IBM DataPower Interview Questions and Answers

DataPower firmware is mostly used to perform electronic messaging functions. It can perform transformation and routing of messages as an enterprise service bus or protect web services interfaces and the architecture behind them from attacks. It helps to integrate any two applications by considering them as services.

1.What are the different services that have you used in Datapower?

Ans:

WebService Proxy, Multiprotocol gateway and XML Firewall

2. What are the components of a WSDL?

Ans:

• WSDL Definitions
• WSDL Types
• WSDL Message
• WSDP Port and Operation
• WSDL Binding

3. What actions have you used in the processing policy?

Ans:

• AAA       
• SLM       
• Match  
• Transform    
• Result       
• Sign    
• Verify    
• Encrypt    
• Decrypt 

4. What is SLM and options available with that?

Ans:

• SLM has mainly 3 statements
• Throttle
• Notify
• Shape

5. What is an XML Manager and why do we need it?

Ans:

• An XML Manager provides the following capabilities
• Basic network configuration, such as load balancing and accessing remote servers.
• It acts as an XML parser in order to provide XML Threat Protection
• It helps in implementing Caching
• To configure the User Agent

6. How do you test your Datapower Services?

Ans:

We can use SOAPUI to test the Datapower Services

7. What kind of troubleshooting have you done in datapower?

Ans:

• We use probe to capture the ongoingtransactions with respect to a service.
• We can also set the log level to debug mode in Troubleshooting Panel.
• We can make use of Log targets and Log Categories especially in Prod, as we are not supposed to enable the probe in production.
• We have a default log file under logtemp directory in the file management, which will have all the logs with respect to a domain
• If we have to customize the log files, we create log targets
• We can save the logs in a file on the DP Appliance itself under logstore or logtemp directory

8. What is a Processing Rule?

Ans:

Every DP service will have a processing policy and every policy will have processing rules.

• Request rule to handle request messages
• Response rule to handle response messages
• Error Rule to handle error scenarios

9. How do you Implement Dynamic Routing in Datapower?

Ans:

In case of a dynamic backend, we update all the backend URL’s in an xml file and we use a generic XSLT which will read the URL from the xml file based on certain customized conditions and we set the routing variable var://service/routing-url in the XSLT.

10. What is xsl:param ?

Ans:

The element is used to declare a local or global parameter. The parameter is global if it’s declared as a top-level element, and local if it’s declared within a template.

11. Difference between Copy and Copy-of?

Ans:

The element creates a copy of the current node.

Note: Namespace nodes of the current node are automatically copied as well, but child nodes and attributes of the current node are not automatically copied!

12. What is a Passthrough Service?

Ans:

Passthrough is basically accepting and sending a request to the backend without modifying it in Datapower

13. How do you handle Error scenarios?

Ans:

We create an error rule in which we use a generic XSLT, which creates a fault message by reading the Service variables

14. What is the advantage of Datapower over Message Broker?

Ans:

Message Broker Datapower

Integrating and leveraging the WebSphere MQ messaging infrastructure. Similar to Message Broker, DataPower can do any-to-any transformation (in theory, Yes. But in practice, you may need to use WebSphere Transformation Extender (WTX)).

Supports different protocols such as MQ, JMS, HTTP(S), Web Services, ftp, and convert one to the other. Supports almost every security protocols and different authentication/authorization schemas, such as Web Service security/policy, TLS/SSL, SAML, LDAP, RADIUS, etc.

Supports a wide range of data formats, including XML, binary (COBOL, C), positional/delimited, and industry formats (EDI, SWIFT), and convert one to the other. Provides field level security: WS-security down to the individual operation, encrypt & sign individual fields, nonrepudiation.

Provides a number of capabilities to customize mediation, including C/C++, ESQL, Java, XSLT, and PHP. Data validation, parsing and filtering, and meta data manipulation.

WebSphere Adapters for enterprise applications (SAP, PeopleSoft and Siebel). Transport level protocol conversions from any-to-any.

Offers z/OS clients platform-specific benefits (CICS, VSAM).

