1

Using an MQ Handler, which property holds the response queue name from DataPower?
A. GET Queue
B. PUT Queue
C. Request Queue
D. Response Queue

2
DataPower XSLT processor internally stores and processes XML data as what format?
A. UTF-8
B. UTF-64
O C. UTF-32
D. UTF-16

3
A Solution Implementer is investigating a SOAP service request in the Probe and finds some actions are
missing. What step should they perform to ensure all actions are displayed in the Probe?
A. Set the Rule direction to Both.
OB. Restart the domain and resubmit request.
C. Change the Match rule to URL with an asterisk as the value.
D. Add a transform action as the first action in the request rule.

4
Using the GatewayScript "session" object, how is the input context received by the service?
A. session.readAsBuffer(...)
B. session.INPUT.readAsBuffer(...)
C. session.message.readAsBuffer(...)
D. session.name("ServiceInput").readAsBuffer(...)

5
A DataPower Solution Implementer configured a REST API using the Multi-Protocol Gateway (MPGW)
service. One of the supported resources of this API is/clients. An HTTP GET /client request should return
a list of all the clients. The API consumer is complaining that the only response they are getting is an
"Internal Error". DataPower logs revealed the message "Request did not match allowed-feature list". What
can they do to solve this issue?
A. Enable the GET method option in the HTTPS Handler.
B. Change the Request Type property of the MPGW object from Non-XML to JSON.
C. Ask the API consumer to send an HTTP RETRIEVE/clients to retrieve the list of clients.
D. Add the API consumer IP address to the Access Control List object referenced by the HTTPS Handler.

6
Which solution makes it easier to promote code between environments?
A. Assigning hostnames on the gateway
B. Using the REST Management interface
C. Using static hosts and search domains
D. Inserting backend IPs into stylesheets

7
A Solution Implementer would like to use DataPower to secure and proxy communication with external
business partners. The transactions will be EDI via AS2, and the Solution Implementer would like to
configure a partner profile to define the routing of the messages. Which DataPower service would need to
be implemented to fulfill this requirement?
A. B2B Gateway
B. Web Service Proxy
C. Multi-Protocol Gateway
D. Web Application Firewall

8
When will an error processing rule be executed?
A. If no On Error Action is defined in the processing rule
B. When the Action in the processing rule and any subsequent Action has a recoverable error.
C. When it is defined in the processing rule and matches the error as defined in the On Error Action.
D. Only on the first error in a request or response unless the Error Count is set to zero after the rule
executes.
9
A maintenance window has been created for one hour with twelve tasks defined in the DataPower
Operations Dashboard. The 4th task takes one hour to complete. What happens to tasks 5-12?
A. They are failed
B. They are cancelled
C. They are executed
D. They are suspended
10
The mgt0 interface on a physical DataPower device provides the option for which feature?
A SAN connections
B. HMAC connections
C. IPMI connections
D. Console connections
11
Which pattern is suitable to implement in a DataPower Gateway virtual appliance?
A. Persistent messaging for JMS
B. Complex business and action rules
C. Process automation and optimization
D. Transport mediation (i.e. SFTP to MQ)

12

Which command displays a list of all domains with their memory usage in MB and their cache usage in
KB?
A. show load
B. show system status
C. show domains-memory
D. Domain memory usage can only be viewed in the WebGUI
13
While implementing a new SSL/TLS service with a client Partner there appears to be a connectivity issue.
What action can be used to determine where the problem is originating?
A. Change SSL ciphers
B. Perform a Packet Capture
C. Run System trace under Troubleshooting
D. Execute a System capture under Troubleshooting
14
What should be defined in a processing rule for a Solution Implementer to leave an audit log within one of
the services?
A. Log action
B. Audit log action
C. Event sink action
D. Results log action
15
Which is a best practice when creating a service as a RESTful facade?
A. Set the request message type to 'JSON'
B. Configure processing rules for each HTTP method
C. Set "Process Messages Whose Body Is Empty" to "off"
D. Always use a "Transform Binary" action to manipulate the message content
16

