12/7/07

Some Definitions

proxy server



In an enterprise that uses the Internet, a proxy server is a server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion.
A proxy server receives a request for an Internet service (such as a Web page request) from a user. If it passes filtering requirements, the proxy server, assuming it is also a cache server, looks in its local cache of previously downloaded Web pages. If it finds the page, it returns it to the user without needing to forward the request to the Internet. If the page is not in the cache, the proxy server, acting as a client on behalf of the user, uses one of its own IP addresses to request the page from the server out on the Internet. When the page is returned, the proxy server relates it to the original request and forwards it on to the user.



To the user, the proxy server is invisible; all Internet requests and returned responses appear to be directly with the addressed Internet server. (The proxy is not quite invisible; its IP address has to be specified as a configuration option to the browser or other protocol program.)



An advantage of a proxy server is that its cache can serve all users. If one or more Internet sites are frequently requested, these are likely to be in the proxy's cache, which will improve user response time. In fact, there are special servers called cache servers. A proxy can also do logging.



The functions of proxy, firewall, and caching can be in separate server programs or combined in a single package. Different server programs can be in different computers. For example, a proxy server may in the same machine with a firewall server or it may be on a separate server and forward requests through the firewall.


gateway

A gateway is a network point that acts as an entrance to another network. On the Internet, a node or stopping point can be either a gateway node or a host (end-point) node. Both the computers of Internet users and the computers that serve pages to users are host nodes. The computers that control traffic within your company's network or at your local Internet service provider (ISP) are gateway nodes.
In the network for an enterprise, a computer server acting as a gateway node is often also acting as a proxy server and a firewall server. A gateway is often associated with both a router, which knows where to direct a given packet of data that arrives at the gateway, and a switch, which furnishes the actual path in and out of the gateway for a given packet.




node

In a network, a node is a connection point, either a redistribution point or an end point for data transmissions. In general, a node has programmed or engineered capability to recognize and process or forward transmissions to other nodes.



router


In packet-switched networks such as the Internet, a router is a device or, in some cases, software in a computer, that determines the next network point to which a packet should be forwarded toward its destination. The router is connected to at least two networks and decides which way to send each information packet based on its current understanding of the state of the networks it is connected to. A router is located at any gateway (where one network meets another), including each point-of-presence on the Internet. A router is often included as part of a network switch.



A router may create or maintain a table of the available routes and their conditions and use this information along with distance and cost algorithms to determine the best route for a given packet. Typically, a packet may travel through a number of network points with routers before arriving at its destination. Routing is a function associated with the Network layer (layer 3) in the standard model of network programming, the Open Systems Interconnection (OSI) model. A layer-3 switch is a switch that can perform routing functions.



An edge router is a router that interfaces with an asynchronous transfer mode (ATM) network. A brouter is a network bridge combined with a router.



For home and business computer users who have high-speed Internet connections such as cable, satellite, or DSL, a router can act as a hardware firewall. This is true even if the home or business has only one computer. Many engineers believe that the use of a router provides better protection against hacking than a software firewall, because no computer Internet Protocol address are directly exposed to the Internet. This makes port scans (a technique for exploring weaknesses) essentially impossible. In addition, a router does not consume computer resources as a software firewall does. Commercially manufactured routers are easy to install, reasonably priced, and available for hard-wired or wireless networks.




switch


In a telecommunications network, a switch is a device that channels incoming data from any of multiple input ports to the specific output port that will take the data toward its intended destination. In the traditional circuit-switched telephone network, one or more switches are used to set up a dedicated though temporary connection or circuit for an exchange between two or more parties. On an Ethernet local area network (LAN), a switch determines from the physical device (Media Access Control or MAC) address in each incoming message frame which output port to forward it to and out of. In a wide area packet-switched network such as the Internet, a switch determines from the IP address in each packet which output port to use for the next part of its trip to the intended destination.


In the Open Systems Interconnection (OSI) communications model, a switch performs the layer 2 or Data-Link layer function. That is, it simply looks at each packet or data unit and determines from a physical address (the "MAC address") which device a data unit is intended for and switches it out toward that device. However, in wide area networks such as the Internet, the destination address requires a look-up in a routing table by a device known as a router. Some newer switches also perform routing functions (layer 3 or the Network layer functions in OSI) and are sometimes called IP switches.


