IBM Datapower Interview Questions
1. How do you Implement Dynamic Routing in Datapower?
Answer: In case of a dynamic backend, we update all the backend URL’s in an xml file and we use a generic XSLT which will read the URL from the xml file based on certain customized conditions and we set the routing variable var://service/routing-URL in the XSLT.
2. What is the difference between object filter and event filter?
Answer: Object filters allow only those log messages for specific objects to be written to the specific log target. Object filters are based on object classes. With this filter, you can create a log target that collects only log messages generated by particular instances of the specified object classes.
Event Filter allows only those log messages that contain the configured event codes to be written to this log target. With this filter, it is possible to create a log target that collects only log messages for a specific set of event codes.
3. Why do we need it?
Answer: We need cryptography to share information confidentially which is ensuring the secrecy of communication
Authentication: Ajitabh can sign his message and Mulu can verify that he sent it based on his signature
Integrity checking: Mulu can generate a checksum of the message. Ajab can either extract it from the message or recalculate it and verify that the message has not been changed.
Non-repudiation: if Ajitabh signs the message he cannot deny later that he sent it, because no one else could generate that same signature/private key.
4. Who issues a certificate, explain in detail?
Answer: Certificate authorities act as trusted third parties that verify the identity of the sender of an encrypted message and issue digital certificates as evidence of authorization. These digital certificates contain the public key of the sender, which is then passed along to the intended recipient. The Certificate authorities do extensive background checks before giving an organization or a given individual a certificate.
5. What is Deployment Policy?
Answer: An object in Datapower used to modify/filter imported configurations. When we import the object(s) from one domain or environment to another, we may want to filter out or change certain object configurations for the new domain or environment. This can be achieved using (DP)Deployment Policy.
6. What is Input injection and what are different ways of doing it?
Input Injection: It is the act of simulating user input, in several ways you can simulate user input.
Direct Method Invocation
- Invocation using an accessibility interface
- Simulation using low-level input
- Simulation using a device driver
- Simulation using a robot
7. Why Do We Need A Digital Signature?
Answer: Digital signatures act as a verifiable seal or signature to confirm the authenticity of the sender and the integrity of the message. Users who wish to verify their identity when sending a protected message can encrypt the information with their private key. The recipient can then decrypt the message with the sender’s public key in order to confirm the sender’s identity and the integrity of the message.
8. How to test API’s?
To test the API’s you should follow the following steps
- Select the suite in which you want to add the API test case
- Choose test development mode
- Develop test cases for the desired API methods
- Configure application control parameters
- Configure test conditions
- Configure method validation
- Execute API test
- View test reports
- Filter API test cases
- Sequence API test cases
9. Why Use The Boostrap Port Number?
Answer: client applications use the bootstrap port to access WebSphere’s built-in object request broker (orb) to use enterprise java beans in applications installed on the application server. The java naming and directory interface service provider URL used by the client application needs to reference the bootstrap port to obtain an initial context for looking up EJB’s it wants to use. (E learning portal)
10. Why do you want to work for IBM?
Answer: Be specific. A lot of candidates make the mistake of generalizing about wanting to work for a ‘global information technology giant’, which could apply equally to IBM or any of its major competitors. You need to make sure your answer reflects your interest in IBM specifically and why you feel the company is the best fit for you. Think about what elements of the company culture appeal to you, or what kinds of projects you might get involved in.
11. What Is The Default Log Size In The Log Target? What Happens When That Log Size Is Reached?
Answer: When the log file reached the limit, the system will upload it to the FTP server and if it is successfully uploaded, the appliance will delete the log in the system to free space.
12. What is an Application Domain?
Answer: An application domain allows the administrators to partition an appliance into multiple logical configurations. For example, the developers and production employees environment is different
13. What Is The Value Time Stamp Format In Log Target For?
Answer: Timestamp Format: Syslog
14. WHAT IS TRACING?
Answer: Tracing is when you go through an entire program and record the value of variables and the output. You trace a program when you want to find out what actually went wrong.
15. What is the Trust Store?
Answer: A trust store contains certificates from other parties that we expect to communicate with, or from Certificate Authorities that we trust to identify other parties. For example, Google (chrome) contains a certificate of many companies or websites. Whenever we browse that site the browser automatically check the site for its certificate form the store and compare it. If it is trust.