A Solution Implementer has installed the Application Optimization module in order to provide High
Availability for a cluster of DataPower Gateways and now is starting to configure the "primary" Gateway
for self-balancing. There is a need to have this Gateway be the main distributor of work to all of the others
in the cluster. How can the Solution Implementer ensure that when this Gateway is active it is the one
managing the work load distribution?
A. Assign master control of the VIP to this Gateway.
B. Set the Gateway startup configuration to list this Gateway first.
C. Set the Stand-By Control Priority to 100 for this Gateway and the others to some value of 90 or less.
D. Assign a 1 to the Stand-By Group Number on this Gateway and all others to some group between 5 and
10.
17
By default, the XML Management interface uses basic HTTPs authentication and which SSL certificate?
A. The self signed certificate that comes pre-installed
B. The IBM signed certificate that comes pre-installed
C. The self signed certificate that needs to be installed
D. The IBM signed certificate that needs to be installed
18
A Solution Implementer is using the GatewayScript action, and wants to use the Command Line Interface
debugger. How is the debugger enabled?
A. They must find the service and then click the "Enable Probe".
B. They must have a "breakpoint;" statement in the flow of the script.
C. They must click the "Enable Debug" in the GatewayScript Action and have a "debugger;" statement in
the flow of the script.
D. They must click the "Enable Probe in the Gateway Script Action and have a "breakpoint;" statement in
the flow of the script.
19

A company is looking to proxy an existing SOAP Web Service running on WebSphere Application Server
as a JSON REST API using DataPower for message transformation. What DataPower service and request
and response types should be part of this service configuration?
A. A Multi-Protocol Gateway with Request Type of JSON in the "Front side settings" and Response Type
of SOAP in the "Back side settings"
B. A Multi-Protocol Gateway with Request Type of SOAP in the "Front side settings" and Response Type
of JSON in the "Back side settings"
OC. A Web Service Proxy with Req-Type of JSON and Resp-Type of SOAP
D. A Web Service Proxy with Req-Type of SOAP and Resp-Type of JSON
20
Which IBM DataPower Gateway complies with security standard FIPS 140-2 Level 3?
A. IBM DataPower Gateway Virtual Appliance
B. IBM DataPower Gateway Physical Appliance
C IBM DataPower Gateway Virtual Appliance with HSM
D. IBM DataPower Gateway Physical Appliance with HSM
21
A Solution Implementer can ping a backend server using an address but not by using a name. What would
cause this issue?
A. There is a DNS name resolution problem
B. There is a Layer 8 issue on the network
C. The DataPower name resolver is not enabled
D. A firewall is blocking access to the computer by name
22
A Solution Implementer needs to copy a file from domain A to domain B. How can this requirement be
implemented?
A. DataPower domains are completely isolated from each other making this requirement impossible to be
fulfilled.
B. Domain A needs to be added to the list of "Visible application domains" in the domain B configuration.
C. Domain B needs to be added to the list of "Visible application domains" in the domain A configuration.
D. This can only be achieved using the command copy-file in the CLI.
23
A throttle setting can be configured to immediately restart the system when which of these resource types
has fallen below a specified threshold?
A. CPU
B. Memory
C. Message Address Space
D. Cooling Fan Speed
24
A Solution Implementer needs to implement a Multi-Protocol Gateway that exposes a traditional SOAP
based service for a new REST/JSON based Mobile application. What would need to be done for
DataPower to accept HTTP requests that may or may not have payloads?
A. Set Request Type to 'REST.
B. In 'XML' Threat Protection set 'Minimum Message Size' to zero.
C. In 'Advanced setting select Process Messages Whose Body Is Empty.
D. In the 'XML Manager configure JSON Settings object with 'Minimum Body Size' set to zero.

25
With a goal to encrypt a SOAP Message with XML encryption, the Solution Implementer has dragged the
Encrypt icon to the processing rule, specified the context of the message to process, selected Standard
XML Encryption (from the Envelope Method) and SOAP Message (from the Message Type).
In the scenario above, WS-Security uses the existing XML encryption specification to provide message
confidentiality. What additional capability is provided?
A. Self describing document for key creation and exchange
B. Provides an encryption dictionary for multiple consumers
C. Guarantees communication between one and only one consumer
D. The ability to secure message exchange between more than two parties
26

Which type of synchronization method will query the WSRR Server for an updated object after a specified
interval?
A Poll
B. Timer
C. Automatic
D. CRON Action
27
Which statement is true regarding DataPower's integration with IBM MQ?
A. DataPower requires its own Queue Manager.
B. A DataPower MQ Handler specifies a request queue and a reply queue, both on the same Queue
Manager.
C. A DataPower XML Firewall service is required for IBM MQ integration.
D. An MQ Handler cannot be configured on a Web Service Proxy.
28
Which is an IBM standard format supported by DataPower to represent JSON as XML?
A. JSONX
B. JSONI
C. JSONibm
D. JSONtoXML
29
When using a fetch action in asynchronous mode, what subsequent action is used to ensure processing
waits until the fetch action has completed before continuing?
A. For-each
B. Event-sink
C. Conditional
D. Results Asynchronous
30
In addition to the REST Management Interface, what is another management interface provided by
DataPower?
A. MQ Management Interface
B. AMP Management Interface
C. XML Management Interface
D. FTP Management Interface

