25+ IBM [ DataPower ] Interview Questions & Answers [ STEP-IN ]
IBM DataPower Interview Questions and Answers

25+ IBM [ DataPower ] Interview Questions & Answers [ STEP-IN ]

Last updated on 04th Jul 2020, Blog, Interview Questions

About author

Ajith (Lead Data Engineer - Director Level )

(5.0) | 15212 Ratings 9858

IBM DataPower® Gateway helps organizations meet the security and integration needs of a digital business in a single multi-channel gateway. It provides security, control, integration and optimized access to a full range of mobile, web, application programming interface (API), service-oriented architecture (SOA), B2B and cloud workloads.The new DataPower Gateway IDG X2 physical appliance delivers up to 2X the performance of IBM DataPower Gateway (IDG) with next generation hardware architecture. It also provides a flash drive with 2X higher capacity than IDG and 2X 10GbE network ports. IDG X2 accelerates application responsiveness and increases workload capacity, which is critical for higher performance and/or for running additional tenants with governance and a lower TCO.

1) What are the different services that have you used in Datapower?


WebService Proxy, Multiprotocol gateway and XML Firewall

2) Difference between WSP and MPGW?


Web Service Proxy is a powerful service in DataPower which provides abstraction and security to the backend web services .It provide access to variety of web services.

WSP has many important characteristics like

  • WSP is a WSDL Based Configuration
  • Parser-based XML threat protection
  • XML well-formedness checking
  • It has a Tree structure in Processing Policy and we can have processing rules at different levels – Proxy, WSDL, Service, Port and Port-Operation levels
  • We Cannot have a loop back mode in WSP
  • Match action and Policy will be automatically created
  • It can only Handle SOAP based message format
  • URI abstraction
  • Schema Validation
  • Building operation level rules.


The Multi-Protocol Gateway is a powerful and versatile service. In additional to threat protection and document processing capabilities, the Multi-Protocol Gateway can process requests between various protocols. The supported protocols are HTTP,HTTPS, WebSphere MQ, WebSphere JMS, IMS™, FTP, NFS, SFTP, and TIBCO EMS.

A single Multi-Protocol Gateway can have multiple front-side handlers that listen or poll for requests. The ability of configuring multiple front-side handlers allows a Multi-Protocol Gateway to receive requests from different protocols. For example, a

Multi-Protocol Gateway can have one front-side handler listening for HTTP requests and another handler polling a WebSphere MQ queue for messages. Both front-side handlers forward the incoming message to the Multi-Protocol Gateway for processing and forwarding to the remote server.

Unlike a Web Service Proxy service, a Multi-Protocol Gateway service cannot use a WSDL to determine a configuration.

  • MPGW can accept all kinds of message formats like XML, SOAP,NON-XML,JSON
  • It can accept all kinds of protocols as well
  • We need to manually configure a match action and Processing policy
  • We have a loopback mode in MPGW

3) What are the components of a WSDL?


  • WSDL Definitions
  • WSDL Types
  • WSDL Message
  • WSDP Port and Operation
  • WSDL Binding

4) What actions have you used in the processing policy?


  • AAA
  • SLM
  • Match
  • Transform
  • Result
  • Sign
  • Verify
  • Encrypt
  • Decrypt

5) What is SLM and options available with that?


SLM has mainly 3 statements

  • Throttle
  • Notify
  • Shape

6) What are the Security features that you have enabled in Datapower?


  • SSL Proxy Profile or Transport Layer Security
  • Forward
  • Reverse
  • Two-way
  • When DataPower Acts as Server

Create SSL proxy profile by following the steps shown below , it can be referred in any Front side handler that supports SSL(Example HTTPS)

  • When DataPower Acts as Client
  • Upload certificate shared by server in cert/pubcert directory of Datapower File Management.
  • Create SSL proxy profile as shown below.This can be either referred in proxy settings or set dynamically using routing-ssl-profile variable
  • Server to which Datapower acts as client will share its certificate to Datapower (Client).
  • Using certificate shared, a crypto certificate object is created.
  • Crypto Validation credentials created using crypto certificate object will be included in crypto profile.
  • Crypto profile created will be used in Datapower as SSL proxy profile
  • TWO-WAY-SSL-Proxy-Profile :

