000-609 - IBM WebSphere Datapower SOA Appliances Firmware V3.8.1, Solution Implementation
Go back to IBM
An application is sending realtime securities transactions using the FIX (Financial Information eXchange) message format. The customer wishes to route these messages to subscribers based upon a stock ticker symbol found within the FIX message. Which of the following is the appropriate WebSphere DataPower appliance for this customer?
A customer would like to use an XSL transform specified in the incoming XML request to transform that document. Which of the following would be the appropriate processing action to use in this case?
Transform PI (xformpi)
A customer needs message privacy and message integrity on a given transaction, and prefers the use of WSPolicy. WebSphere DataPower must receive a username from each user, but no authentication is required. In order to implement this, without additional custom work, the solution implementer must:
use WSPolicy with UsernameToken, Encryption and Signature enforced.
The implementation of Authentication and Authorization using WebSphere DataPower for a particular project requires a custom stylesheet. Which of the following is a valid reason for this?
The client message contains a custom token with security credentials in a proprietary format which is not supported by DataPower.
What is the difference between WebSphere Service Registry and Repository (WSRR) Subscription and WSRR Saved Search Subscription?
WSRR Subscription requires a direct reference to a service document such as a WSDL or Concept and namespace. WSRR Saved Search does not require a direct reference to the WSDL, concept or namespace and requires users to specify a Saved Search parameter only
A solution implementer is using a WSProxy to send requests from a client to a backend server. A dp:settarget() element in a Transform action on a request rule is being used to dynamically route the message to one of two backends dependent on XML elements within the request message. The Type of the WSProxy has been set to Dynamic Backend. A URL Rewrite Policy has been configured to replace the URI sent from the client with the format required by the backend server. When the service is tested it is found that the Client URI is being sent to the backend. Which of the following would explain this behavior?
The Propagate URI property of the WSProxy must be disabled.
A company wants to use the WebSphere DataPower SLM functionality with a schedule to monitor the number of messages being processed for a particular operation on week days in a Web Service Proxy. Messages should not be counted if they fail Signature Verification, but should be counted whether they pass Authentication and Authorization or not. Which of the following configurations would allow this?
Define a Processing Rule for the particular operation with a Verify action, an SLM action with an appropriate SLM statement and then a AAA action.
A solution implementer is testing a simple XML Firewall which needs to be a proxy for a web application. Both request and response message types are selected as nonXML on the main configuration panel. The policy has only a matching rule and a Results action. When a URL is entered from the browser, an HTTP 405 method is received. The logs show a message of the type: xmlfirewall (TestFW): Request method (GET) without a message body is not allowed, URL: http://example.com/servlet/test Which of the following steps should the solution implementer take to correct this error?
In the XML Firewall Advanced Panel, set 'Process Messages Whose Body Is Empty' to On.
A company wants to use the WebSphere DataPower SLM functionality to enforce service levels for access to a backend web service. Which of the following Count and Latency monitor pairs are valid within SLM statements?
count-all and latency-internal
Which of the following is the correct syntax for Access Policies contained within an RBM (Role Based Management) Group definition?
Device Address/Application Domain/Resource Name?Access=permissions[&field=value]
A WSProxy is receiving orders from partners as SOAP messages. The service is required to reject messages if the total order cost in the message does not match the sum of the individual item costs. Which of the following describes the functionality that would support this requirement?
Create a stylesheet which performs the mathematical comparison and returns either a <dp:accept> or <dp:reject> and use this in a Filter action.
A solution implementer needs to send a request containing business data to a backend using an FTP PUT. Which of the following configurations will provide this functionality?
A Transform action with a dp:urlopen tag enclosing the data to be sent and the target field set to the backend server address.
A company wants to implement an XMLbased service that returns customer data. Which of the following configuration steps in an Multi-Protocol Gateway (MPGW) can be used to prevent malicious requests from returning data for multiple customers?
Insert a Validate action on the response rule and assign a schema that restricts the response to a single record.
Which of the following is NOT a valid target for realtime event logs on WebSphere DataPower?
A solution implementer needs to write part of the information contained within a request message to a log in order to keep a record of the receipt of this message before sending the message to a backend for processing. The log message should be written to the system log. Which of the following could be used to provide this functionality?
A Transform action containing a customized XSL message extension element setting the priority, category and selected contents of the message to be written to the log.
A DataPower Processing Policy has been coded to use DataPower variables. To analyze an error in one of the Rules a solution implementer has enabled the Probe. Which of the following are valid DataPower variable scopes visible in the Probe with the correct lifetimes?
Service (Lifetime: Single transaction) System (Lifetime: Spans repeated transactions)
A company needs to be conformant with Web Services Interoperability (WSI) Basic Profile 1.0. In order to enforce that policy in WebSphere DataPower, the solution implementer must:
create a new conformance policy, and check off the appropriate Profiles check box.