1)

31
What can a Solution Implementer do to ensure that a Web proxy service will always succeed when trying
to connect to a backend service regardless of what certificate is being presented?
A. Configure an SSL Client Profile with the "Validate server certificate" property set to "off".
B. For security reasons, DataPower does not support connecting to any server that is not trusted by the
Crypto Validation Credentials object.
C. Configure an SSL Client Profile with the "Validate server certificate" property set to "on" and refer the
"Validation credentials" property to an empty Crypto Validation Credentials object.
D. Configure an SSL Client Profile with the "Validate server certificate" property set to "on", refer the
"Validation credentials" property to an empty Crypto Validation Credentials object and turn on the "Permit
connections to insecure SSL servers" option.
32
There is a requirement to only allow 100 transactions per second to a particular URL. This requirement
can be achieved by which feature of DataPower?
OA. Processing Policy Error Rule
B. Service Level Monitoring Policy
C. Configure AAA Action to reject on rate
D. Set throttle limits on Load Balancer Group Members
33
What are two capabilities of the Web Application Firewall (WAF)?
A. Rate limiting
B. Dynamic back-end routing
C. Cognitive form processing
D. Automatic form validation
E. Authentication and authorization
34

Which approach should a Solution Implementer use to handle an error that occurs within a processing rule
and then abort the transaction?
А. Оn-Error Rule
B. On-Error Abort
C. On-Error Action
D. Failure Notification Action
35
Why is it not a good practice to manually modify the 'APICMgmt’ domain in DataPower?
A. All modifications can be lost
B. It can impact in the performance of API connect
C. The gateway can transition to out an of sync state
D. The API Connect will detect changes and overwrite them
36
DataPower supports multi-tenancy for gateway workloads. This feature enables runtime isolation and
enhanced operational resiliency. How many CPU threads can be allocated among tenants in a physical
appliance of type 8436?
A. 16
B. 24
C. 32
D. 40
37
What is the purpose of an event suppression filter?
A. To keep a specific event from being written to the logs
B. To keep events from the log except for specifically defined ones
C. To capture specific events that are lower category than the current log level
D. To capture non-fatal events handled by an error routine within a processing policy
38
When configuring a FTP B2B service that contains binary information, what needs to be configured to
ensure that the transaction is processed by DataPower?
A. Configure XPATH routing
B. Parse the ISA and UNA headers
C. Set Document Routing Preprocessor
D. Add a CPA include CPA ID and Partner Profiles
39
Which domain contains system level configuration of DataPower?
A. Local domain
B. Default domain
C. System domain
D. Application domain
40
For a bank's mobile banking application, each transaction going through DataPower is authenticated
against an authentication server on a very slow network link. The solution designer wants to cache the
authentication response for a short period of time which will improve performance. Where is the
authentication caching set?
A. In the AAA Policy's extraction settings
B. In the XML Manager used by this service
C. In the Service's main configuration page
D. In the AAA Policy's authentication settings
41
What would be the results of setting the disable expired certificates in a crypto certificate monitor to true?
A. Expired certificates can disable DataPower services.
B. Expired certificates can disable a DataPower gateway entirely.
C. Expired certificates can disable their certificate aliases only.
D. Expired certificates can cause the DataPower Gateway to reboot.
42
Which statement is true regarding JWE/JWS Recipient Identifiers?
A. The identifiers are case sensitive.
B. When identifiers are used, encryption/decryption must use a shared secret key.
C. The identifiers are only valid when using the General JWS JSON Serialization Syntax.
D. The A256GCM algorithm should be used when the length of the identifier is more than 8 characters.
43
Security requirements state that one of the results field's data and element name must be encrypted before
the information is sent back to the client. What must be created to specify which specific data and element
name to encrypt?
A. Cipher Rules
B. Document Crypto Map
C. Encryption XPath object
D. Field-based Encryption Alias
44
Which Data Power CLI command would be used to test the IPv6 address of server01?
A. ping -s server01
B. ping -6 server01
C. ping -a server01
D. ping -v 6 server01
45
A request error is found while viewing the default system log. If the Probe is enabled, how would the
exact referenced request be found?
A. View by Message ID
B. Match the Date/Time
C. Match the Transaction ID
D. View the Transaction History
46
Which is an available module in IBM DataPower Gateway?
A. MQ Module
B. CICS Module
C. TIBCO EMS Module
D. Secure Gateway Module