15. How do you migrate your services from one environment to another or how do you deploy your services from one environment to another?

Ans:

We have a support team who takes care of Service deployments. We take an export of the service which needs to be deployed and keep it in a secured server by doing FTP. Our support team has some scripts, which they execute in the server and does the deployment

We can also use Export and Import configuration along with the Deployment Policy

16. What is an on-error action in XI52?

Ans:

An on-error action defines a named rule that enables user-defined error handling when subsequent processing encounters errors. This topic instructs how to define an on-error action.

The on-error action either stops processing or continues to the next processing step. Optionally, the action calls the named rule to handle the error condition. Without an on-error action, the default error handling is to stop processing and log a message.

A processing rule can contain one or more on-error actions. Each action defines error handling for subsequent actions until another on-error action is found. When another action is found, error-handling procedures are set to the new on-error action. As such, this action enables conditional error handling in a processing context.

17. Explain about your Roles and Responsibilities?

Ans:

• Gathering the requirements from Client
• Preparing the Design Document
• Presenting the Design document to Client for approval
• Configuring the service in Development environment
• Testing and Troubleshooting of DP Services
• Migrating the services from Dev to test and to production environment

18. What is an Application Domain?

Ans:

An application domain allows the administrators to partition an appliance into multiple logical configurations.For example the developers and production employees environment is different

19. What are the different modes through which you can connect to Datapower?

Ans:

• GUI
• CLI
• XML-Management Interface

20. How to take secure backup?

Ans:

To securely back up the appliance configuration from the WebGUI:

• Click Administration => Main => System Control.
• Locate the Secure Backup section.
• From the Crypto certificate list, select the certificate to encrypt the secure backup.
• In the Destination field, enter the URL of the target directory for the backup files.
• Click Secure Backup to back up the appliance.

21.What is Multi Protocol Gateway in DataPower?

Ans:

A Multi–Protocol Gateway can accept client-originated messages in various protocols. The service can then pass messages to a remote server with various protocols. The protocol that the client uses does not need to be the same as the protocol that the remote server uses.

22.Is DataPower and API gateway?

Ans:

The DataPower API Gateway is a new gateway that has been designed with APIs in mind, and with the same security focus as DataPower Gateway (v5 compatible)

23.What does IBM produce?

Ans:

International Business Machines (IBM), is a global technology company that provides hardware, software, cloud-based services and cognitive computing. Founded in 1911 following the merger of four companies in New York State by Charles Ranlett Flint, it was originally called Computing-Tabulating-Recording Company.

24. Why Do We Need Logtarget When There Is Already A Default Logging Mechanism Available In Datapower?

Ans:

we want logtarget to seize messages which can be posted by the numerous objects and services which might be going for walks at the appliance. In order to get a particular event or/and item log information, we utilize logtargets.

25. How To I Collect A Single Log Statement As Alert As A Mail When The Object On Which Log Target Is Enables Goes Down Or Comes Up?

Ans:

It is executed by putting in place Event triggers.  Event triggers perform movements only whilst brought on by a detailed message ID or event code in this example the machine is 

going up/down. With this clear out, it is viable to create a log goal that collects only the outcomes of the required trigger motion. For example, to trigger the technology of an mistakes file while a positive event occurs use the save blunders-file command and transfer to SMTP goal format to send as an email alert.

26.What Is Cryptography? Why Do We Need It?

Ans:

Cryptography is to protect private conversation within the public international. For example,  entities looking to communicate – Ajitab and Mulu – are shouting their messages in a room

complete of people. Everyone can pay attention what they’re saying. The goal of cryptography is to guard this conversation so that most effective Ajitab and Mulu can apprehend the content material of the messages.

27. Why do we need a log target when there is already a default logging mechanism available in datapower?

Ans:

 we need a log target to capture messages that are posted by the various objects and services that are running on the appliance. In order to get a specific event or/and object log information, we utilize log targets.

28. Why Do We Need A Digital Signature?

Ans:

 Digital signatures act as a verifiable seal or signature to confirm the authenticity of the sender and the integrity of the message. Users who wish to verify their identity when sending a protected message can encrypt the information with their private key. The recipient can then decrypt the message with the sender’s public key in order to confirm the sender’s identity and the integrity of the message.

