1. What is the difference between object filter and event a filter?
Answer: Object filters allow only those log messages for specific objects to be written to the specific log target. Object filters are based on object classes. With this filter, you can create a log target that collects only log messages generated by particular instances of the specified object classes.
Event Filter allows only those log messages that contain the configured event codes to be written to this log target. With this filter, it is possible to create a log target that collects only log messages for a specific set of event codes.
2. What Is A Trust Store?
Answer: A trust store contains certificates from other parties that we expect to communicate with, or from Certificate Authorities that we trust to identify other parties. For example, Google (chrome) contains a certificate of many companies or websites. Whenever we browse that site the browser automatically check the site for its certificate form the store and compare it. If it is true, Google will add the ‘s’ on ‘HTTP’. That way we know that the website is secured and trustworthy.
3. What is API testing with the run scope ? 3. What is API testing with the run scope? at is API testing with the run scope?
Answer: Runscope is a web application that provides backend services and easy to use interface for testing APIs.
4. What Is Cryptography?
Answer: Cryptography is to protect private communication in the public world. For example, two entities wanting to communicate – Ajitab and Mulu – are shouting their messages in a room full of people. Everyone can hear what they are saying. The goal of cryptography is to protect this communication so that only Ajitab and Mulu can understand the content of the messages. (online training institute)
5. Why do we need a log target when there is already a default logging mechanism available in DataPower?
Answer: we need a log target to capture messages that are posted by the various objects and services that are running on the appliance. In order to get a specific event or/and object log information, we utilize log targets.
6. Explain API framework?
Answer: API framework is self-explanatory. Values for a test run and for holding the configurable parts, the config file is used. Automated test cases must represent in “ parse-table” format within the config file. When testing API, it is not necessary to test each API so the config file has some section whose all API is activated for that specific run.
7. How does the API Builder work?
Answer: API Builder is a PLSQL program consists of four SQL files
For setting API parameters and starting the process one file is responsible
Two files are created for temporary tables and Master package to create the outputted code
The fourth file creates “spooled” output of the code into a file called “output_script_.sql”
8. What About Plug-in?
Answer: plug-in is one of the modules it interfaces between the application server and web server, the plug-in process receives the request from the client first. If the request is for dynamic content, the plug-in diverts the request to the WebSphere application server. If the request is for static content, the plug-in forwards it to the Http server.
9. What Is The Global Security?
Answer: It provides the authentication and authorization for the Websphere application server domain (administration client or console).
10. How do I collect a single log statement as alert as a mail when the object on which log target is enabled goes down or comes up?
Answer: It is done by setting up Event triggers. Event triggers perform actions only when triggered by a specified message ID or event code, in this case, the system goes up/down. With this filter, it is possible to create a log target that collects only the results of the specified trigger action. For example, to trigger the generation of an error report when a certain event occurs use the save error-report command and transfer to SMTP target format to send as an email alert.
11. Why do we need it?
Answer: We need cryptography to share information confidentially which is ensuring the secrecy of communication
Authentication – Ajitabh can sign his message and Mulu can verify that he sent it based on his signature
Integrity checking -Mulu can generate a checksum of the message. Ajit can either extract it from the message or recalculate it and verify that the message has not been changed.
Non-repudiation – if Ajitabh signs the message he cannot deny later that he sent it, because no one else could generate that same signature/private key.
12. Explain what are the principles of API test design?
Answer: The principle for API test design is
Setup: Create objects, start services, initialize data, etc
Execution: Steps to exercise API or scenario, also logging
Verification: Oracles to evaluate execution outcome
Reporting: Pass, failed or blocked
Clean up: Pre-test state
13. What is the weakness of symmetric key cryptography and what is the strength of the asymmetric key cryptography?
Answer: Symmetric key cryptography–
– The biggest obstacle in successfully deploying a symmetric-key algorithm is the necessity for a proper exchange of private keys. This transaction must be completed in a secure manner. If the face-to-face meeting, which proves quite impractical in many circumstances when taking distance and time into account, cannot be possible to exchange private keys. If one assumes that security is a risk, to begin with, due to the desire for a secret exchange of data in the first place, the exchange of keys becomes further complicated.