A TWO-WAY-SSL-Proxy-Profile contains two crypto profiles one refers crypto validation credentials evaluated in response (Datapower as client to Backend) and other one refers crypto Identification credentials used in request flow(When Datapower acts as  SSL server to front end systems)

  • Message Level Security by Using AAA

AAA – Authentication Authorization and Auditing

AAA can be implemented in various ways like Digital Signature Method, LDAP Authentication and AAAInfo.xml file

AAA has mainly 5 steps:

  1. How to Extract the User’s identity from an incoming request
  2. How to Authenticate the User
  • How to Extract the Resources
  1. How to Authorize the User
  2. Auditing
  • Digital Signature Method
  • Client/Consumer will be using their own Private Key to digitally sign a message and sends to Datapower.
  • Client/Consumer will be sharing their public Certificate to Datapower, which we upload into Cert folder under File Management and Create a Crypto Certificate.
  • The Created Crypto Certificate object will be used inside Crypto Validation Credentials
  • LDAP Method
  • Client/Consumer will be sending the username token and password as part of WS-Security Header.
  • We extract the Header and Send it to LDAP Server for Authentication purpose
  • xml Method
  • Client/Consumer will be sending the username token and password as part of WS-Security Header
  • We extract the Header and verify the same in the AAAinfo.xml file for Authentication purpose

7) What is an XML Manager and why do we need it?


An XML Manager provides the following capabilities

  • Basic network configuration, such as load balancing and accessing remote servers.
  • It acts as an XML parser in order to provide XML Threat Protection
  • It helps in implementing Caching
  • To configure the User Agent

8) How do you test your Datapower Services?


We can use SOAPUI to test the Datapower Services

9) What kind of troubleshooting have you done in datapower?


  • We use probe to capture the ongoingtransactions with respect to a service.
  • We can also set the log level to debug mode in Troubleshooting Panel.
  • We can make use of Log targets and Log Categories especially in Prod, as we are not supposed to enable the probe in production.
  • We have a default log file under logtemp directory in the file management, which will have all the logs with respect to a domain
  • If we have to customize the log files, we create log targets
  • We can save the logs in a file on the DP Appliance itself under logstore or logtemp directory
  • We can also save the logs in an external server.

10) What is a Processing Rule?


Every DP service will have a processing policy and every policy will have processing rules.

  • Request rule to handle request messages
  • Response rule to handle response messages
  • Error Rule to handle error scenarios

11) How do you Implement Dynamic Routing in Datapower?


In case of a dynamic backend, we update all the backend URL’s in an xml file and we use a generic XSLT which will read the URL from the xml file based on certain customized conditions and we set the routing variable var://service/routing-url in the XSLT.

12) Have you worked on XSLT Coding? If so, rate yourself in the scale of 1-10


Yes.  I would rate myself as 6-7

13) What is xsl:param ?


The <xsl:param> element is used to declare a local or global parameter. The parameter is global if it’s declared as a top-level element, and local if it’s declared within a template.

  • <xsl:param name=”name” select=”expression”>
  • <!–Content:template –>
  • </xsl:param>

14) Difference between Apply-template and Call-template?


The <xsl:apply-templates> element applies a template to the current element or to the current element’s child nodes.

If we add a select attribute to the <xsl:apply-templates> element it will process only the child element that matches the value of the attribute. We can use the select attribute to specify the order in which the child nodes are processed.

The <xsl:call-template> element calls a named template.

  • <xsl:call-template name=”templatename”>
  • <!–Content:xsl:with-param* –>
  • </xsl:call-template>
  • Note:
  • In terms of raw performance xsl:call-template is likely to be faster, as you are calling a specific named template, rather than telling the XSLT processor to pick the template which best matches
  • With call-template you have to know what you’re calling. apply-templates is polymorphic – what gets called depends on what you find in the input, which means it is the key feature that enables XSLT to respond to variable or unpredictable input – essential when handling documents as distinct from structured data.
  • apply-templates is usually (but not necessarily) used to process all or a subset of children of the current node with all applicable templates. This supports the recursiveness of XSLT application which is matching the (possible) recursiveness of the processed XML.
  • call-template on the other hand is much more like a normal function call. You execute exactly one (named) template, usually with one or more parameters.

15) Difference between Copy and Copy-of?


The <xsl:copy> element creates a copy of the current node.

Note: Namespace nodes of the current node are automatically copied as well, but child nodes and attributes of the current node are not automatically copied!

