000-274 - IBM WebSphere DataPower SOA Appliances Firmware V5.0 Solution Implementation
Go back to IBM
A customer wants to protect communication between two WebSphere DataPower Appliances against a replay attack. The second DataPower appliance needs to validate that the message received from the first appliance has spent no more than 30 seconds in transit. How should the solution implementer satisfy this requirement?
Use symmetric key encryption using an encrypt-string extension function on a timestamp string on the first DataPower appliance. Then use the same key with a decrypt-string extension function on the second appliance and validate the timestamp.
A solution implementer needs to configure SSL mutual authentication between DataPower and a secure backend server. The secure backend server requires the client to send a certificate for authentication. What step must the solution implementer take to allow SSL mutual authentication when DataPower acts as the client in this scenario?
Configure an identification credentials object to allow the verification of client identity.
The solution implementer wants to set up the Interoperability Test Service (ITS) to simplify service development for the DataPower developers. How can the solution implementer provide this capability?
Download the Resource Kit from IBM Fix Central, enable ITS, and supply the Resource Kit test clients to the developers.
A solution implementer needs to set the Log Priority of log messages within a WS-MediationPolicy policy attachment. How can the solution implementer configure the value of Log Priority?
Policy Parameters object
A multi-protocol gateway (MPGW) service is configured to convert an XML message to a non-XML message for the backend service. The processing policy needs to transform the request to a non- XML message using a WebSphere Transformation Extender (WTX) map and route the message to the backend service. What transform-type action does the solution implementer configure in the processing policy to satisfy this requirement?
Transform binary (xformbin)
A solution implementer is tasked to use a DataPower appliance as an intermediary for providing Web 2.0 services. Which of the following features of Web 2.0 messages should the solution implementer be aware of when designing the solution? (choose two)
Web 2.0 messages can arrive with an empty body.
Web 2.0 REST messages can use HTTP POST methods like SOAP messages.
Select the appropriate IBM WebSphere DataPower SOA Appliance based on the following requirements/specified use: - Service level management and monitoring - Intelligent load distribution and dynamic routing - Entry-level device, slim footprint (1U form) - Does not need IMS Connect or SFTP support
Service Gateway Appliance XG45
A solution implementer has created a multi-protocol gateway (MPGW) service to process messages containing the MQRFH2 header. The MQ front side handler is configured to exclude "MQRFH2" headers from the payload. How does the solution implementer configure the MPGW service Header tab to send the request as an MQ message for the backend service?
Inject the header named "MQMD" with the value of "<MQMD><Format>MQSTR</Format></MQMD>" for the backend with a direction as "back".
An multi-protocol gateway (MPGW) service is created to process a request message containing values for the MQMD.ReplyQ and MQMD.ReplyToQMgr that are not configured in the MPGW service. The back end service sends a SOAP message as response to the MPGW service that needs to be routed to the originating client using MQ Object Descriptor (MQOD) method. How can the solution implementer accomplish this requirement using the configured MPGW service?
Using XSLT, inject service virtual headers named "ReplyToQ" and "ReplyToQM" with the value of an empty string in the response rule as shown below: <dp:set-response-header name="'ReplyToQ'" value="' '"/> <dp:set-response-header name="'ReplyToQM'" value="' '"/>
A solution implementer is configuring a single multi-protocol gateway to dynamically route messages to back end servers. For internal consumers the request needs to be routed to an MQ based back end and for external consumers the request needs to be routed to an HTTP based back end service. How can the solution implementer satisfy this requirement?
Set the variable var://service/routing-url.
Message traffic from a customer purchasing system is passing SOAP messages through a DataPower XI52 appliance. A solution implementer uses a multi-protocol gateway to implement WS-Security to encrypt the complete message. Which of the following parameters should the solution implementer select to correctly configure the Encrypt action?
Envelop Method: WSSec encryption Message Type : SOAP Message Document Crypto Map : None
An operations team is reporting intermittent network connectivity problems between DataPower and a specific backend IP address. Network firewalls are configured to allow traffic and there are no known problems on the network. How can the solution implementer troubleshoot this behavior?
Conflicting network routes in the appliance may have been defined which may be causing intermittent network connections. Run "show route"command on the network and analyze the configuration.
The network requirements for an appliance state that there should be an internal network used for the management Ethernet interface and all other Ethernet interfaces will use the same external network. With these requirements in mind, how can the solution implementer configure the Ethernet Interfaces to ensure only the specified internal network uses the management interface and all other outgoing traffic uses one of the other interfaces?