– Another problem concerns the compromise of a private key. In symmetric-key cryptography, every participant has an identical private key. As the number of participants in a transaction increases, both the risk of compromise and the consequences of such a compromise increase dramatically. Each additional user adds another potential point of weakness that an attacker could take advantage of. If such an attacker succeeds in gaining control of just one of the private keys in this world, every user, whether there are hundreds of users or only a few, is completely compromised.
– Both Symmetric and Asymmetric-key cryptography also has vulnerabilities to attacks such as the man in the middle attack. In this situation, a malicious third party intercepts a public key on its way to one of the parties involved. The third-party can then instead pass along his or her own public key with a message claiming to be from the original sender. An attacker can use this process at every step of an exchange in order to successfully impersonate each member of the conversation without any other parties having knowledge of this deception.
14. Asymmetric cryptography –More secure?
Answer: – Asymmetric keys must be many times longer than keys in symmetric-cryptography in order to boost security. While generating longer keys in other algorithms will usually prevent a brute force attack from succeeding in any meaningful length of time, these computations become more computationally intensive. These longer keys can still vary in effectiveness depending on the computing power available to an attacker.
15. Explain all MQ API calls. (Not just the calls but explain them) ?
–> MQCONN….it will connect to the queue manager
–> MQOPEN…..it will open the queue manager
–> MQPUT/GET/INQ….it is to put the message, to get the message and to inquire message,
–> MQCLOSE…….to close the connection,
–> MQDIS………to disconnect.
16. What are the tools used for API test automation?
Answer: While testing Unit and API testing, both target source code, if an API method is using code based on .NET then the tool which is supporting should have .NET
Automation tools for API testing can be used are
NUnit for .NET
JUnit for Java
17. In API document explain how to document each function? What are the tools used for documentation?
Answer: Description: Small description of what a function does
Syntax: Syntax about the parameter of the code, the sequence in which they occur, required and optional elements, etc.
Parameters: Functions parameters
Error Messages: Syntax of error messages
Example Code: Small snippet of code
Related Links: Related functions
18. What is the default log size in the log target? What happens when that log size is reached?
Answer: Log size: 500 kilobytes,
When the log file reached the limit, the system will upload it to the FTP server and if it is successfully uploaded, the appliance will delete the log in the system to free space.
19. What Is The Application Server?
Answer: The application server provides a runtime environment in which to deploy, manage, and run j2ee applications.
20. Who issues a certificate, explain in detail?
Answer: Certificate authorities act as trusted third parties that verify the identity of the sender of an encrypted message and issue digital certificates as evidence of authorization. These digital certificates contain the public key of the sender, which is then passed along to the intended recipient. The Certificate authorities do extensive background checks before giving an organization or a given individual a certificate.
21. Application Installed But Not Working. What Are Troubleshooting Step?
Answer: see JVM & the application is up, check the plugin-cfg.xml file for the root context used by the web application if it does not exist generate plugin and restart the webserver.
22. How do you gauge the strength of the key, what is the parameter used?
Answer: The algorithm should be known to the public, but the key needs to be confidential
1. Key size
2. Performance/ Response time for Encryption or Decryption (depends on the system we use)
3. Mathematical proof for standardization of security provided by that algorithm
4. Who provided the certificate for the algorithm and the date of the expiration date.
23. Explain what is TestApi?
Answer: TestApi is a library of utility and test APIs that enables testers and developers to create testing tools and automated tests for .NET and Win32 application. It provides a set of common test building blocks, types, data-structure and algorithms.
24. What is Input injection and what are different ways of doing it?
Answer: Input Injection: It is the act of simulating user input, in several ways you can simulate user input.
