Interview Questions.

Q1. Why Do We Need A Digital Signature?

Digital signatures act as a verifiable seal or signature to verify the authenticity of the sender and the integrity of the message. Users who wish to verify their identification when sending a protected message can encrypt the records with their non-public key. The recipient can then decrypt the message with the sender’s public key on the way to confirm the sender’s identity and the integrity of the message.

Q2. How Can I Verify That A Custom Injection Filter Is Working?

To verify that your custom injection patterns report is operating successfully, check the default log for any messages that report parsing failure. A parsing failure may want to arise for any of the subsequent motives:

The file carries XML that isn't well-fashioned.

The record incorporates XML that doesn't agree to the XML schema.

The record turned into deleted after the configuration was saved.

The document does no longer exist or is in the incorrect vicinity.

Q3. Who Issues A Certificate, Explain In Detail?

Certificate government act as depended on third events that verify the identification of the sender of an encrypted message and issue digital certificate as evidence of authorization. These virtual certificate include the general public key of the sender, which is then surpassed alongside to the intended recipient. The Certificate authorities do great heritage exams earlier than giving an enterprise or a given person a certificates.

Q4. What Are The Weakness Of Symmetric Key Cryptography And What Is The Strength Of The Asymmetric Key Cryptography?

Symmetric key cryptography-

The biggest impediment in successfully deploying a symmetric-key set of rules is the necessity for a proper change of private keys. This traction must be completed in a relaxed manner. If face to-face meeting, which proves pretty impractical in lots of circumstances while taking distance and time into consideration, can not be possible to change non-public keys. If one assumes that protection is a danger to begin with because of the preference for a mystery alternate of statistics inside the first region, the alternate of keys becomes in addition complicated.

Another problem concerns the compromise of a non-public key.  In symmetric key cryptography, each participant has an equal non-public key. As the quantity of participants in a traction increases, both the threat of compromise and the consequences of this kind of compromise growth dramatically. Each additional person provides every other capability factor of weakness that an attacker could take advantage of. If such an attacker succeeds in gaining manage of simply one of the private keys in this world, every user, whether or not there are hundreds of customers or only a few, is absolutely compromised.

Both Symmetric and Asymmetric-key cryptography additionally has vulnerabilities to assaults including the person inside the middle attack. In this situation, a malicious 1/3 party intercepts a public key on its manner to one of the events worried. The third birthday party can then alternatively pass along his or her own public key with a message claiming to be from the authentic sender. An attacker can use this method at every step of an exchange so as to efficiently impersonate every member of the verbal exchange without any other parties having expertise of this deception.

Asymmetric cryptography –More secure 

Asymmetric keys have to be commonly longer than keys in symmetric-cryptography which will boast protection. While producing longer keys in other algorithms will typically save you a brute pressure attack from succeeding in any meaningful period of time, these computations end up greater computationally intensive. These longer keys can still range in effectiveness relying on the computing strength to be had to an attacker.

Q5. Why Does The Datapower Appliance Convert My Utf-eight Characters To Encoding?

A back stop server or the asking for customer is probably anticipating a few special characters inclusive of the British Pound image and letters with umlauts, accents, or different special marks; but, these unique characters aren't preserved when they pass through the DataPower equipment.

Take the subsequent steps to resolve the problem:

Set encompass charset in response-type to on:

For the Multi-Protocol Gateway provider or the Web Service Proxy carrier:

Use the Objects navigator to open the provider configuration display.

Choose the Proxy Settings tab and set encompass charset in reaction-type to on.

For the XML Firewall carrier:

Use the Objects navigator to open the XML Firewall provider configuration display.

Choose the HTTP Options tab and set HTTP charset in reaction-kind to on.

Edit the XML Manager that you are the usage of to your carrier so that the XML Manager carries a minimal output escaping rule:

Add a new Compile Options Policy or pick out an current one by clicking ....

Add a Minimum Output Escaping Rule.

Add a matching rule so that every one requests coming in on that URI (it could be * ) are minimally escaped.

Use a fashion sheet within the trform action to your processing rule. Include the subsequent line within the style sheet to specify output encoding:

<xsl:output encoding="UTF-8" version="1.0" method="xml"/>

Make sure which you trform the incoming request together with your style sheet, even minimally; otherwise, the settings in step 2 aren't used. If you do not want to trform the request, insert the subsequent line in between the xsl:template element tags:

<a>

  <xsl:copy-of select="."/>

</a>

Optional: If your response nevertheless escapes the unique characters, clean the stylesheet cache. Clearing the fashion sheet cache ensures that the DataPower appliance makes use of the modern settings.

Q6. What Is The Value Time Stamp Format In Log Target For?

Timestamp Format: syslog.

Q7. In The Data Power File System, The Logs Are Stored Default In Log Temp? True/fake, Give Appropriate File Directory If The Above Statement Is False.

True: logtemp, default area of log files, including the system-huge default log.

Q8. Explain Datapower File Structure?

File machine shape in DataPower is one of the major element that we want to appearance out for at the same time as operating on day after day sports. Below picture shows the listing shape in DataPower.

Following are info of all of the Folders present and their description.

