IBM Datapower Interview Questions And Answers Pdf

1. How do you Implement Dynamic Routing in Datapower?
Answer: In case of a dynamic backend, we update all the backend URL’s in an xml file and we use a generic XSLT which will read the URL from the xml file based on certain customized conditions and we set the routing variable var://service/routing-URL in the XSLT. 

2. Why do we need a log target when there is already a default logging mechanism available in datapower?
we need a log target to capture messages that are posted by the various objects and services that are running on the appliance. In order to get a specific event or/and object log information, we utilize log targets.

3. Why Do We Need A Digital Signature?
Digital signatures act as a verifiable seal or signature to confirm the authenticity of the sender and the integrity of the message. Users who wish to verify their identity when sending a protected message can encrypt the information with their private key. The recipient can then decrypt the message with the sender’s public key in order to confirm the sender’s identity and the integrity of the message.

4. What is an XML Manager and why do we need it?

An XML Manager provides the following capabilities

Basic network configuration, such as load balancing and accessing remote servers.
It acts as an XML parser in order to provide XML Threat Protection
It helps in implementing Caching
To configure the User-Agent.

5. What are the different modes through which you can connect to Datapower?

  • GUI
  • CLI
  • XML-Management Interface

6. Difference between Copy and Copy-of?

The element creates a copy of the current node.

Note: Namespace nodes of the current node are automatically copied as well, but child nodes and attributes of the current node are not automatically copied!

The element creates a copy of the current node.

Note: Namespace nodes, child nodes, and attributes of the current node are automatically copied as well!

7. Who issues a certificate, explain in detail?
Certificate authorities act as trusted third parties that verify the identity of the sender of an encrypted message and issue digital certificates as evidence of authorization. These digital certificates contain the public key of the sender, which is then passed along to the intended recipient. The Certificate authorities do extensive background checks before giving an organization or a given individual a certificate.

8. What is an Application Domain?
An application domain allows the administrators to partition an appliance into multiple logical configurations. For example, the developers and production employees environment is different.

9. When at work or on a project have you had to persuade someone to change their opinion or do something differently?
This is a variant on a traditional competency question and your example could tie into a number of their competencies, depending on its context – but it’s fair to say that this is testing your communication, teamwork, and drive. Although the question is asking for a time when you persuaded them, your interviewers will be more interested in how you persuaded them and whether your attempts were successful. Note that it asks for an example of work when on a project, which leads you to think of times when completing internships, part-time jobs or group coursework. However, you can be creative in how you define ‘project’ to bring in your extracurricular activities. Remember that a project can be defined as a discrete piece of work or set of tasks with a specific aim, with a start and end date. 

10. What kind of troubleshooting have you done in datapower?
We use the probe to capture the ongoing transactions with respect to service.
We can also set the log level to debug mode in Troubleshooting Panel.
We can make use of Log targets and Log Categories, especially in Prod, as we are not supposed to enable the probe in production.
We have a default log file under log temp directory in the file manager, which will have all the logs with respect to a domain
If we have to customize the log files, we create log targets
We can save the logs in a file on the DP Appliance itself under log store or log temp directory
We can also save the logs in an external server.

11. What is the advantage of Datapower over Message Broker?
Integrating and leveraging the WebSphere MQ messaging infrastructure. Similar to Message Broker, DataPower can do any-to-any transformation (in theory, Yes. But in practice, you may need to use WebSphere Transformation Extender (WTX)).
Supports different protocols such as MQ, JMS, HTTP(S), Web Services, FTP, and convert one to the other. Supports almost every security protocols and different authentication/authorization schemas, such as Web Service security/policy, TLS/SSL, SAML, LDAP, RADIUS, etc.
Supports a wide range of data formats, including XML, binary (COBOL, C), positional/delimited, and industry formats (EDI, SWIFT), and convert one to the other. Provides field-level security: WS-security down to the individual operation, encrypt & sign individual fields, non-repudiation.
Provides a number of capabilities to customize mediation, including C/C++, ESQL, Java, XSLT, and PHP. Data validation, parsing and filtering, and metadata manipulation.
WebSphere Adapters for enterprise applications (SAP, PeopleSoft, and Siebel). Transport level protocol conversions from any-to-any.
Offers z/OS clients platform-specific benefits (CICS, VSAM).