Define Static Route for internal network on the management interface and configure the Default Gateway on all other interfaces.
The solution implementer wants to create a web service that uses SOAP over HTTP on the front end, and WebSphere MQ on the back end to integrate with an existing legacy application. The solution implementer wants to add a new WSDL to the existing web service proxy service to route traffic to an MQ queue. How does the solution implementer meet this requirement?
Add the new WSDL and create a new back end URL using the dpmq:// syntax.
A solution implementer is deploying four DataPower XI52 appliances in a production environment. The requirement is to evenly distribute client traffic across all four appliances without using an external load balancer. The firmware on these four appliances has the Application Optimization feature enabled. A standby Virtual IP address (VIP) has also been configured on each appliance with self-balancing enabled, and each VIP specifies the same standby group. No other appliance network settings have been changed. What should the solution implementer verify with the network team to ensure that this configuration will work? Ensure the network supports:
A solution implementer needs to configure the appliance to throttle transactions if the device memory utilization reaches 70%. What can the solution implementer do to achieve the desired result?
Configure Throttle Settings and set the Memory Throttle threshold to 30%.
An SLM Policy has been associated with a web service proxy to restrict access to a backend web service if one of a number of conditions has been met. The list of conditions are described in a series of SLM statements. What Evaluation Method must the solution implementer select in the SLM Policy to ensure that every SLM statement is checked until a throttle condition is executed?
A solution implementer has created a multi-protocol gateway to pass messages to a backend server. The complete contents of all request messages should be logged; performance is a high priority but the transaction should not fail if the log server is down. Which logging mechanisms should the solution implementer use to satisfy both requirements?
Add a Log action to start of the request rule for the message and set the Asynchronous option to On.
A solution implementer needs to create a new service on a DataPower virtual appliance. The new server needs to virtualize the back end server IP address from the end user while exposing operations of a web service described by a given WSDL. Service Level Monitoring (SLM) is also to be incorporated at the port level. Which service type should the solution implementer configure?
Web Service Proxy
A solution implementer is creating a multi-protocol gateway to proxy SFTP server requests. An AAA Policy is configured on the SFTP front side handler to provide user authentication for the SFTP connection. Which Extract Identity method should the solution implementer configure in the AAA Policy to extract the SFTP user's credentials?
Processing Metadata method, specifying the ssh-password-metadata metadata item.
Which network protocol does the "Ping Remote" DataPower function use to test network connectivity to a remote system?
A solution implementer needs to set up a DataPower Integration XI52 Appliance in a data center with the firmware release 5.0.0.x. The appliance was shipped with the newer 5.0.0.y firmware. The solution implementer needs to install the older release 5.0.0.x firmware. The company maintains all firmware images on an internal server at http://repository. Which CLI command sequence should the solution implementer use to achieve this firmware version downgrade?
xi52# configure terminal xi52(config)# copy http://repository/5.0.0.x.scrypt3 image:5.0.0.x.scrypt3 xi52(config)# flash xi52(config-flash)# boot image 5.0.0.x.scrypt3
A web service proxy is receiving orders from partners as SOAP messages. The service is required to reject messages if the total order cost in the message does not match the sum of the individual item costs. What can the solution implementer do to support this requirement?
Create a style sheet which performs the mathematical comparison and uses either a <dp:accept> or <dp:reject>, and use this in a Filter action.
A solution implementer needs to integrate a DataPower appliance with an IMS COBOL application. The multi-protocol gateway is created with an HTTP Front Side Handler and an IMS Connect backside URL of the form dpims://. The EBCDIC Header Conversion is configured as "on" in the IMS Connect object. What benefit(s) can the solution implementer achieve by using this Header Conversion option?
Converts IMS headers to EBCDIC encoding
A solution implementer has created a Deployment Policy to scan through configuration objects when they are imported and to remove any references to appliance specific settings such as the Ethernet addresses. Which of the following Deployment Policy settings would provide this functionality? (choose two)
A Filtered Configuration with a list of the objects that are to be excluded.
A Modified Configuration with rules specifying Delete Configuration for the object references to be removed on import.
A solution implementer needs to immediately quiesce a DataPower appliance in the event of a power supply failure. How can the solution implementer satisfy this requirement?
Configure an Event Trigger for the power supply failure event to execute the "appliance-quiesce" command.