Audit: This listing consists of the audit logs. Each appliance incorporates simplest one audit: listing. This directory cannot be the destination of a replica.This listing is available from the CLI in best the default domain.

Cert: This encrypted listing incorporates private key and certificate files that offerings use in the area. You can add, delete, and list files on this listing however you can not view or modify these documents. Each application area consists of one cert: listing. This directory isn't always shared across domains.

Chkpoints: This directory incorporates the configuration checkpoint files for the equipment. Each application area includes one chkpoints: directory. This listing is not shared across domain names. During an upgrade, the operation deletes the contents of this listing.

Config: This directory consists of the configuration documents for the equipment. Each software domain consists of one config: directory. This directory isn't shared throughout domains.

Dpcert: This encrypted listing contains documents that the appliance itself makes use of. This listing is to be had from the CLI in most effective the default domain.

Export: This listing incorporates the export programs. Each utility area consists of one export: directory. This directory is not shared throughout domain names.

Picture: This listing incorporates the firmware snap shots (number one and secondary) for the appliance. This directory is in which firmware photographs are saved typically throughout an add or fetch operation. Each appliance includes only one photograph: listing. This listing is available in best the default domain. During an upgrade, the operation deletes the contents of this directory.

Internalconfig: This hidden listing carries configuration-like artifacts for the equipment. This directory is in which predefined deployment artifacts like sample exemplars are saved. You can not get admission to this listing with any interface.

Isamcert: This directory consists of shared certificate and key files. When a shared file is changed, all reverse proxies have to be restarted.

Isamconfig: This directory consists of the subsequent files.

The Access Manager Reverse Proxy configuration files. There is one configuration report in line with reverse proxy. The documents are named in the isamconfig:///webseald-name.Conf layout.

The Access Manager Reverse Proxy routing files. There is one routing document according to opposite proxy. The documents are named within the isamconfig:///routing-name layout.

Isamwebroot: This listing contains documents for each Access Manager Reverse Proxy. When a file in this listing is modified, simplest the reverse proxy that is modified need to be restarted.

Local: This listing consists of miscellaneous files which can be utilized by the offerings within the area, together with XSL, XSD, and WSDL files. Each application domain includes one nearby: directory. This directory may be made seen to other domains. When considered from different domain names, the directory name modifications from nearby: to the name of the utility domain.

Logstore: This directory consists of log files which can be saved for destiny reference. Typically, the logging objectives use the logtemp: listing for lively logs. You can pass log documents to the logstore: listing. Each application domain carries one logstore: directory. This listing isn't shared across domain names.

Logtemp: This listing is the default area of log files, along with the equipment-huge default log. This listing can preserve thirteen MB. This directory cannot be the destination of a replica. Each application area contains one logtemp: directory. This directory is not shared throughout domains.

Policyframework: This listing incorporates unattached guidelines which might be submitted to the appliance thru the REST management interface. Do no longer adjust documents in this directory. To modify an unattached coverage, DELETE and POST the coverage via the REST control interface. This system ensures that the coverage is recompiled. This listing is not shared across domain names.

Pubcert: This encrypted directory includes the safety certificates which can be used normally via web browsers. These certificate are used to set up safety credentials. Each equipment consists of most effective one pubcert: listing. This listing isn't shared across domains. However, you must be in default domain to upload or fetch documents.

Sharedcert: This encrypted listing includes safety certificate which are shared. Each equipment incorporates simplest one sharedcert: listing. This directory is not shared throughout domain names. However, you need to be in default area to add or fetch files.

Keep: This listing carries instance stylesheets, default stylesheets, and schemas that the equipment itself makes use of. Do no longer modify documents on this listing. Each equipment carries most effective one shop: listing. Although this directory is seen to all domains, you can change the contents of this listing from most effective the default domain.

Tasktemplates: This directory contains the XSL documents that outline the display of specialised GUI displays. Each appliance carries only one tasktemplates: listing. This listing is available in only the default area.

Temporary: This directory is used as transient disk space through processing rules. Each utility area contains one brief: listing. This listing isn't always shared across domain names. During an improve, the operation deletes the contents of this directory.

Q9. What Are The Different Modes Of Archival? Explain Each Mode In Two Lines Each?

Rotate, rotate the log document when the maximum size is reached. The appliance creates a copy of the report and starts offevolved a new file. The equipment keeps the archived copies up to the desired number of rotations. After reaching the maximum wide variety of rotations and the log report reaches its maximum length, the equipment deletes the oldest report and copies the modern-day report.

Upload, upload the log report when the maximum length is reached. The appliance uploads the document the usage of the specified upload method.

Q10. How Do You Gauge The Strength Of The Key, What Is The Parameter Used?

The set of rules have to be recognized to the general public; but the key desires to be exclusive

Key size

Performance/ Response time for Encryption or Decryption (relies upon on the system we use)

Mathematical proof for standardization of safety provided by way of that algorithm

Who provided the certificate for the set of rules and the date of expiration date?

Q11. What Is The Difference Between Object Filter And Event Filter?

Object filters allow simplest those log messages for particular objects to be written to the precise log target. Object filters are primarily based on item lessons. With this filter, you can create a log goal that collects best log messages generated by using specific instances of the desired item classes.