16. How do I collect a single log statement as alert as a mail when the object on which log target is enabled goes down or comes up?
Answer: It is done by setting up Event triggers. Event triggers perform actions only when triggered by a specified message ID or event code, in this case, the system goes up/down. With this filter, it is possible to create a log target that collects only the results of the specified trigger action. For example, to trigger the generation of an error report when a certain event occurs use the save error-report command and transfer to SMTP target format to send as an email alert.
17. How do you gauge the strength of the key, what is the parameter used?
Answer: The algorithm should be known to the public, but the key needs to be confidential
1. Key size
2. Performance/ Response time for Encryption or Decryption (depends on the system we use)
3. Mathematical proof for standardization of security provided by that algorithm
4. Who provided the certificate for the algorithm and the date of the expiration date.
18. What is DataPower?
Answer: All DataPower Appliances are built on IBM’s XSeries 1U Chassis, which include hot-swappable Power, Disks, and Fans. DataPower Appliances contain many specialized hardware components, including ASIC-based IPS, Custom Encrypted RAID Drives, and Hardware Security Modules. Externally facing, all DataPower Appliances have 4 Ethernet ports and 1 Serial port.
DataPower Appliances operate a single digitally signed Firmware containing an operating system and application stack. Data Power’s firmware runs on a flash storage device. IBM refreshes and enhances the DataPower Firmware image every 10â€“20 weeks. DataPower firmware is a well-performing and highly optimized platform to perform electronic messaging functions. As a result, users cannot run 3rd party applications on DataPower as they would a traditional server and operating system. Instead of a traditional Files System, DataPower runs with a collection of isolated virtual File Systems called ‘Application Domains’. As a result, DataPower can appear to its client connections be any type of network file system with any type of folders and links.
Another purpose of DataPower’s firmware platform is security. The DataPower TCP and UDP network stack is expected to provide near-constant throughput under the most extreme and sophisticated DDoS and XSS network attacks.
19. Explain About Asymmetric Clustering?
Answer: Asymmetric clustering applications are primarily used in electronic trading systems employed in banks. Some of the features are, partitions can be declared during run time and are usually run on a single cluster at a time. Work specific to a particular can be routed to that cluster.
20. WHAT IS FILE DESCRIPTORS IN AIX?
Answer: A file descriptor is a handle created by a process when a file is opened. There is a limit to the number of file descriptors per process. If the file descriptor limit is exceeded for a process, you may see the following errors:” Too Many Open Files”
21. What Is JNDI?
Answer: we can register resources in the application server’s java naming and directory interface (JNDI) namespace. Client applications can then obtain the references to these resource objects in their programs.
22. What’s the difference between an abstract class and an interface?
Answer: The best way to prepare is to look carefully at the job description for information about what kinds of skills will be relevant to the role and find out as much as possible about them. If, when you get to the interview, you’re asked something you don’t know, be honest about it – the interviewer will know if you’re trying to blag it.
23. Explain about your Roles and Responsibilities?
- Gathering the requirements from Client
- Preparing the Design Document
- Presenting the Design document to Client for approval
- Configuring the service in a Development environment
- Testing and Troubleshooting of DP Services
- Migrating the services from Dev to test and to the production environment
24. What is XSL: param?
Answer: The element is used to declare a local or global parameter. The parameter is global if it’s declared as a top-level element, and local if it’s declared within a template.
The element calls a named template.
Note: In terms of raw performance xsl:call-template is likely to be faster, as you are calling a specifically named template, rather than telling the XSLT processor to pick the template which best matches
With call-template, you have to know what you’re calling. apply-templates is polymorphic – what gets called depends on what you find in the input, which means it is the key feature that enables XSLT to respond to variable or unpredictable input – essential when handling documents as distinct from structured data.
apply-templates is usually (but not necessarily) used to process all or a subset of children of the current node with all applicable templates. This supports the recursiveness of XSLT application which is matching the (possible) recursiveness of the processed XML.
call-template, on the other hand, is much more like a normal function call. You execute exactly one (named) template, usually with one or more parameters.
25. What Is The Log Target Type For Sending The Logs To Email, What Is The Field Name That Has To Be Given A Value For Subject Representation Of An Email?
Answer: SMTP, forwards log entries as an email to the configured remote SNMP servers and email addresses. Before sending, the contents of the log can be encrypted or signed. The processing rate can be limited.