The <xsl:copy-of> element creates a copy of the current node.

Note: Namespace nodes, child nodes, and attributes of the current node are automatically copied as well!

16) What are the Datapower Variables?


Local – var://local/userdefinedname

A local context variable in the default (current) context.

The local context does not persist beyond the scope of the transaction. A transaction can include both a request component and a response component. The local context cannot be accessed by any object outside the scope of the transaction. In other words, a service cannot read and use the variable.

Context – var://context/contextdefinition/userdefinedname

Addresses a variable in a named context.

Service – mention any service variable for ex :  var://service/routing-url,  var://service/error-code, var://service/url-in

Addresses a variable that is made available to a DataPower service that is attached to a session.

17) What is a Passthrough Service?


Passthrough is basically accepting and sending a request to the backend without modifying it in Datapower

18) How do you handle Error scenarios?

We create an error rule in which we use a generic XSLT, which creates a fault message by reading the Service variables

  • <?xml version=”1.0″ encoding=”UTF-8″?>
  • <xsl:stylesheetxmlns:xsl=”http://www.w3.org/1999/XSL/Transform”
  • xmlns:dp=”http://www.datapower.com/extensions”
  • xmlns:dpconfig=”http://www.datapower.com/param/config”
  • xmlns:dpfunc=”http://www.datapower.com/extensions/functions”
  • exclude-result-prefixes=”dp”
  • extension-element-prefixes=”dpdpconfigdpfunc”
  • version=”1.0″>
  • <xsl:template match=”/”>
  • <xsl:variable name=”rejected”>
  • <env:Envelope
  • xmlns:env=”http://schemas.xmlsoap.org/soap/envelope/”>
  • <env:Body>
  • <env:Fault>
  • <faultcode>env:Client</faultcode>
  • <faultstring>
  • <xsl:element name=”error_headers”>
  • <xsl:copy-of select=”dp:variable(‘var://service/error-headers’)”/>
  • </xsl:element>
  • <xsl:element name=”error_message”>
  • <xsl:copy-of select=”dp:variable(‘var://service/error-message’)” />
  • </xsl:element>
  • <xsl:element name=”transaction_id”>
  • <xsl:value-of select=”dp:variable(‘var://service/transaction-id’)”/>
  • </xsl:element>
  • <xsl:element name=”error_code”>
  • <xsl:value-of select=”dp:variable(‘var://service/error-code’)”/>
  • </xsl:element>
  • <xsl:element name=”error_subcode”>
  • <xsl:value-of select=”dp:variable(‘var://service/error-subcode’)”/>
  • </xsl:element>
  • <xsl:element name=”formatted_error_msg”>
  • <xsl:value-of select=”dp:variable(‘var://service/formatted-error-message’)”/>
  • </xsl:element>
  • <xsl:element name=”error_protocol_reason_phrase”>
  • <xsl:value-of select=”dp:variable(‘var://service/error-protocol-reason-phrase’)”/>
  • </xsl:element>
  • </faultstring>
  • </env:Fault>
  • </env:Body>
  • </env:Envelope>
  • </xsl:variable>
  • <xsl:copy-of select=”$rejected”/>
  • </xsl:template>
  • </xsl:stylesheet>

19) Have you worked on Datapower Extension functions? If so, can you please name some of them?



Whenever we need to use DP EXTN Functions, we always need to declare the below namespace.


  • dp:set-variable:
  • <dp:set-variable name=”variableName”  value=”variableValue”/>
  • dp:reject :

The appliance sends the denial message to the client in a SOAP fault message. Also stops document processing and optionally invokes the error rule for custom error handling

  • <dp:reject override=”true | false”>


  • </dp:reject>
  • dp:set-http-request-header :
  • <dp:set-http-request-header name=”httpHeaderField”
  • value=”httpHeaderFieldValue”/>

If a client request already includes the field identified by the name attribute, thisextension element overwrites the specified header field value in the client request.

If the header field does not exist, this extension function adds the specified name and value to the client request.

20) What is the advantage of Datapower over Message Broker?