12. What are the components of a WSDL?

  • WSDL Definitions
  • WSDL Types
  • WSDL Message
  • WSDP Port and Operation
  • WSDL Binding

13. What is xsl: param?
The element is used to declare a local or global parameter. The parameter is global if it’s declared as a top-level element, and local if it’s declared within a template.

14. What are the different services that have you used in Datapower?
WebService Proxy, Multiprotocol gateway, and XML Firewall.

15. What actions have you used in the processing policy?

  • AAA
  • SLM
  • Match
  • Transform
  • Result
  • Sign
  • Verify
  • Encrypt
  • Decrypt

16. Difference between Apply-template and Call-template?
The element applies a template to the current element or to the current element’s child nodes.

If we add a select attribute to the element it will process only the child element that matches the value of the attribute. We can use the select attribute to specify the order in which the child nodes are processed.

The element calls a named template.

Note: In terms of raw performance xsl: call-template is likely to be faster, as you are calling a specifically named template, rather than telling the XSLT processor to pick the template which best matches

With call-template, you have to know what you’re calling. apply-templates is polymorphic – what gets called depends on what you find in the input, which means it is the key feature that enables XSLT to respond to variable or unpredictable input – essential when handling documents as distinct from structured data.

apply-templates is usually (but not necessarily) used to process all or a subset of children of the current node with all applicable templates. This supports the recursiveness of XSLT application which is matching the (possible) recursiveness of the processed XML.

call-template, on the other hand, is much more like a normal function call. You execute exactly one (named) template, usually with one or more parameters.

17. What are the Datapower Variables?
A local context variable in the default (current) context.

The local context does not persist beyond the scope of the transaction. A transaction can include both a request component and a response component. The local context cannot be accessed by any object outside the scope of the transaction. In other words, a service cannot read and use the variable.

Addresses a variable in a named context.

Service – mention any service variable forex : var://service/routing-URL, var://service/error-code, var://service/URL-in

Addresses a variable that is made available to a DataPower service that is attached to a session.

18. How do you migrate your services from one environment to another or how do you deploy your services from one environment to another?
We have a support team who takes care of Service deployments. We take an export of the service which needs to be deployed and keep it in a secured server by doing FTP. Our support team has some scripts, which they execute in the server and does the deployment.

19. What is an on-error action in XI52?
An on-error action defines a named rule that enables user-defined error handling when subsequent processing encounters errors. This topic instructs how to define an on-error action.

The on-error action either stops processing or continues to the next processing step. Optionally, the action calls the named rule to handle the error condition. Without an on-error action, the default error handling is to stop processing and log a message.

A processing rule can contain one or more on-error actions. Each action defines error handling for subsequent actions until another on-error action is found. When another action is found, error-handling procedures are set to the new on-error action. As such, this action enables conditional error handling in a processing context.

Note: A processing policy can contain on-error actions and an error rule. When a processing policy contains both on-error actions and an error rule, the on-error action overrides the error rule. An error rule, if the processing policy contains one, is invoked when an error occurs during processing. In this case, the error rule acts as an error handler.

20. Why do you want to work for IBM?
Be specific. A lot of candidates make the mistake of generalizing about wanting to work for a ‘global information technology giant’, which could apply equally to IBM or any of its major competitors. You need to make sure your answer reflects your interest in IBM specifically and why you feel the company is the best fit for you. Think about what elements of the company culture appeal to you, or what kinds of projects you might get involved in. For example, are you impressed by IBM’s work to support equality for LGBT+ employees? Or are you interested in its work on artificial intelligence and machine learning?