Event Filter allow handiest the ones log messages that comprise the configured occasion codes to be written to this log goal. With this filter out, it is viable to create a log goal that collects best log messages for a selected set of occasion codes.

Q12. How To I Collect A Single Log Statement As Alert As A Mail When The Object On Which Log Target Is Enables Goes Down Or Comes Up?

It is done through putting in Event triggers.  Event triggers carry out movements simplest when triggered by a targeted message ID or event code in this situation the device is going up/down. With this filter out, it is viable to create a log target that collects handiest the consequences of the desired cause motion. For example, to cause the technology of an blunders report when a certain event occurs use the shop errors-record command and trfer to SMTP target format to send as an electronic mail alert.

Q13. Why Do We Need It?

We want cryptography to share facts confidentially that's making sure the secrecy of communique

Authentication – Ajitab can signal his message and Mulu can verify that he sent it based totally on his signature

Integrity checking -Mulu can generate a checksum of the message. Ajitab can both extract it from the message or recalculate it and verify that the message has not been changed.

Non-repudiation – if Ajitab symptoms the message he cannot deny later that he despatched it, because no person else may want to generate that identical signature/private key.

Q14. What Are The Different Types Data Power Appliances?

Different kinds Data power appliances :-

XML Accelerator XA35: 

Accelerates XML processing and trformation.

Increases throughput and reduces latency.

Lowers improvement fees.  

XML Security Gateway XS40:

Help at ease SOA with XML hazard protection andaccess manage

Combines Web offerings security, routing and management features Drop-in, centralized policy enforcement.

Easily integrates with present infrastructure and tactics.

Integration Appliance XI50:-

Trforms messages (Binary to XML, Binary toBinary, XML to Binary)

Bridges a couple of protocols (e.G. MQ, HTTP,JMS)

Routes messages based totally on content material and coverage.

Integrates message-stage security and policy Functions.

Q15. What Is Cryptography? Why Do We Need It?

Cryptography is to shield non-public communique within the public global. For example, two entities trying to communicate – Ajitab and Mulu – are shouting their messages in a room complete of human beings. Everyone can listen what they are pronouncing. The intention of cryptography is to shield this verbal exchange so that simplest Ajitab and Mulu can apprehend the content material of the messages.

Q16. What Is The Default Log Size In The Log Target? What Happens When That Log Size Is Reached?

Log length: 500 kilobytes, When the log file reached the limit, the system will uploaded it to the FTP server and if it is efficiently uploaded, the appliance will delete the log within the device to unfastened space.

Q17. What Is The Log Target Type For Sending The Logs To Email, What Is The Field Name That Has To Be Given A Value For Subject Representation Of An Email?

SMTP, forwards log entries as e-mail to the configured far off SNMP servers and email addresses. Before sending, the contents of the log may be encrypted or signed. The processing charge can be restricted.

Q18. What Is An Injection Attack?

SQL injection attacks are tries by means of malicious customers to get right of entry to or regulate database records to be had only to the web application. XPath injection assaults are attempts to get entry to or adjust XML facts.

Attackers regulate person-submitted requests to do the following:

Gain extra information approximately the shape of the database or XML facts

Obtain touchy statistics such as user names and passwords

Corrupt or delete information within the database.

Q19. What Is A Trust Store?

A agree with shop includes certificates from other parties that we assume to communicate with, or from Certificate Authorities that we believe to discover other events. For example, google (chrome) incorporates certificate of many groups or web sites. Whenever we browse that website the browser automatically take a look at the site for its certificates form the shop and evaluate it. If it is actual, google will add the ‘s’ on ‘HTTP’. That way we know that website is secured and believe worthy.

Q20. What Is Ssl?While It Encrypt & Decrypt The Data?

SSL are digital signed certificate. Consumer for meesage/verbal exchange integrity and confidentiality.  Generally encrypt at Sender aspect and decrypt at receiver side.

Q21. What Is An Injection Filter?

An injection filter out blocks requests that are taken into consideration probably to perform injection attacks. The filter out protects against injection attacks as follows:

Analyzes incoming requests and validates that the enter statistics is nicely-formed

Ensures that the request isn't always trying to alter SQL statements or XML facts embedded within the application

This safety is accomplished by making use of a number of normal expressions towards special elements of the HTTP request. Any in shape shows that the request is probably malicious and reasons the firewall to log, reject, or redirect the request.

Q22. Why Do We Need Log Target When There Is Already A Default Logging Mechanism Available In Datapower?

We need logtarget to seize messages which might be posted through the numerous gadgets and services which might be jogging at the equipment. In order to get a specific occasion or/and item log information, we make use of logtargets.

Q23. Give Three Popular Algorithms Used For Encryption?

Triple DES-uses three individual keys with 56 bits each. The overall key length provides as much as 168 bits, but professionals would argue that 112-bits in key strength is greater adore it.

RSA- is a public-key encryption set of rules and the same old for encrypting records sent over the net.

AES-it's miles extremely efficient in 128-bit shape, AES additionally uses keys of 192 and 256 bits for heavy responsibility encryption purposes.