29. Who issues a certificate, explain in detail?

Ans:

 Certificate authorities act as trusted third parties that verify the identity of the sender of an encrypted message and issue digital certificates as evidence of authorization. These digital certificates contain the public key of the sender, which is then passed along to the intended recipient. The Certificate authorities do extensive background checks before giving an organization or a given individual a certificate.

30. When at work or on a project have you had to persuade someone to change their opinion or do something differently?

Ans:

 This is a variant on a traditional competency question and your example could tie into a number of their competencies, depending on its context – but it’s fair to say that this is testing your communication, teamwork, and drive. Although the question is asking for a time when you persuaded them, your interviewers will be more interested in how you persuaded them and whether your attempts were successful. Note that it asks for an example of work when on a project, which leads you to think of times when completing internships, part-time jobs or group coursework. However, you can be creative in how you define ‘project’ to bring in your extracurricular activities. Remember that a project can be defined as a discrete piece of work or set of tasks with a specific aim, with a start and end date. 

31. What is Input injection and what are different ways of doing it?

Ans:

Input Injection: It is the act of simulating user input, in several ways you can simulate user input.

Direct Method Invocation.

• Invocation using an accessibility interface
• Simulation using low-level input
• Simulation using a device driver
• Simulation using a robot

32. Explain About Extended Deployment?

Ans:

Web sphere application server extended deployment increases the functionality of the server in two main areas they are manageability and performance. Dynamic virtualization between servers is possible with the help of XD. A stand-alone distributed cache was added to it under the performance header, it is known as Object Grid.

33. What About the Master Repository?

Ans:

deployment manager contains the MASTER configuration and application files. All updates to the configuration files should go through the deployment manager.

34.What is front side handler in DataPower?

Ans:

Both front–side handlers forward the incoming message to the Multi-Protocol Gateway for processing and forwarding to the remote server. Unlike a Web Service Proxy service, a Multi-Protocol Gateway service cannot use a WSDL to determine a configuration.

35. What is the default log size in the logtarget? What happens when that log size is reached?

Ans:

 Log size: 500 kilobytes, When the log file reached the limit, the system will uploaded it to the FTP server and if it is successfully uploaded, the appliance will delete the log in the system to free space.

36. What is MPGW?

Ans:

MPGW. The Multi-Protocol Gateway is a powerful and versatile service. In additional to threat protection and document processing capabilities, the Multi-Protocol Gateway can process requests between various protocols.

37. What is IBM DataPower used for?

Ans:

DataPower firmware is mostly used to perform electronic messaging functions. It can perform transformation and routing of messages as an enterprise service bus or protect web services interfaces and the architecture behind them from attacks. It helps to integrate any two applications by considering them as services.

38.What is DataPower Gateway?

Ans:

IBM DataPower Gateway is the world’s most secure DMZ-ready gateway. It provides security, integration, control and optimized access to a full range of web, API, mobile, SOA, cloud, mobile, and B2B workloads.

39. What is xsl: param?

Ans:

The element is used to declare a local or global parameter. The parameter is global if it’s declared as a top-level element, and local if it’s declared within a template.

40. Difference between Apply-template and Call-template?

Ans:

The element applies a template to the current element or to the current element’s child nodes.

If we add a select attribute to the element it will process only the child element that matches the value of the attribute. We can use the select attribute to specify the order in which the child nodes are processed.

The element calls a named template.

Note: In terms of raw performance xsl: call-template is likely to be faster, as you are calling a specifically named template, rather than telling the XSLT processor to pick the template which best matches

With call-template, you have to know what you’re calling. apply-templates is polymorphic – what gets called depends on what you find in the input, which means it is the key feature that enables XSLT to respond to variable or unpredictable input – essential when handling documents as distinct from structured data.

apply-templates is usually (but not necessarily) used to process all or a subset of children of the current node with all applicable templates. This supports the recursiveness of XSLT application which is matching the (possible) recursiveness of the processed XML.

call-template, on the other hand, is much more like a normal function call. You execute exactly one (named) template, usually with one or more parameters.