Message BrokerDatapower
Integrating and leveraging the WebSphere MQ messaging infrastructure.Similar to Message Broker, DataPower can do any-to-any transformation (in theory, Yes. But in practice, you may need to use WebSphere Transformation Extender (WTX)).
Supports different protocols such as MQ, JMS, HTTP(S), Web Services, ftp, and convert one to the other.Supports almost every security protocols and different authentication/authorization schemas, such as Web Service security/policy, TLS/SSL, SAML, LDAP, RADIUS, etc.
Supports a wide range of data formats, including XML, binary (COBOL, C), positional/delimited, and industry formats (EDI, SWIFT), and convert one to the other.Provides field level security: WS-security down to the individual operation, encrypt & sign individual fields, nonrepudiation.
Provides a number of capabilities to customize mediation, including C/C++, ESQL, Java, XSLT, and PHP.Data validation, parsing and filtering, and meta data manipulation.
WebSphere Adapters for enterprise applications (SAP, PeopleSoft and Siebel).Transport level protocol conversions from any-to-any.
Offers z/OS clients platform-specific benefits (CICS, VSAM).

    Subscribe For Free Demo

    21) How do you migrate your services from one environment to another or how do you deploy your services from one environment to another?


    We have a support team who takes care of Service deployments. We take an export of the service which needs to be deployed and keep it in a secured server by doing FTP. Our support team has some scripts, which they execute in the server and does the deployment

    We can also use Export and Import configuration along with the Deployment Policy

    22) What is an on-error action in XI52?


    An on-error action defines a named rule that enables user-defined error handling when subsequent processing encounters errors. This topic instructs how to define an on-error action.

    The on-error action either stops processing or continues to the next processing step. Optionally, the action calls the named rule to handle the error condition. Without an on-error action, the default error handling is to stop processing and log a message.

    A processing rule can contain one or more on-error actions. Each action defines error handling for subsequent actions until another on-error action is found. When another action is found, error-handling procedures are set to the new on-error action. As such, this action enables conditional error handling in a processing context.

    Note: A processing policy can contain on-error actions and an error rule. When a processing policy contains both on-error actions and an error rule, the on-error action overrides the error rule. An error rule, if the processing policy contains one, is invoked when an error occurs during processing. In this case, the error rule acts as an error handler.

    23)  Explain about your Roles and Responsibilities?


    • Gathering the requirements from Client
    • Preparing the Design Document
    • Presenting the Design document to Client for approval
    • Configuring the service in Development environment
    • Testing and Troubleshooting of DP Services
    • Migrating the services from Dev to test and to production environment

    24) What is an Application Domain?


    An application domain allows the administrators to partition an appliance into multiple logical configurations.For example the developers and production employees environment is different

    25) What are the different modes through which you can connect to Datapower?


    • GUI
    • CLI
    • XML-Management Interface

    26) How to take secure backup?


    • To securely back up the appliance configuration from the WebGUI:
    • Click Administration => Main => System Control.
    • Locate the Secure Backup section.
    • From the Crypto certificate list, select the certificate to encrypt the secure backup.
    • In the Destination field, enter the URL of the target directory for the backup files.
    • Click Secure Backup to back up the appliance.

    27) What is the difference between object filter and event a filter?


    Object filters allow only those log messages for specific objects to be written to the specific log target. Object filters are based on object classes. With this filter, you can create a log target that collects only log messages generated by particular instances of the specified object classes.

    Event Filter allows only those log messages that contain the configured event codes to be written to this log target. With this filter, it is possible to create a log target that collects only log messages for a specific set of event codes.

    28) What Is A Trust Store?


    A trust store contains certificates from other parties that we expect to communicate with, or from Certificate Authorities that we trust to identify other parties. For example, Google (chrome) contains a certificate of many companies or websites. Whenever we browse that site the browser automatically check the site for its certificate form the store and compare it. If it is true, Google will add the ‘s’ on ‘HTTP’. That way we know that the website is secured and trustworthy.

    29) What is API testing with the run scope ? 3. What is API testing with the run scope? at is API testing with the run scope?


    Runscope is a web application that provides backend services and easy to use interface for testing APIs.

    30) What Is Cryptography?


    Cryptography is to protect private communication in the public world. For example, two entities wanting to communicate – Ajitab and Mulu – are shouting their messages in a room full of people. Everyone can hear what they are saying. The goal of cryptography is to protect this communication so that only Ajitab and Mulu can understand the content of the messages. (online training institute)

    Course Curriculum

    Enroll in JOB Oriented IBM Datapower Training By Certified Experts

    • Instructor-led Sessions
    • Real-life Case Studies
    • Assignments
    Explore Curriculum

    31)  Why do we need a log target when there is already a default logging mechanism available in DataPower?


    we need a log target to capture messages that are posted by the various objects and services that are running on the appliance. In order to get a specific event or/and object log information, we utilize log targets.