21. How do you test your Datapower Services?
We can use SOAPUI to test the Datapower Services. 

22. Explain about your Roles and Responsibilities? Answer:

  • Gathering the requirements from Client
  • Preparing the Design Document
  • Presenting the Design document to Client for approval
  • Configuring the service in a Development environment
  • Testing and Troubleshooting of DP Services
  • Migrating the services from Dev to test and to the production environment

23. What Are The Weakness Of Symmetric Key Cryptography And What Is The Strength Of The Asymmetric Key Cryptography?

Symmetric key cryptography:

The biggest obstacle in successfully deploying a symmetric-key algorithm is the necessity for a proper exchange of private keys. This transaction must be completed in a secure manner. If the face-to-face meeting, which proves quite impractical in many circumstances when taking distance and time into account, cannot be possible to exchange private keys. If one assumes that security is a risk, to begin with, due to the desire for a secret exchange of data in the first place, the exchange of keys becomes further complicated.\

Another problem concerns the compromise of a private key. In symmetric-key cryptography, every participant has an identical private key. As the number of participants in a transaction increases, both the risk of compromise and the consequences of such a compromise increase dramatically. Each additional user adds another potential point of weakness that an attacker could take advantage of. If such an attacker succeeds in gaining control of just one of the private keys in this world, every user, whether there are hundreds of users or only a few, is completely compromised.

Both Symmetric and Asymmetric-key cryptography also has vulnerabilities to attacks such as the man in the middle attack. In this situation, a malicious third party intercepts a public key on its way to one of the parties involved. The third-party can then instead pass along his or her own public key with a message claiming to be from the original sender. An attacker can use this process at every step of an exchange in order to successfully impersonate each member of the conversation without any other parties having knowledge of this deception.
Asymmetric cryptography –More secure!

Asymmetric keys must be many times longer than keys in symmetric-cryptography in order to boost security. While generating longer keys in other algorithms will usually prevent a brute force attack from succeeding in any meaningful length of time, these computations become more computationally intensive. These longer keys can still vary in effectiveness depending on the computing power available to an attacker.

24. What is the Processing Rule?
Every DP service will have a processing policy and every policy will have processing rules.

Request rule to handle request messages
Response rule to handle response messages
Error Rule to handle error scenarios

25. What is the difference between object filter and event filter?
Object filters allow only those log messages for specific objects to be written to the specific log target. Object filters are based on object classes. With this filter, you can create a log target that collects only log messages generated by particular instances of the specified object classes.
Event Filter allows only those log messages that contain the configured event codes to be written to this log target. With this filter, it is possible to create a log target that collects only log messages for a specific set of event codes.

26. In the datapower file system, the logs are stored default in log temp?
True: log temp, the default location of log files, such as the system-wide default log.

27. What Is The Log Target Type For Sending The Logs To Email, What Is The Field Name That Has To Be Given A Value For Subject Representation Of An Email?
SMTP, forwards log entries as an email to the configured remote SNMP servers and email addresses. Before sending, the contents of the log can be encrypted or signed. The processing rate can be limited. 

28. What are the different modes of archival? Explain each mode in two lines each?
Rotate, rotate the log file when the maximum size is reached. The appliance creates a copy of the file and starts a new file. The appliance retains the archived copies up to the specified number of rotations. After reaching the maximum number of rotations and the log file reaches its maximum size, the appliance deletes the oldest file and copies the current file.

Upload, upload the log file when the maximum size is reached. The appliance uploads the file using the specified upload method. 

29. How do I collect a single log statement as alert as a mail when the object on which log target is enabled goes down or comes up?
It is done by setting up Event triggers. Event triggers perform actions only when triggered by a specified message ID or event code, in this case, the system goes up/down. With this filter, it is possible to create a log target that collects only the results of the specified trigger action. For example, to trigger the generation of an error report when a certain event occurs use the save error-report command and transfer to SMTP target format to send as an email alert.

30. What is a trust store?
A trust store contains certificates from other parties that we expect to communicate with, or from Certificate Authorities that we trust to identify other parties. For example, Google (chrome) contains a certificate of many companies or websites. Whenever we browse that site the browser automatically check the site for its certificate form the store and compare it. If it is true, Google will add the ‘s’ on ‘HTTP’. That way we know that the website is secured and trustworthy.

31. What is the difference between object type and object name and what happens when I keep the add referenced object option to ‘off’?
Object Type, specify the type of object. This filter restricts log messages to only those messages generated by the selected object.
Whereas, Object name specifies the name of an existing object of the selected type.
When the add referenced object option is turned ‘off’, the appliance generates no additional object filters anymore and includes events for only the specified object.