41. What are the Datapower Variables?

Ans:

•  A local context variable in the default (current) context.
• The local context does not persist beyond the scope of the transaction. A transaction can include both a request component and a response component. The local context cannot be accessed by any object outside the scope of the transaction. In other words, a service cannot read and use the variable.
• Addresses a variable in a named context.
• Service – mention any service variable forex : var://service/routing-URL, var://service/error-code, var://service/URL-in
• Addresses a variable that is made available to a DataPower service that is attached to a session. 

42. Why do you want to work for IBM?

Ans:

Be specific. A lot of candidates make the mistake of generalizing about wanting to work for a ‘global information technology giant’, which could apply equally to IBM or any of its major competitors. You need to make sure your answer reflects your interest in IBM specifically and why you feel the company is the best fit for you. Think about what elements of the company culture appeal to you, or what kinds of projects you might get involved in. For example, are you impressed by IBM’s work to support equality for LGBT+ employees? Or are you interested in its work on artificial intelligence and machine learning?

43. What Are The Weakness Of Symmetric Key Cryptography And What Is The Strength Of The Asymmetric Key Cryptography?

Ans:

Symmetric key cryptography:–

The biggest obstacle in successfully deploying a symmetric-key algorithm is the necessity for a proper exchange of private keys. This transaction must be completed in a secure manner. If the face-to-face meeting, which proves quite impractical in many circumstances when taking distance and time into account, cannot be possible to exchange private keys. If one assumes that security is a risk, to begin with, due to the desire for a secret exchange of data in the first place, the exchange of keys becomes further complicated.

Another problem concerns the compromise of a private key. In symmetric-key cryptography, every participant has an identical private key. As the number of participants in a transaction increases, both the risk of compromise and the consequences of such a compromise increase dramatically. Each additional user adds another potential point of weakness that an attacker could take advantage of. If such an attacker succeeds in gaining control of just one of the private keys in this world, every user, whether there are hundreds of users or only a few, is completely compromised.

Both Symmetric and Asymmetric-key cryptography also has vulnerabilities to attacks such as the man in the middle attack. In this situation, a malicious third party intercepts a public key on its way to one of the parties involved. The third-party can then instead pass along his or her own public key with a message claiming to be from the original sender. An attacker can use this process at every step of an exchange in order to successfully impersonate each member of the conversation without any other parties having knowledge of this deception.

44. What is the Processing Rule?

Ans:

Every DP service will have a processing policy and every policy will have processing rules.

• Request rule to handle request messages
• Response rule to handle response messages
• Error Rule to handle error scenarios

45. What is the difference between object filter and event filter?

Ans:

Object filters allow only those log messages for specific objects to be written to the specific log target. Object filters are based on object classes. With this filter, you can create a log target that collects only log messages generated by particular instances of the specified object classes.

Event Filter allows only those log messages that contain the configured event codes to be written to this log target. With this filter, it is possible to create a log target that collects only log messages for a specific set of event codes.

46. In the datapower file system, the logs are stored default in log temp?

Ans:

True: log temp, the default location of log files, such as the system-wide default log.

47. What Is The Log Target Type For Sending The Logs To Email, What Is The Field Name That Has To Be Given A Value For Subject Representation Of An Email?

Ans:

SMTP, forwards log entries as an email to the configured remote SNMP servers and email addresses. Before sending, the contents of the log can be encrypted or signed. The processing rate can be limited. 

48. What are the different modes of archival? Explain each mode in two lines each?

Ans:

Rotate, rotate the log file when the maximum size is reached. The appliance creates a copy of the file and starts a new file. The appliance retains the archived copies up to the specified number of rotations. After reaching the maximum number of rotations and the log file reaches its maximum size, the appliance deletes the oldest file and copies the current file.

49. How do I collect a single log statement as alert as a mail when the object on which log target is enabled goes down or comes up?