    32) Explain API framework?


    API framework is self-explanatory. Values for a test run and for holding the configurable parts, the config file is used. Automated test cases must represent in “ parse-table” format within the config file. When testing API, it is not necessary to test each API so the config file has some section whose all API is activated for that specific run.

    33) How does the API Builder work?


    API Builder is a PLSQL program consists of four SQL files

    For setting API parameters and starting the process one file is responsible

    Two files are created for temporary tables and Master package to create the outputted code

    The fourth file creates “spooled” output of the code into a file called “output_script_.sql”

    34) What About Plug-in?


    plug-in is one of the modules it interfaces between the application server and web server, the plug-in process receives the request from the client first. If the request is for dynamic content, the plug-in diverts the request to the WebSphere application server. If the request is for static content, the plug-in forwards it to the Http server.

    35) What Is The Global Security?


    It provides the authentication and authorization for the Websphere application server domain (administration client or console).

    36) How do I collect a single log statement as alert as a mail when the object on which log target is enabled goes down or comes up?


    It is done by setting up Event triggers. Event triggers perform actions only when triggered by a specified message ID or event code, in this case, the system goes up/down. With this filter, it is possible to create a log target that collects only the results of the specified trigger action. For example, to trigger the generation of an error report when a certain event occurs use the save error-report command and transfer to SMTP target format to send as an email alert.

    37) Why do we need it?


    We need cryptography to share information confidentially which is ensuring the secrecy of communication

    Authentication – Ajitabh can sign his message and Mulu can verify that he sent it based on his signature

    Integrity checking -Mulu can generate a checksum of the message. Ajit can either extract it from the message or recalculate it and verify that the message has not been changed.

    Non-repudiation – if Ajitabh signs the message he cannot deny later that he sent it, because no one else could generate that same signature/private key.

    38) Explain what are the principles of API test design?


    The principle for API test design is

    Setup: Create objects, start services, initialize data, etc

    Execution: Steps to exercise API or scenario, also logging

    Verification: Oracles to evaluate execution outcome

    Reporting: Pass, failed or blocked

    Clean up: Pre-test state

    39) What is the weakness of symmetric key cryptography and what is the strength of the asymmetric key cryptography?


    Symmetric key cryptography–

    – The biggest obstacle in successfully deploying a symmetric-key algorithm is the necessity for a proper exchange of private keys. This transaction must be completed in a secure manner. If the face-to-face meeting, which proves quite impractical in many circumstances when taking distance and time into account, cannot be possible to exchange private keys. If one assumes that security is a risk, to begin with, due to the desire for a secret exchange of data in the first place, the exchange of keys becomes further complicated.

    – Another problem concerns the compromise of a private key. In symmetric-key cryptography, every participant has an identical private key. As the number of participants in a transaction increases, both the risk of compromise and the consequences of such a compromise increase dramatically. Each additional user adds another potential point of weakness that an attacker could take advantage of. If such an attacker succeeds in gaining control of just one of the private keys in this world, every user, whether there are hundreds of users or only a few, is completely compromised.

    – Both Symmetric and Asymmetric-key cryptography also has vulnerabilities to attacks such as the man in the middle attack. In this situation, a malicious third party intercepts a public key on its way to one of the parties involved. The third-party can then instead pass along his or her own public key with a message claiming to be from the original sender. An attacker can use this process at every step of an exchange in order to successfully impersonate each member of the conversation without any other parties having knowledge of this deception.

    40) Asymmetric cryptography –More secure?


    Asymmetric keys must be many times longer than keys in symmetric-cryptography in order to boost security. While generating longer keys in other algorithms will usually prevent a brute force attack from succeeding in any meaningful length of time, these computations become more computationally intensive. These longer keys can still vary in effectiveness depending on the computing power available to an attacker.

    41) Explain all MQ API calls. (Not just the calls but explain them) ?


    –> MQCONN….it will connect to the queue manager

    –> MQOPEN…..it will open the queue manager

    –> MQPUT/GET/INQ….it is to put the message, to get the message and to inquire message,

    –> MQCLOSE…….to close the connection,

    –> MQDIS………to disconnect.