What is the Access Control List (ACL) used for in DataPower Gateway?
A. Define a list of users allowed to login to Gateway
B. Define a list containing all administrators of Gateway
C. Define a list or range of ports to connect or not connect to the Gateway
D. Define a list or range of IP addresses allowed to connect or not connect to the Gateway
47
Which statement is true regarding full audit level but not standard audit level?
A. Actions against files are logged
B. Decisions on information flow are logged
C. All activity through the serial console is logged
D. All actions an administrator initiates are logged
48
When the DataPower Gateway acts as the enforcement point for a resource server, it validates access
tokens by using a validation URL. Where can the validation URL be specified?
A. In the XML Validate profile
B. In the Token Profile configuration
C. In the Dynamic Custom configuration
D. In the OAuth Client Profile configuration
49
What are two examples of Message-level Threat protection?
A. Configuring AAA actions
B. Configuring Decrypt actions
C. Configuring a Multi-Threat action
D. Configuring XML Virus Protection
E. Configuring SQL injection filtering
50
The name of a back-end resource is embedded in a REST based XML message. What option in an AAA
action should be used to extract the resource name for the Authorization phase?
A. XPath Expression
B. Resource Identifier
C. Identity Extraction Token
D. Local Name of Request Element
51
A customer wants to create a service that integrates with a database. What are two database types that are
supported in the SQL Data Source object?
A. MySQL
B. Oracle
C. Informix
D. Firebase
E. Microsoft SQL Server
52
A Solution Implementer has created a service that uses the Log Action to send log information to a remote
service for audit purposes. During testing they notice a significant amount of time spent in the Log Action.
How can they reduce the amount of time it takes to log this information?
A. Set the Asynchronous option to on in the Log Action configuration.
B. The Log Action is synchronous, the Asynchronous Log Action must be used.
C. Configure the appropriate Log Action to use an asynchronous protocol.
D. Set the Log destination to be a messaging layer instead of directly to the database
53
In the GUI, what is shown when selecting Object Status (Status->Main->Object Status)?
A. The IP and Port number of services in a domain
B. The time on the device since the last Reboot (not Reload)
C. The time on the device since the last Reload (not Reboot)
D. The state of objects and their child objects in a given domain
54
Which of the following load balancing algorithms or capabilities requires the application optimization
module?
A. Round Robin
B. On Demand Routing
C. Weighted least connections
D. MQ Cluster workload balancing
55
Which solution will put an initialized appliance into FIPS 140-2 mode?
A. Removing all ciphers banned under NIST SP800-131a
B. Upgrading the firmware to one that supports FIPS 140-2
C. Issuing the CLI command fips-140-2 enable and restarting the appliance
D. Issuing the CLI command crypto-mode-set fips-140-2-11 and reloading the firmware

56
When configuring the Envelope method and "Enveloping Method" is selected, what is the signature over?
A. The signature is on the content found in the JSON header.
B. The signature is on the content found within an Object element.
C. The signature is on the content found in the SOAP header entry.
D. The signature is on the XML content that contains the signature as an element. The content provides
the root XML document element.

57

What are two ways to revoke an OAuth access token across DataPower instances?
A. Configure "Token cache" in the OAuth Client profile
B. Set up a Quota Enforcement Server between each DataPower instance and configure "Distributed
caching" in the OAuth Client Profile.
C. Turn on introspection format in the OAuth Client profile.
D. Configure a "Validation URL" in the OAuth Client profile and implement an external application to
revoke tokens.
E. Set up an OAuth Peer group between each DataPower instance and configure "Distributed caching" in
the OAuth Client Profile.

58

When configuring Link Aggregation on DataPower, which action must be taken to ensure the Aggregate
Interface becomes active?
A. Disable the Ethernet interface before adding it to the Aggregate Interface configuration
B. Enable the Ethernet interface before adding it to the Aggregate Interface configuration
C. Configure each Ethernet interface in the aggregate interface with the Link aggregation mode property
D. Configure each Ethernet interface in the aggregate interface with the Default IPv4/IPv6 Gateway