Ans:

 It is done by setting up Event triggers. Event triggers perform actions only when triggered by a specified message ID or event code, in this case, the system goes up/down. With this filter, it is possible to create a log target that collects only the results of the specified trigger action. For example, to trigger the generation of an error report when a certain event occurs use the save error-report command and transfer to SMTP target format to send as an email alert.

50. What is a trust store?

Ans:

A trust store contains certificates from other parties that we expect to communicate with, or from Certificate Authorities that we trust to identify other parties. For example, Google (chrome) contains a certificate of many companies or websites. Whenever we browse that site the browser automatically check the site for its certificate form the store and compare it. If it is true, Google will add the ‘s’ on ‘HTTP’. That way we know that the website is secured and trustworthy.

51. What is the difference between object type and object name and what happens when I keep the add referenced object option to ‘off’?

Ans:

Object Type, specify the type of object. This filter restricts log messages to only those messages generated by the selected object.

Whereas, Object name specifies the name of an existing object of the selected type.

When the add referenced object option is turned ‘off’, the appliance generates no additional object filters anymore and includes events for only the specified object.

52. How Do You Gauge The Strength Of The Key, What Is The Parameter Used?

Ans:

The algorithm should be known to the public, but the key needs to be confidential:

• Key size
• Performance/ Response time for Encryption or Decryption (depends on the system we use)
• Mathematical proof for standardization of security provided by that algorithm
• Who provided the certificate for the algorithm and the date of the expiration date.

53. What is Passthrough Service?

Ans:

Pass through is basically accepting and sending a request to the back end without modifying it in Datapower

54. What’s the difference between an abstract class and an interface?

Ans:

The best way to prepare is to look carefully at the job description for information about what kinds of skills will be relevant to the role and find out as much as possible about them. If, when you get to the interview, you’re asked something you don’t know, be honest about it – the interviewer will know if you’re trying to blag it.

55. What Is The Default Log Size In The Log Target? What Happens When That Log Size Is Reached?

Ans:

 When the log file reached the limit, the system will upload it to the FTP server and if it is successfully uploaded, the appliance will delete the log in the system to free space.

56. Give Three Popular Algorithms Used For Encryption?

Ans:

Triple DES-uses three individual keys with 56 bits each. The total key length adds up to 168 bits, but experts would argue that 112-bits in key strength is more like it.

RSA- is a public-key encryption algorithm and the standard for encrypting data sent over the internet.

AES-it is extremely efficient in 128-bit form, AES also uses keys of 192 and 256 bits for heavy-duty encryption purposes.

57. Why did you choose your particular degree?

Ans:

This focuses on your interests, career aspirations and the motivation behind them. If you studied something unrelated, such as geography, and have only chosen to look into the technology industry since starting university, explain what made you choose your degree originally and what made you decide to change your focus.

58. How to move code dev environment to testing environment?

Ans:

I’m sure what they mean by code here. I think, in case of applications, export them from in DEC and deploy in TEST.

59. What is DataPower? How and why does an?

Ans:

All DataPower Appliances are built on IBM’s XSeries 1U Chassis, which include hot-swappable Power, Disks, and Fans. DataPower Appliances contain many specialized hardware components, including ASIC-based IPS, Custom Encrypted RAID Drives, and Hardware Security Modules. Externally facing, all DataPower Appliances have 4 Ethernet ports and 1 Serial port.

DataPower Appliances operate a single digitally signed Firmware containing an operating system and application stack. Data Power’s firmware runs on a flash storage device. IBM refreshes and enhances the DataPower Firmware image every 10–20 weeks. DataPower firmware is a well-performing and highly optimized platform to perform electronic messaging functions. As a result, users cannot run 3rd party applications on DataPower as they would a traditional server and operating system. Instead of a traditional Filesystem, DataPower runs with a collection of isolated virtual File Systems called ‘Application Domains’. As a result, DataPower can appear to its client connections be any type of network file system with any type of folders and links.

Another purpose of DataPower’s firmware platform is security. The DataPower TCP and UDP network stack is expected to provide near-constant throughput under the most extreme and sophisticated DDoS and XSS network attacks.