A financial services company (Company) is using a DataPower appliance to securely access an external service provider (Partner) that processes SOAP/HTTPS payment transactions and returns the responses to the requesting application in the Company with payment confirmations. The Partner requires that Company establish non-repudiation so that the financial services company cannot deny that the payment transaction was originated by them. The Company requires that the confirmation sent back from the Partner also requires non-repudiation. Which of the following statements is true?
Request Rule must Sign with crypto object containing the Company private key and Response Rule must Verify with crypto object containingPartner public certificate
A company wants to implement disaster recovery (DR) between a 9004/9235 appliance and a 9005/7199 appliance. The company is also considering the inclusion of a DR-enabled XI52 virtual appliance in the plan. The following conditions apply: - The source and target hardware appliances are located in geographically dispersed data centers. - The firmware level is V5.0.0.x on the appliances, and the appliances and licenses are compatible. - Both appliances have a different set of users that need to be merged on the restore. - The source appliance has been initialized with disaster recovery mode and is to be securely backed up and restored on to the target appliance. Which one of the following statements is TRUE and allows the solution implementer to meet these conditions?
After the secure restore, the users that were defined on the target appliance must be manually configured or imported from apreviously-exported configuration.
Select the appropriate IBM WebSphere DataPower SOA Appliance based on the following requirements/specified use: ?Service level management and monitoring ?Intelligent load distribution and dynamic routing ?Entry-level device, slim footprint (1U form) ?Does not need IMS Connect or SFTP support
Service Gateway Appliance XG45
A solution implementer is tasked with securing a backend web service by creating an externally advertised web service interface that will: - easily adapt to any backend changes. - conform to the backend service Web Service Description Language (WSDL) document. - monitor and control message traffic based on consumer and requested resources to the WSDL operation level. What DataPower service should the solution implementer configure to satisfy these requirements?
Web service proxy using the WSDL with a dynamic backend.
A customer needs message privacy and message integrity on a given transaction, and prefers the use of WS-Policy. WebSphere DataPower must receive a username from each user, but no authentication is required. In order to implement this without additional custom work, the solution implementer can:
use WS-Policy with UsernameToken, Encryption and Signature enforced.
A solution implementer is tasked with securing a backend web service by creating an externally advertised web service interface that will: ?easily adapt to any backend changes. ?conform to the backend service Web Service Description Language (WSDL) document. ?monitor and control message traffic based on consumer and requested resources to the WSDL operation level. What DataPower service should the solution implementer configure to satisfy these requirements?
Web service proxy using the WSDL with a dynamic backend.
A company has DataPower XI52 physical appliances supporting its production environment. The only optional feature that these appliances support is the Option for Application Optimization. The company also uses DataPower Integration Appliance XI52 Virtual Edition for Non Production Environment for its development and test environment. Development management is concerned about their developers using features on the virtual appliance that are not licensed on the production appliances. How can the solution implementer restrict the use of specific features on the virtual appliances?
Download the appropriate feature_disable_tool.scrypt4 tools from IBM Fix Central. Upload each tool to the virtual appliance and perform aboot image.
A solution implementer is required to enrich the request message using information stored in a DB2 database table. The search condition of the SQL query needs to be dynamically generated by using a search key from the request message. Which SQL Input Methods can the solution implementer configure to execute the dynamic SQL in a SQL action? (Choose two)
A company is receiving digitally signed SOAP/HTTPS messages to process payment transactions from its business partner and verifies those messages using the Verify action. There is also a requirement to use the signing certificate sent by the partner to encrypt the confidential response message from the company back to the partner. To satisfy this requirement, the solution implementer creates an Encrypt action with the 'Use Dynamically Configured Recipient Certificate' parameter to 'on'. Which statement related to the scenario above is false?
The certificate created in the 'Recipient Certificate' field takes precedence over the dynamic certificate input option.
A customer has created a multi-protocol gateway with a request type of JSON. Within the request rule, an action needs access to the input in JSONx format. What are the possible ways that a solution implementer can retrieve this data in XML? (choose two)
Set the action's input context to the value '__JSONASJSONX'.
Insert a Convert query parameters to XML (convert-http) action, and select a Default Encoding of 'JSON' in the Input Conversion Map.
A solution implementer is given the requirement to capture only a subset of messages emitted by a particular service to its own custom logging target. The solution implementer uses an <xsl:message> statement in the style sheet referenced by the transformation actions. How does the solution implementer meet this requirement?