    42) What are the tools used for API test automation?


    While testing Unit and API testing, both target source code, if an API method is using code based on .NET then the tool which is supporting should have .NET

    Automation tools for API testing can be used are

    NUnit for .NET

    JUnit for Java

    HP UFT

    Soap UI

    43) In API document explain how to document each function? What are the tools used for documentation?


    Description: Small description of what a function does

    Syntax: Syntax about the parameter of the code, the sequence in which they occur, required and optional elements, etc.

    Parameters: Functions parameters

    Error Messages: Syntax of error messages

    Example Code: Small snippet of code

    Related Links: Related functions

    44) What is the default log size in the log target? What happens when that log size is reached?


    Log size: 500 kilobytes,

    When the log file reached the limit, the system will upload it to the FTP server and if it is successfully uploaded, the appliance will delete the log in the system to free space.

    45) What Is The Application Server?


    The application server provides a runtime environment in which to deploy, manage, and run j2ee applications.

    46) Who issues a certificate, explain in detail?


    Certificate authorities act as trusted third parties that verify the identity of the sender of an encrypted message and issue digital certificates as evidence of authorization. These digital certificates contain the public key of the sender, which is then passed along to the intended recipient. The Certificate authorities do extensive background checks before giving an organization or a given individual a certificate.

    47) Application Installed But Not Working. What Are Troubleshooting Step?


    see JVM & the application is up, check the plugin-cfg.xml file for the root context used by the web application if it does not exist generate plugin and restart the webserver.

    48) How do you gauge the strength of the key, what is the parameter used?


    The algorithm should be known to the public, but the key needs to be confidential

    1. Key size

    2. Performance/ Response time for Encryption or Decryption (depends on the system we use)

    3. Mathematical proof for standardization of security provided by that algorithm

    4. Who provided the certificate for the algorithm and the date of the expiration date.

    49) Explain what is TestApi?


    TestApi is a library of utility and test APIs that enables testers and developers to create testing tools and automated tests for .NET and Win32 application. It provides a set of common test building blocks, types, data-structure and algorithms.

    50) What is Input injection and what are different ways of doing it?


    Input Injection: It is the act of simulating user input, in several ways you can simulate user input.

    • Direct Method Invocation
    • Invocation using an accessibility interface
    • Simulation using low-level input
    • Simulation using a device driver
    • Simulation using a robot
    Course Curriculum

    Get Certification Oriented IBM Datapower Course with In-Depth Practical

    Weekday / Weekend BatchesSee Batch Details

    51) What are the common tests performed on APIs?


    • The common tests performed on API’s
    • Verification of the API whether it is updating any data structure
    • Verify if the API does not return anything
    • Based on input conditions, returned values from the API’s are checked
    • Verification of the API whether it triggers some other event or calls another API.

    52) What is the difference between object type and object name and what happens when I keep the add referenced object option to ‘off’?


    Object Type, specify the type of object. This filter restricts log messages to only those messages generated by the selected object.

    Whereas, Object name specifies the name of an existing object of the selected type.

    When the add referenced object option is turned ‘off’, the appliance generates no additional object filters anymore and includes events for only the specified object.

    53) What Is The Log Target Type For Sending The Logs To Email, What Is The Field Name That Has To Be Given A Value For Subject Representation Of An Email?


    SMTP, forwards log entries as an email to the configured remote SNMP servers and email addresses. Before sending, the contents of the log can be encrypted or signed. The processing rate can be limited.

    54) Mention the key difference between UI level testing and API testing?


    UI ( User Interface) refers to testing graphical interface such as how the user interacts with the applications, testing application elements like fonts, images, layouts, etc. UI testing basically focuses on look and feel of an application.

    While API enables communication between two separate software systems. A software system implementing an API contains functions or sub-routines that can be executed by another software system.

    55) Explain what is REST API?


    It is a set of functions to which the developers performs requests and receive responses. In REST API interaction is made via HTTP protocol

    REST – stands for Representational State Transfer, it is quickly becoming defacto standard for API creation.



    First, look at the logs for errors. If you find the error, save the logs and start ur application. Then start to troubleshoot.

    If no error found, run a trace and look for FFDC, etc..



    it will be under Enterprise applications ->app name -> startup behavior ->Startup order in the admin console

    58) What Is The Difference Between Web Server And Application Server?