26. Explain About Extended Deployment?
Answer: Web sphere application server extended deployment increases the functionality of the server in two main areas they are manageability and performance. Dynamic virtualization between servers is possible with the help of XD. A stand-alone distributed cache was added to it under the performance header, it is known as Object Grid.
27. What are the different modes of archival? Explain each mode in two lines each?
Answer: Rotate, rotate the log file when the maximum size is reached. The appliance creates a copy of the file and starts a new file. The appliance retains the archived copies up to the specified number of rotations. After reaching the maximum number of rotations and the log file reaches its maximum size, the appliance deletes the oldest file and copies the current file.
Upload, upload the log file when the maximum size is reached. The appliance uploads the file using the specified upload method.
28. What kind of troubleshooting have you done in datapower?
- We use the probe to capture the ongoing transactions with respect to service.
- We can also set the log level to debug mode in Troubleshooting Panel.
- We can make use of Log targets and Log Categories, especially in Prod, as we are not supposed to enable the probe in production.
- We have a default log file under log temp directory in the file manager, which will have all the logs with respect to a domain
- If we have to customize the log files, we create log targets
- We can save the logs in a file on the DP Appliance itself under log store or log temp directory
- We can also save the logs in an external server.
29. How do you handle Error scenarios?
Answer: We create an error rule in which we use a generic XSLT, which creates a fault message by reading the Service variables.
30. What are the different services that have you used in Datapower?
Answer: WebService Proxy, Multiprotocol gateway, and XML Firewall.
31. Give Three Popular Algorithms Used For Encryption?
1. Triple DES-uses three individual keys with 56 bits each. The total key length adds up to 168 bits, but experts would argue that 112-bits in key strength is more like it.
2. RSA- is a public-key encryption algorithm and the standard for encrypting data sent over the internet.
3. AES-it is extremely efficient in 128-bit form, AES also uses keys of 192 and 256 bits for heavy-duty encryption purposes.
32. When at work or on a project have you had to persuade someone to change their opinion or do something differently?
Answer: This is a variant on a traditional competency question and your example could tie into a number of their competencies, depending on its context – but it’s fair to say that this is testing your communication, teamwork, and drive. Although the question is asking for a time when you persuaded them, your interviewers will be more interested in how you persuaded them and whether your attempts were successful. Note that it asks for an example of work when on a project, which leads you to think of times when completing internships, part-time jobs or group coursework. However, you can be creative in how you define ‘project’ to bring in your extracurricular activities. Remember that a project can be defined as a discrete piece of work or set of tasks with a specific aim, with a start and end date.
33. What Is Cryptography?
Answer: Cryptography is to protect private communication in the public world. For example, two entities wanting to communicate – Ajitab and Mulu – are shouting their messages in a room full of people. Everyone can hear what they are saying. The goal of cryptography is to protect this communication so that only Ajitab and Mulu can understand the content of the messages.
34. What Is The Global Security?
Answer: It provides the authentication and authorization for WebSphere application server domain (administration client or console).
35. WHAT IS SSL? WHEN IT ENCRYPT & DECRYPT THE DATA?
Answer: SSL are digitally signed certificates. user for message /communication integrity and confidentiality. Generally, encrypt at Sender side and decrypt at the receiver side.
36. Explain what is TestApi?
Answer: Test API is a library of utility and test APIs that enables testers and developers to create testing tools and automated tests for .NET and Win32 application. It provides a set of common test building blocks, types, data-structure and algorithms.
37. Explain About The Network Deployment Feature Present In Was?
Answer: Managing singletons will be a thing of the past and it also provides hot recovery of singletons which makes you forget about your GC collected singletons. Transaction logs can be stored on a shared file system. For clustering run, time operations deployment manager`s role was eliminated. J2EE failover support and cell configuration support is also present.
38. Why did you choose your particular degree?
Answer: This focuses on your interests, career aspirations and the motivation behind them. If you studied something unrelated, such as geography, and have only chosen to look into the technology industry since starting university, explain what made you choose your degree originally and what made you decide to change your focus.
39. What are the Datapower Variables?
- A local context variable in the default (current) context.
- The local context does not persist beyond the scope of the transaction. A transaction can include both a request component and a response component. The local context cannot be accessed by any object outside the scope of the transaction. In other words, a service cannot read and use the variable.
- Addresses a variable in a named context.