Which of the following are offered by the WebSphere DataPower Integration Blade XI50B?
Support for 10 Gigabit Ethernet interfaces.
Support for the z/OS Sysplex Distributor for load balancing of client requests.
A company is receiving digitally signed messages from a client, and responding with messages that have been encrypted using the client's signing certificate. The Encrypt action has been configured with the 'Use Dynamically Configured Recipient Certificate' parameter set to 'on'. Which of the following statements regarding this scenario is NOT true?
The certificate selected in the 'Recipient Certificate' field will take precedence over the dynamic certificate if defined.
A customer's WebSphere DataPower deployment has the following operational logging requirements: Every network or systemlevel error event should generate an SNMP Trap to the customer's Tivoli Management Console. Every DataPower Management Interface (WebGUI, CLI, and SOMA) access attempt event (success *and* failure) should generate a SOAP call to the customer's IDS (Intrusion Detection System). Messagelevel Authentication/Authorization failure events should generate an SNMP Trap to the customer's Tivoli Management Console. Events generated by the device's Certificate Monitor when a digital certificate is nearing expiration need to generate 'syslog' messages to the customer's syslog host named 'sysloghost a. example.com'. Events generated by inbound messages with invalid message encodings need to generate 'syslog' messages to the customer's syslog host named 'sysloghostb. example.com'. What is the minimum number of Log Targets that need to be configured in the DataPower logging system to accomplish this?
A company wants to query a database to obtain authorization data for an authenticated user from a DB2 database. The parameterized query is of the form 'SELECT * FROM AUTH_ATTRIBUTE_TABL WHERE REQUESTER_ID=?'. Which of the following applies?
Use <dp:sqlexecute> extension element to obtain authorization data.
A customer is receiving binary packed EDI using S/MIME over HTTP and S/MIME over FTP. The customer currently uses WebSphere Partner Gateway and WebSphere Transformation Extender to send functional acknowledgements, convert the message, and send a correlated response. The customer is interested in improving performance and scaling this architecture to remove some of the processing overhead. Which of the following would benefit the customer in this scenario?
Add XB60 appliances to move the security functionality to the DMZ and send MDN acknowledgements.
Which of the following IPv4 address classes supports a maximum of 256 addresses per subnet?
For virusscanning message attachment , WebSphere DataPower appliances use which protocol to support integration with 3rdparty virus scanners?
ICAP (Internet Content Adaptation Protocol)
A customer wants to protect communication between two WebSphere DataPower appliances against a replay attack. The second DataPower appliance needs to validate that the messages received from the first appliance have spent no more than 30 seconds in transit. Which of the following configurations would meet these requirements?
Use symmetric encryption to encrypt a token containing a timestamp on the first DataPower appliance and decrypt it on the second appliance.
A company requires syncpoint on each message extracted from a Request Queue. The message is processed via HTTP by a backend system. If the WebSphere DataPower appliance does not successfully process the message, it should not be removed from the Request Queue. The company has created a Multi-Protocol Gateway Service which uses an MQ Front Side Handler and an MQ Queue Manager to facilitate this. How can syncpoint be implemented?
Set the Queue Manager object's 'Units Of Work' property to "1".
Which of the following is NOT a required feature of a secure SSL connection?
The client credentials must be sent to the server.
Which statement is NOT true about the Multi-Protocol Gateway (MPGW) service? The MPGW:
supports only synchronous protocols in its Front Side Handlers when its Type is set to "Loopback Proxy".
Connectivity to which of the following protocols can be directly protected with SSL mutual authentication in WebSphere DataPower using firmware V3.8.1?
MQ queue manager
A WSProxy Service is configured with a subscription to a Concept in WebSphere Service Registry and Repository (WSRR). A new WSDL is added to the Concept from the WSRR interface. What options are available for updating the WSProxy to include the new WSDL?
Navigate to the WSRR Subscription Status page and click 'Synchronize'.
Set the Synchronization Method to Poll and then wait for the Refresh Interval.
A company has implemented a data masking Multi-Protocol Gateway (MPGW) named Log_MPGW. Log_MPGW is called from another MPGW named ESB_MPGW using a urlopen extension function call with option 'response=ignore' set. The service provided by Log_MPGW to ESB_MPGW is noncritical and should impact the performance of ESB_MPGW as little as possible. Which of the following are correct?
A timeout value on the urlopen call should be set reasonably to limit any possible blocking of the urlopen calls to the logging service.
The transform action using the urlopen call on ESB_MPGW can be made asynchronous to ensure that the performance of the core ESB flow is not impacted.
A solution implementer is configuring a WebSphere DataPower appliance to receive messages from a partner, and then pass them to a backend. Responses from the backend must also be transformed before being returned to the partner. The partner is requiring that nonRepudiation must be guaranteed on the responses it receives from the DataPower appliance. Which of the following would provide this functionality?