    Web server serves pages for viewing in a web browser, the application server provides exposes business logic for client applications through various protocols

    Web server exclusively handles https requests. application server serves business logic to application programs through any number of protocols.

    Web server delegation model is fairly simple when the request comes into the webserver, it simply passes the request to the program best able to handle it(Server-side program). It may not support transactions and database connection pooling.

    The application server is more capable of dynamic behavior than the webserver. We can also configure the application server to work as a web server. Simply apply! ation server is a superset of the webserver.



    SSL are digitally signed certificates. user for message /communication integrity and confidentiality. Generally, encrypt at Sender side and decrypt at the receiver side

    60) Diff B/w Weblogic And Websphere?


    Both BEA Weblogic and IBM’s WebSphere provide J2EE based application servers which are competitors. WebSphere leverages more on connectivity issues with MQ and legacy systems with a strong dominance in J2EE.



    I’m sure what they mean by code here. I think, in case of applications, export them from in DEC and deploy in TEST.

    62) Give three popular algorithms used for encryption?


    1. Triple DES-uses three individual keys with 56 bits each. The total key length adds up to 168 bits, but experts would argue that 112-bits in key strength is more like it.

    2. RSA- is a public-key encryption algorithm and the standard for encrypting data sent over the internet.

    3. AES-it is extremely efficient in 128-bit form, AES also uses keys of 192 and 256 bits for heavy-duty encryption purposes.

    63) Explain About IBM Web Sphere Edge Serve?


    Web sphere edge server is used to improve the performance of web-based systems. It can be used as a forwarding or proxy server. Basically, four components are present in the web sphere they are Network dispatcher, Caching proxy, Content distribution and application service at the edge.

    64) What is Deployment Policy?


    An object in Datapower used to modify/filter imported configurations. When we import the object(s) from one domain or environment to another, we may want to filter out or change certain object configurations for the new domain or environment. This can be achieved using (DP)Deployment Policy.

    65) Explain About IBM Web Sphere Integration Developer?


    Web sphere integration developer provides an IDE to build applications based on service-oriented architecture. Web sphere process server and web sphere ESB were built with WID. WID was built with RAD Eclipse-based technology.

    66) Explain About Computer Grid?


    Compute grid is also known as Web sphere batch. Web sphere extended deployment offers a Java batch processing system called a Compute Grid. This forms an additional feature to the Web sphere network environment. Various features are provided which help a developer to create, manage and execute batch jobs. Job scheduler, xJCL, batch container, and batch programming controller.

    67) Difference API and Unit Testing?


    API testing

    API is owned by QA team

    API is mostly black box testing

    Full functionality of the system is considered in API testing as it will be used by the end-user (external developers who will use your API )

    API test are often run after the build is ready and authors do not have access to the source code

    UNIT testing

    Unit testing is owned by the development team

    Unit testing is white box testing

    Unit testing is done to verify whether each unit in isolation performs as expected or not

    For each of their module, the developers are expected to build unit tests for each of their code modules and have to ensure that each module pass unit test before the code is included in a build

    68) Mention what the main areas to be taken into consideration while writing an API document?


    The key area to be considered when writing API documents are

    Source of the content

    Document plan or sketch

    Delivery layout

    Information required for each function in the document

    Automatic document creation programs

    69) What are the main challenges of API testing?


    The main challenges in API testing are

    Parameter Selection

    Parameter Combination

    Call sequencing

    70) What are the types of Bugs will API testing finds?


    The types of Bugs, API will find

    Missing or duplicate functionality

    Fails to handle error conditions gracefully




    Unused flags

    Not implemented errors

    Inconsistent error handling


    Multi-threading issues

    Improper errors.

    IBM Datapower Sample Resumes! Download & Edit, Get Noticed by Top Employers! Download

    71) Mention the steps for testing API?


    API testing steps

    Select the test case that has to be fulfilled

    For API call develop a test case

    To meet the test case configure the API parameters

    Determine how will you validate a successful test

    Using programming language like PHP or .NET execute the API call

    Allow the API call to return the data to validate

    72) Why do we need a digital signature?


    Digital signatures act as a verifiable seal or signature to confirm the authenticity of the sender and the integrity of the message. Users who wish to verify their identity when sending a protected message can encrypt the information with their private key. The recipient can then decrypt the message with the sender’s public key in order to confirm the sender’s identity and the integrity of the message.