- Service – mention any service variable forex : var://service/routing-URL, var://service/error-code, var://service/URL-in
- Addresses a variable that is made available to a DataPower service that is attached to a session.
40. What do you know about IBM?
Answer: This is similar in some ways to the previous question but is designed to test how much research you’ve done and how well you understand the company. There are no shortcuts with this one; the only way you can really answer it is if you’ve actually done your research.
Things to consider while researching:
Find out about IBM’s history. (Your starter for ten: IBM celebrated its 100th birthday in 2011; it began life as the Computing-Tabulating-Recording Company in 1911, through the merger of three other companies.)
Research and development is a major growth area – in 2017 IBM received more US patents than any other company for the 25th year in a row. Technology moves fast, so keep tabs on IBM’s press releases to make sure you’re up to date.
IBM originally focused mainly on hardware but has shifted towards consultancy and software. It’s important to show that you know about its products and services.
41. How do you migrate your services from one environment to another or how do you deploy your services from one environment to another?
Answer: We have a support team who takes care of Service deployments. We take an export of the service which needs to be deployed and keep it in a secured server by doing FTP. Our support team has some scripts, which they execute in the server and does the deployment
We can also use Export and Import configuration along with the Deployment Policy
42. What is the advantage of Datapower over Message Broker?
Answer: Integrating and leveraging the WebSphere MQ messaging infrastructure. Similar to Message Broker, DataPower can do any-to-any transformation (in theory, Yes. But in practice, you may need to use WebSphere Transformation Extender (WTX)).Supports
different protocols such as MQ, JMS, HTTP(S), Web Services, FTP, and convert one to the other. Supports almost every security protocols and different authentication/authorization schemas, such as Web Service security/policy, TLS/SSL, SAML, LDAP, RADIUS, etc.
43. Difference between Copy and Copy-of?
Answer: The element creates a copy of the current node.
Note: Namespace nodes of the current node are automatically copied as well, but child nodes and attributes of the current node are not automatically copied!
The element creates a copy of the current node.
Note: Namespace nodes, child nodes, and attributes of the current node are automatically copied as well!
44. Explain About Computer Grid?
Answer: Compute grid is also known as Web sphere batch. Web sphere extended deployment offers a Java batch processing system called a Compute Grid. This forms an additional feature to the Web sphere network environment. Various features are provided which help a developer to create, manage and execute batch jobs. Job scheduler, xJCL, batch container, and batch programming controller.
45. Is The Naming Of Connection Factory Independent Of The Name Specified By Jms Client?
Answer: Yes, the naming of the connection factory is independent of the name specified by the JMS client. This is made possible by WAS with its resource references. It isolates the application from object names. This feature is important because it gives us the flexibility to change the administered object without changing the JMS client code.
46. How To Configure The Global Security?
Answer: open the console and then select security option in the right side menu, and then select local registry in the user registry, then enter the username, passwords. And again select global security then lipa option then provide the password, then save the configuration. And restart the deployment server and then login the console.
47. What Is Datasource?
Answer: A data source is associated with a JDBC provider that supplies the specific JDBC driver implementation class.
48. Give me all the MQMD attributes and explain about Correl Id, CCSID and Encoding?
- Backout count
- Default priority
- Alteration date
- Put messages
- Channel status
- Maximum message length
- message type
correl ID: correlation identifier, which the application can use to relate one message to another, or to relate the message to other
work that the application is performing.
CCSID: is the identifier that is used with all character string field defined by API.
convert (information or instruction) into a particular form.
49. Detail About The Architecture Of WebSphere?
Websphere is built on three main components they are:
- J2EE application server
- A webserver
- The databases which it supports are
- The application server is IBM WAS and the supported web servers are
- IBM server
- Microsoft IIS
- Sun web server.
50. What is the difference between object type and object name and what happens when I keep the add referenced object option to ‘off’?
Answer: Object Type, specify the type of object. This filter restricts log messages to only those messages generated by the selected object.
Whereas, Object name specifies the name of an existing object of the selected type.
When the add referenced object option is turned ‘off’, the appliance generates no additional object filters anymore and includes events for only the specified object.
51. Why do we need a log target when there is already a default logging mechanism available in DataPower?
Answer: we need a log target to capture messages that are posted by the various objects and services that are running on the appliance. In order to get a specific event or/and object log information, we utilize log targets.