Define a log category, use it in the <xsl:message> statement and define a log target that subscribes to that event category.
A DataPower Processing Policy has been coded to use DataPower variables. To analyze an error in one of the Rules, a solution implementer has enabled the Probe to review message content and DataPower variables. Given the data in the Probe, which one of the following shows the correct variable and scope?
Service (Scope: Single transaction) System (Scope: Spans repeated transactions)
A company has an extensive list of Miscellaneous XML Threats that they require protection from. The list includes: ?XML Entity Expansion and Recursion Attacks ?XML Wellformedness-based Parser Attacks ?Memory Space Breach and Buffer Overflow Attacks ?Public Key DoS Attacks ?Resource Hijack Attacks What must the solution implementer do to protect SOA Applications exposed via a WSDL and a Web Service Proxy service?
Web service proxy default options protect against these threats. No configuration is required.
A company wants to enforce the run-time SOA governance using service level agreement (SLA) and service level definitions (SLD) policy attachments for a line of business. The solution implementer has configured a web service proxy service that uses a WebSphere Service Registry and Repository (WSRR) subscription to meet this requirement. The WSRR server hosts the governance enablement profile that contains SLA and SLD entities. The SLA objects in WSRR are in SLA Active State. During a test run, it was identified that SLA policies from WSRR are not enforced. How can the solution implementer resolve this situation to enforce SLA policies? (Choose 2) Verify that the:
WSRR server object is set to version 7.5 or later.
Fetch Policy Attachments option for the WSRR Subscription is set as "on".
When debugging an SSL handshake using a packet capture, it is observed that there is a Client HELLO message followed by a Server HELLO message. Each of those packets have an associated Session ID that is different from each other. What does this indicate to the solution implementer?
A new SSL session and a full handshake will be performed.
A DataPower application is to be deployed to development, test, pre-production, and production environments. The solution implementer has the requirement to make the application migration easier and portable. What can the solution implementer use to accomplish this?
Deployment Policy, Host Alias, Static Host, and externalize end points
Which of the following SOAP messages is valid according to the SOAP specification?
A solution implementer needs to configure a front side handler in a multi-protocol gateway service that only accepts messages from applications servers that are in the 10.10.10.0/24 subnet. What can the solution implementer configure in a front side handler to restrict messages to the 10.10.10.0/24 subnet?
Specify an Access Control List with an entry of "allow 10.10.10.0/24"
A solution implementer is debugging a web service proxy which communicates with a backend service http://server1:9092/myserv. The irregular performance to the backend service cannot be explained so a packet capture is run to dig deeper into the issue. The results need to be stored in a file called packet-capture. Also, the solution implementer wants to capture data only related to the specific backend service host and across all interfaces. What CLI syntax should the solution implementer use and how can the packet capture be analyzed?
packet-capture-advanced all temporary:///packet-capture -1 10000 9000 "host server1" and analyze using any 'pcap' compliant application, such as 'tcpdump' or 'Wireshark'.
A solution implementer has been tasked with monitoring a service and filtering requests based on how long an external backend service takes to respond. The solution implementer has chosen to use the message duration monitor in the DataPower service. Which "measure" value must the solution implementer configure to satisfy this requirement?
A company wants to inform the consumers of their services whether the DataPower processing failed in the request or the response. They prefer to have generic error handling shared by all their rules and thus have not defined any on-error actions on individual rules. From the default error rule configured, the requirement is to inform the consumer whether the processing policy failed in the request or the response. What extension function should the solution implementer use to implement the requirement?
A SOAP message needs to be packaged with a JPEG. The requirement is to use SOAP with Attachments. Where would the solution implementer include the attachment in the message?
A non-root MIME part
A solution implementer needs to add custom headers required by the back-end system to all request messages. A stylesheet based Transform action is used to add the necessary headers. Which DataPower capabilities can the solution implementer use to verify that the required headers have been added properly? (Choose 2)
The multi-step probe to check the values in the Headers tab before and after the Transform action.
<xsl:message> to print the header values to the system log file and check the system log file during testing.
A solution implementer has been provided the following security requirements to implement a solution for a company to transact business with its business partners. ?Message Confidentiality - none can see the message in transit in clear text between the company and partner end points ?Message Integrity - no man-in-the-middle tampered with the message between the company and partner end points ?Non-repudiation - be able to verify the senders are who they say they are What actions should the solution implementer take to satisfy all the requirements?
Use SSL and create a digital signature solution with sign and verify actions.