32. How Do You Gauge The Strength Of The Key, What Is The Parameter Used?
The algorithm should be known to the public, but the key needs to be confidential:

Key size
Performance/ Response time for Encryption or Decryption (depends on the system we use)
Mathematical proof for standardization of security provided by that algorithm
Who provided the certificate for the algorithm and the date of the expiration date.

33. What is Passthrough Service?
Pass through is basically accepting and sending a request to the back end without modifying it in Datapower

34. How do you handle Error scenarios?
We create an error rule in which we use a generic XSLT, which creates a fault message by reading the Service variables.

35. What’s the difference between an abstract class and an interface?
The best way to prepare is to look carefully at the job description for information about what kinds of skills will be relevant to the role and find out as much as possible about them. If, when you get to the interview, you’re asked something you don’t know, be honest about it – the interviewer will know if you’re trying to blag it.

36. What Is The Default Log Size In The Log Target? What Happens When That Log Size Is Reached?
When the log file reached the limit, the system will upload it to the FTP server and if it is successfully uploaded, the appliance will delete the log in the system to free space.

37. Give Three Popular Algorithms Used For Encryption?
Triple DES-uses three individual keys with 56 bits each. The total key length adds up to 168 bits, but experts would argue that 112-bits in key strength is more like it.
RSA- is a public-key encryption algorithm and the standard for encrypting data sent over the internet.
AES-it is extremely efficient in 128-bit form, AES also uses keys of 192 and 256 bits for heavy-duty encryption purposes.

38. Why did you choose your particular degree?
This focuses on your interests, career aspirations and the motivation behind them. If you studied something unrelated, such as geography, and have only chosen to look into the technology industry since starting university, explain what made you choose your degree originally and what made you decide to change your focus.

39. What is the default log size in the log target? What happens when that log size is reached?
When the log file reached the limit, the system will upload it to the FTP server and if it is successfully uploaded, the appliance will delete the log in the system to free space.

40. What is SLM and options available with that?

SLM has mainly 3 statements:

    • Throttle
    • Notify
    • Shape

I’m sure what they mean by code here. I think, in case of applications, export them from in DEC and deploy in TEST.

42. What is DataPower? How and why does an?
All DataPower Appliances are built on IBM’s XSeries 1U Chassis, which include hot-swappable Power, Disks, and Fans. DataPower Appliances contain many specialized hardware components, including ASIC-based IPS, Custom Encrypted RAID Drives, and Hardware Security Modules. Externally facing, all DataPower Appliances have 4 Ethernet ports and 1 Serial port.

DataPower Appliances operate a single digitally signed Firmware containing an operating system and application stack. Data Power’s firmware runs on a flash storage device. IBM refreshes and enhances the DataPower Firmware image every 10–20 weeks. DataPower firmware is a well-performing and highly optimized platform to perform electronic messaging functions. As a result, users cannot run 3rd party applications on DataPower as they would a traditional server and operating system. Instead of a traditional Filesystem, DataPower runs with a collection of isolated virtual File Systems called ‘Application Domains’. As a result, DataPower can appear to its client connections be any type of network file system with any type of folders and links.

Another purpose of DataPower’s firmware platform is security. The DataPower TCP and UDP network stack is expected to provide near-constant throughput under the most extreme and sophisticated DDoS and XSS network attacks.

43. What is Input injection and what are different ways of doing it?

Input Injection: It is the act of simulating user input, in several ways you can simulate user input.
Direct Method Invocation.

  • Invocation using an accessibility interface
  • Simulation using low-level input
  • Simulation using a device driver
  • Simulation using a robot

44. Explain About Extended Deployment?
Web sphere application server extended deployment increases the functionality of the server in two main areas they are manageability and performance. Dynamic virtualization between servers is possible with the help of XD. A stand-alone distributed cache was added to it under the performance header, it is known as Object Grid.

45. What About the Master Repository?
deployment manager contains the MASTER configuration and application files. All updates to the configuration files should go through the deployment manager.

Note: Browse latest Datapower Interview Questions and Datapower Tutorial Videos. Here you can check Datapower Training details and Datapower Training Videos for self learning. Contact +91 988 502 2027 for more information.

Leave a Comment

Scroll to Top