Have the DataPower appliance transform the response and then digitally sign the response message using a Sign action before returning it to the partner.
The WebSphere DataPower Low Latency Appliance XM70 supports which of the following protocols?
RUM (Reliable Unicast Messaging)
While configuring RBM settings, which of the following are valid authentication methods?
LDAP, RADIUS, SPNEGO, XML File
Which of the following is TRUE regarding a rule defined to use the PassThru message type?
No actions in the rule will be executed.
Which of the following is NOT available as a service object on a WebSphere DataPower Appliance?
A company wants to ensure that all its backend SOAP/HTTPS services are protected from unauthorized internal access. The security architect has recommended SSL mutual authentication to be configured from WebSphere DataPower to the backend services. The SSL profile for mutual authentication is correctly configured on DataPower and the implementer wants to confirm if the backend services have configured their mutual authentication correctly. A successful transaction is run through DataPower to the backend services. Which of the following tests could the solution implementer use to confirm that mutual authentication is working correctly end-toend?
Run a packet capture on the interface communicating with the backend and observe the SSL handshake includes the optional client authentication steps.
Remove the Identification Credential from the forward crypto profile on DataPower; if the request does not succeed, the backend mutual authentication is correctly configured.
A company is using WebSphere MQ to mediate messages between their frontoffice and backoffice applications. WebSphere DataPower appliances, as a part of the messaging hub solution, are responsible for processing certain types of messages arriving on designated queues on the same Queue Manager. This is a high performance environment and the key requirement for DataPower is to read messages from a designated queue and place copies of the message to the designated backend queues on the same Queue Manager under a single unit of work to prevent message loss. As a solution implementer, which of the following configuration options would be MOST optimized for this environment?
Create MQ MQOD headers to create an MQ distribution list including all designated backend queues.
Which of the following needs to take place to enable designtime testing of a WebSphere Transformation Extender map on a WebSphere DataPower appliance?
Import the WTX.zip file containing WebSphere DataPower helper services onto the appliance.
A company wants to explore the use of a URL Rewrite Policy in a Multi-Protocol Gateway. Which of the following is TRUE? A URL Rewrite Policy:
is executed before the request rule in the processing policy.
In order to notify of policy violations for incoming web services, the solution implementer must:
define a WSPolicy by setting the policy's Enforcement Mode to filter, create a Policy Parameter Set, and attach a Policy Source.
Which of the following is the correct CIDR notation for the IP Address below? IP Address: 192.168.1.81 Subnet Mask: 255.255.255.0
A company is using WebSphere MQ and would like to configure WebSphere DataPower to provide high availability across queue managers. Which of the following objects need to be configured on the appliance to make use of this feature?
MQ Queue Manager Group should be used which includes Primary and Backup MQ Queue Manager objects that provide automatic connectivity to the active MQ instance.
A solution implementer would like to use a set of actions in a number of processing rules in a processing policy. To speed up configuration and maintenance the implementer has used the "Create Reusable Rule" button on the Policy editor screen of the WebGUI to create a Reusable Rule. This rule has then been dragged and dropped on to several other processing rules in the policy. Later, one of the actions in the reusable rule needs to be removed. Which of the following describes how this would be achieved?
The action must be removed from the reusable rule itself which only appears under the Objects menu on the Navigation Bar.
A solution implementer has created a WSProxy to allow clients to access backend web services. The web services may be altered and so the WebSphere DataPower appliance has been configured to subscribe to a UDDI Registry to retrieve the WSDLs for the backend web services and update the WSProxy accordingly. Any changes to the UDDI Registry must trigger immediate updates to the WSProxy. Which of the following will provide this functionality?
Enable the XML Management interface to allow UDDI Subscription and then configure the UDDI Registry to announce updates to the DataPower URL /service/uddisubscription.
A company wants to use the WebSphere DataPower SLM functionality to monitor messages from particular partners for particular backend functionality. The company needs to set up Credential and Resource Classes. Which of the following configurations would meet the requirements?
Credential: client-ip (the IP address of the Client) Resource: wsdl-operation (the Web Service Operation the Client requested)
A Multi-Protocol Gateway has been created to accept requests in a comma separated value format. The first action in the request rule is a binary transformation that converts the CSV to a simple XML format. The message must then be processed by further Transform actions. Which of the following is a valid option for the service Request Type?
A customer would like to make improvements to one of their existing systems. One of the improvements is to provide ebXML Messaging Service (ebMS 2.0) support for this system. Based on this information, which of the following would be the best fit WebSphere DataPower service type for this scenario?
SSL uses which encryption type to create a session between client and server?
Both Symmetric and Asymmetric encryption
Which of the following is an advantage of using WS-Security instead of SSL?
Provides security in end-toend scenarios across trust boundaries.