with strong dominance in J2EE.
35. HOW TO MOVE CODE DEV ENVIRONMENT TO TESTING ENVIRONMENT ?
I’m sure what they mean by code here. I think, incase of applications, export them from in DEC and deploy in TEST. (Top 50 Datapower Interview Questions And Answers Pdf)36. Give three popular algorithms used for encryption ?Answer:
1. Triple DES-uses three individual keys with 56 bits each. The total key length adds up to 168 bits, but experts would argue that 112-bits in key strength is more like it.
2. RSA- is a public-key encryption algorithm and the standard for encrypting data sent over the internet.
3. AES-it is extremely efficient in 128-bit form, AES also uses keys of 192 and 256 bits for heavy duty encryption purposes.
37. Explain About Ibm Web Sphere Edge Serve ?
Web sphere edge server is used to improve the performance of web based systems. It can be used as forward or proxy server. Basically four components are present in the web sphere they are Network dispatcher, Caching proxy, Content distribution and application service at the edge.
38. What is Deployment Policy ?
An object in Datapower used to modify/filter imported configurations. When we import object(s) from one domain or environment to another, we may want to filter out or change certain object configurations for the new domain or environment. This can be achieved using (DP)Deployment Policy.
39. Explain About Ibm Web Sphere Integration Developer ?
Web sphere integration developer provides an IDE to build applications based on service oriented architecture. Web sphere process server and web sphere ESB were built with WID. WID was built with RAD Eclipse based technology. (Top 50 Datapower Interview Questions And Answers Pdf)
40. Explain About Compute Grid ?
Compute grid is also known as Web sphere batch. Web sphere extended deployment offers a Java batch processing system called as Compute Grid. This forms an additional feature to Web sphere network environment. Various features are provided which help a developer to create, manage and execute batch jobs. Job scheduler, xJCL, batch container and batch programming controller.
Top 50 Datapower Interview Questions And Answers Pdf
41. Difference API and Unit Testing ?
API is owned by QA team
API is mostly black box testing
Full functionality of the system is considered in API testing as it will be used by the end-user (external developers who will use your API )
API test are often run after the build is ready and authors do not have access to the source code
Unit testing is owned by development team
Unit testing is white box testing
Unit testing is done to verify whether each unit in isolation performs as expected or not (Top 50 Datapower Interview Questions And Answers Pdf)
For each of their module the developers are expected to build unit tests for each of their code modules and have to ensure that each module pass unit test before the code is included in a build
42. Mention what the main areas to be taken in consideration while writing API document ?
The key area to be considered when writing API documents are
Source of the content
Document plan or sketch
Information required for each function in the document
Automatic document creation programs
43. What are the main challenges of API testing ?
The main challenges in API testing is
Call sequencing (Top 50 Datapower Interview Questions And Answers Pdf)
44. What are the types of Bugs will API testing finds ?
The types of Bugs, API will find
Missing or duplicate functionality
Fails to handle error conditions gracefully
Not implemented errors
Inconsistent error handling
45. Mention the steps for testing API ?
API testing steps
Select the test case that has to be fulfilled
For API call develop a test case
To meet the test case configure the API parameters
Determine how will you validate a successful test
Using programming language like PHP or .NET execute the API call
Allow the API call to return the data to validati
46. Why do we need a digital signature ?
Digital signatures act as a verifiable seal or signature to confirm the authenticity of the sender and the integrity of the message. Users who wish to verify their identity when sending a protected message can encrypt the information with their private key. The recipient can then decrypt the message with the sender’s public key in order to confirm the sender’s identity and the integrity of the message.
Top 50 Datapower Interview Questions And Answers Pdf.
47. Explain About The Security Features Present In Was ?
Security model for web sphere is primarily based on JAVA EE security model. It also depends upon the operating system. User authentication and authorization mechanisms are also provided in WAS. Light weight third party authentication mechanism is the main security feature present in WAS.
48. explain About Web Sphere ?
The word web sphere popularly refers to IBM middleware technology products. Web sphere is known for its turn key operation in e business applications. It has run time components and tools which can help in creating applications which run on WAS. WAS refers to web sphere application server. (Top 50 Datapower Interview Questions And Answers Pdf)
49. Why Use The Boostrap Port Number ?
client applications use the bootstrap port to access websphere’s built-in object request broker (orb) to use enterprise java beans in applications installed on the application server. The java naming and directory interface service provider url used by the client application needs to reference the bootstrap port to obtain an initial context for looking up ejb’s it wants to use. (For communicate two servers)
50. WHAT IS FILE DESCRIPTORS IN AIX ?
A file descriptor is a handle created by a process when a file is opened. There is a limit to the amount of file descriptors per process.If the file descriptor limit is exceeded for a process, you may see the following errors:”Too Many Open Files” (Top 50 Datapower Interview Questions And Answers Pdf)