Direct Method Invocation
Invocation using an accessibility interface
Simulation using low-level input
Simulation using a device driver
Simulation using a robot
25. What are the common tests performed on APIs?
The common tests performed on API’s
Verification of the API whether it is updating any data structure
Verify if the API does not return anything
Based on input conditions, returned values from the API’s are checked
Verification of the API whether it triggers some other event or calls another API.
26. What is the difference between object type and object name and what happens when I keep the add referenced object option to ‘off’?
Answer: Object Type, specify the type of object. This filter restricts log messages to only those messages generated by the selected object.
Whereas, Object name specifies the name of an existing object of the selected type.
When the add referenced object option is turned ‘off’, the appliance generates no additional object filters anymore and includes events for only the specified object.
27. What Is The Log Target Type For Sending The Logs To Email, What Is The Field Name That Has To Be Given A Value For Subject Representation Of An Email?
Answer: SMTP, forwards log entries as an email to the configured remote SNMP servers and email addresses. Before sending, the contents of the log can be encrypted or signed. The processing rate can be limited.
28. Mention the key difference between UI level testing and API testing?
Answer: UI ( User Interface) refers to testing graphical interface such as how the user interacts with the applications, testing application elements like fonts, images, layouts, etc. UI testing basically focuses on look and feel of an application.
While API enables communication between two separate software systems. A software system implementing an API contains functions or sub-routines that can be executed by another software system.
29. Explain what is REST API?
Answer: It is a set of functions to which the developers performs requests and receive responses. In REST API interaction is made via HTTP protocol
REST – stands for Representational State Transfer, it is quickly becoming defacto standard for API creation.
30. WHEN APPLICATION IS DOWN WHAT U WILL DO?
Answer: First, look at the logs for errors. If you find the error, save the logs and start ur application. Then start to troubleshoot.
If no error found, run a trace and look for FFDC, etc..
31. WHERE TO GIVE APPLICATION PRIORITY WHILE STARTING SERVER?
Answer: it will be under Enterprise applications ->app name -> startup behavior ->Startup order in the admin console
32. What Is The Difference Between Web Server And Application Server?
Answer: Web server serves pages for viewing in a web browser, the application server provides exposes business logic for client applications through various protocols
Web server exclusively handles https requests. application server serves business logic to application programs through any number of protocols.
Web server delegation model is fairly simple when the request comes into the webserver, it simply passes the request to the program best able to handle it(Server-side program). It may not support transactions and database connection pooling.
The application server is more capable of dynamic behavior than the webserver. We can also configure the application server to work as a web server. Simply apply! ation server is a superset of the webserver.
33. WHAT IS SSL? WHEN IT ENCRYPT & DECRYPT THE DATA?
Answer: SSL are digitally signed certificates. user for message /communication integrity and confidentiality. Generally, encrypt at Sender side and decrypt at the receiver side
34. Diff B/w Weblogic And Websphere?
Answer: Both BEA Weblogic and IBM’s WebSphere provide J2EE based application servers which are competitors. WebSphere leverages more on connectivity issues with MQ and legacy systems with a strong dominance in J2EE.
35. HOW TO MOVE CODE DEV ENVIRONMENT TO TESTING ENVIRONMENT?
Answer: I’m sure what they mean by code here. I think, in case of applications, export them from in DEC and deploy in TEST.
36. Give three popular algorithms used for encryption?
Answer: 1. Triple DES-uses three individual keys with 56 bits each. The total key length adds up to 168 bits, but experts would argue that 112-bits in key strength is more like it.
2. RSA- is a public-key encryption algorithm and the standard for encrypting data sent over the internet.
3. AES-it is extremely efficient in 128-bit form, AES also uses keys of 192 and 256 bits for heavy-duty encryption purposes.