    73) Explain About The Security Features Present In Was?


    The security model for web sphere is primarily based on JAVA EE security model. It also depends upon the operating system. User authentication and authorization mechanisms are also provided in WAS. The lightweight third party authentication mechanism is the main security feature present in WAS.

    74) explain About Web Sphere?


    The word web sphere popularly refers to IBM middleware technology products. Web sphere is known for its turn-key operation in e-business applications. It has run time components and tools which can help in creating applications which run on WAS. WAS refers to web sphere application server.

    75) Why Use The Boostrap Port Number?


    client applications use the bootstrap port to access web spheres built-in object request broker (orb) to use enterprise java beans in applications installed on the application server. The java naming and directory interface service provider URL used by the client application needs to reference the bootstrap port to obtain an initial context for looking up b’s it wants to use. (For communicate two servers)



    A file descriptor is a handle created by a process when a file is opened. There is a limit to the number of file descriptors per process. If the file descriptor limit is exceeded for a process, you may see the following errors:” Too Many Open Files”

    77) What is the difference between object filter and event filter?


    Object filters allow only those log messages for specific objects to be written to the specific log target. Object filters are based on object classes. With this filter, you can create a log target that collects only log messages generated by particular instances of the specified object classes.

    Event Filter allows only those log messages that contain the configured event codes to be written to this log target. With this filter, it is possible to create a log target that collects only log messages for a specific set of event codes.

    78) How to test API’s?


    To test the API’s you should follow the following steps

    • Select the suite in which you want to add the API test case
    • Choose test development mode
    • Develop test cases for the desired API methods
    • Configure application control parameters
    • Configure test conditions
    • Configure method validation
    • Execute API test
    • View test reports
    • Filter API test cases
    • Sequence API test cases

    79) Why do you want to work for IBM?


    Be specific. A lot of candidates make the mistake of generalizing about wanting to work for a ‘global information technology giant’, which could apply equally to IBM or any of its major competitors. You need to make sure your answer reflects your interest in IBM specifically and why you feel the company is the best fit for you. Think about what elements of the company culture appeal to you, or what kinds of projects you might get involved in.

    80) What Is The Value Time Stamp Format In Log Target For?


    Timestamp Format: Syslog

    81) What is XSL: param?


    The element is used to declare a local or global parameter. The parameter is global if it’s declared as a top-level element, and local if it’s declared within a template.

    The element calls a named template.

    • Note: In terms of raw performance xsl:call-template is likely to be faster, as you are calling a specifically named template, rather than telling the XSLT processor to pick the template which best matches
    • With call-template, you have to know what you’re calling. apply-templates is polymorphic – what gets called depends on what you find in the input, which means it is the key feature that enables XSLT to respond to variable or unpredictable input – essential when handling documents as distinct from structured data.
    • apply-templates is usually (but not necessarily) used to process all or a subset of children of the current node with all applicable templates. This supports the recursiveness of XSLT application which is matching the (possible) recursiveness of the processed XML.
    • call-template, on the other hand, is much more like a normal function call. You execute exactly one (named) template, usually with one or more parameters.

    82) Explain About Asymmetric Clustering?


    Asymmetric clustering applications are primarily used in electronic trading systems employed in banks. Some of the features are, partitions can be declared during run time and are usually run on a single cluster at a time. Work specific to a particular can be routed to that cluster.

    83) What Is JNDI?


    we can register resources in the application server’s java naming and directory interface (JNDI) namespace. Client applications can then obtain the references to these resource objects in their programs.

    84) When at work or on a project have you had to persuade someone to change their opinion or do something differently?


    This is a variant on a traditional competency question and your example could tie into a number of their competencies, depending on its context – but it’s fair to say that this is testing your communication, teamwork, and drive. Although the question is asking for a time when you persuaded them, your interviewers will be more interested in how you persuaded them and whether your attempts were successful. Note that it asks for an example of work when on a project, which leads you to think of times when completing internships, part-time jobs or group coursework. However, you can be creative in how you define ‘project’ to bring in your extracurricular activities. Remember that a project can be defined as a discrete piece of work or set of tasks with a specific aim, with a start and end date.

    Are you looking training with Right Jobs?

    Contact Us
    Get Training Quote for Free