37. Explain About IBM Web Sphere Edge Serve?
Answer: Web sphere edge server is used to improve the performance of web-based systems. It can be used as a forwarding or proxy server. Basically, four components are present in the web sphere they are Network dispatcher, Caching proxy, Content distribution and application service at the edge.
38. What is Deployment Policy?
Answer: An object in Datapower used to modify/filter imported configurations. When we import the object(s) from one domain or environment to another, we may want to filter out or change certain object configurations for the new domain or environment. This can be achieved using (DP)Deployment Policy.
39. Explain About IBM Web Sphere Integration Developer?
Answer: Web sphere integration developer provides an IDE to build applications based on service-oriented architecture. Web sphere process server and web sphere ESB were built with WID. WID was built with RAD Eclipse-based technology.
40. Explain About Computer Grid?
Answer: Compute grid is also known as Web sphere batch. Web sphere extended deployment offers a Java batch processing system called a Compute Grid. This forms an additional feature to the Web sphere network environment. Various features are provided which help a developer to create, manage and execute batch jobs. Job scheduler, xJCL, batch container, and batch programming controller.
41. Difference API and Unit Testing?
Answer: API testing
API is owned by QA team
API is mostly black box testing
Full functionality of the system is considered in API testing as it will be used by the end-user (external developers who will use your API )
API test are often run after the build is ready and authors do not have access to the source code
Unit testing is owned by the development team
Unit testing is white box testing
Unit testing is done to verify whether each unit in isolation performs as expected or not
For each of their module, the developers are expected to build unit tests for each of their code modules and have to ensure that each module pass unit test before the code is included in a build
42. Mention what the main areas to be taken into consideration while writing an API document?
Answer: The key area to be considered when writing API documents are
Source of the content
Document plan or sketch
Information required for each function in the document
Automatic document creation programs
43. What are the main challenges of API testing?
The main challenges in API testing are
44. What are the types of Bugs will API testing finds?
Answer: The types of Bugs, API will find
Missing or duplicate functionality
Fails to handle error conditions gracefully
Not implemented errors
Inconsistent error handling
45. Mention the steps for testing API?
API testing steps
Select the test case that has to be fulfilled
For API call develop a test case
To meet the test case configure the API parameters
Determine how will you validate a successful test
Using programming language like PHP or .NET execute the API call
Allow the API call to return the data to validate
46. Why do we need a digital signature?
Answer: Digital signatures act as a verifiable seal or signature to confirm the authenticity of the sender and the integrity of the message. Users who wish to verify their identity when sending a protected message can encrypt the information with their private key. The recipient can then decrypt the message with the sender’s public key in order to confirm the sender’s identity and the integrity of the message.
47. Explain About The Security Features Present In Was?
Answer: The security model for web sphere is primarily based on JAVA EE security model. It also depends upon the operating system. User authentication and authorization mechanisms are also provided in WAS. The lightweight third party authentication mechanism is the main security feature present in WAS.
48. explain About Web Sphere?
Answer: The word web sphere popularly refers to IBM middleware technology products. Web sphere is known for its turn-key operation in e-business applications. It has run time components and tools which can help in creating applications which run on WAS. WAS refers to web sphere application server.
49. Why Use The Boostrap Port Number?
Answer: client applications use the bootstrap port to access web spheres built-in object request broker (orb) to use enterprise java beans in applications installed on the application server. The java naming and directory interface service provider URL used by the client application needs to reference the bootstrap port to obtain an initial context for looking up b’s it wants to use. (For communicate two servers)
50. WHAT IS FILE DESCRIPTORS IN AIX?
Answer: A file descriptor is a handle created by a process when a file is opened. There is a limit to the number of file descriptors per process. If the file descriptor limit is exceeded for a process, you may see the following errors:” Too Many Open Files”
Note: Browse latest Datapower interview questions and datapower tutorial. Here you can check Datapower Training details and Datapower training videos for self learning. Contact +91 988 502 2027 for more information.