On larger networks, the trip from one switch point to another in the network is called a hop. The time a switch takes to figure out where to forward a data unit is called its latency. The price paid for having the flexibility that switches provide in a network is this latency. Switches are found at the backbone and gateway levels of a network where one network connects with another and at the subnetwork level where data is being forwarded close to its destination or origin. The former are often known as core switches and the latter as desktop switches.


In the simplest networks, a switch is not required for messages that are sent and received within the network. For example, a local area network may be organized in a Token Ring or bus arrangement in which each possible destination inspects each message and reads any message with its address.


Circuit-Switching version Packet-Switching
A network's paths can be used exclusively for a certain duration by two or more parties and then switched for use to another set of parties. This type of "switching" is known as circuit-switching and is really a dedicated and continuously connected path for its duration. Today, an ordinary voice phone call generally uses circuit-switching.

Most data today is sent, using digital signals, over networks that use packet-switching. Using packet-switching, all network users can share the same paths at the same time and the particular route a data unit travels can be varied as conditions change. In packet-switching, a message is divided into packets, which are units of a certain number of bytes. The network addresses of the sender and of the destination are added to the packet. Each network point looks at the packet to see where to send it next. Packets in the same message may travel different routes and may not arrive in the same order that they were sent. At the destination, the packets in a message are collected and reassembled into the original message.


layer 2


Layer 2 refers to the Data Link layer of the commonly-referenced multilayered communication model, Open Systems Interconnection (OSI). The Data Link layer is concerned with moving data across the physical links in the network. In a network, the switch is a device that redirects data messages at the layer 2 level, using the destination Media Access Control (MAC) address to determine where to direct the message.

The Data-Link layer contains two sublayers that are described in the IEEE-802 LAN standards:


->Media Access Control (MAC) sublayer
->Logical Link Control (LLC) sublayer
->The Data Link layer ensures that an initial connection has been set up, divides output data into data frames, and handles the acknowledgements from a receiver that the data arrived successfully. It also ensures that incoming data has been received successfully by analyzing bit patterns at special places in the frames.




bridge


In telecommunication networks, a bridge is a product that connects a local area network (LAN) to another local area network that uses the same protocol (for example, Ethernet or Token Ring). You can envision a bridge as being a device that decides whether a message from you to someone else is going to the local area network in your building or to someone on the local area network in the building across the street. A bridge examines each message on a LAN, "passing" those known to be within the same LAN, and forwarding those known to be on the other interconnected LAN (or LANs).

In bridging networks, computer or node addresses have no specific relationship to location. For this reason, messages are sent out to every address on the network and accepted only by the intended destination node. Bridges learn which addresses are on which network and develop a learning table so that subsequent messages can be forwarded to the right network.


Bridging networks are generally always interconnected local area networks since broadcasting every message to all possible destinations would flood a larger network with unnecessary traffic. For this reason, router networks such as the Internet use a scheme that assigns addresses to nodes so that a message or packet can be forwarded only in one general direction rather than forwarded in all directions.


A bridge works at the data-link (physical network) level of a network, copying a data frame from one network to the next network along the communications path.


A bridge is sometimes combined with a router in a product called a brouter.


firewall


A firewall is a set of related programs, located at a network gateway server, that protects the resources of a private network from users from other networks. (The term also implies the security policy that is used with the programs.) An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to.
Basically, a firewall, working closely with a router program, examines each network packet to determine whether to forward it toward its destination. A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users. A firewall is often installed in a specially designated computer separate from the rest of the network so that no incoming request can get directly at private network resources.


There are a number of firewall screening methods. A simple one is to screen requests to make sure they come from acceptable (previously identified) domain name and Internet Protocol addresses. For mobile users, firewalls allow remote access in to the private network by the use of secure logon procedures and authentication certificates.


A number of companies make firewall products. Features include logging and reporting, automatic alarms at given thresholds of attack, and a graphical user interface for controlling the firewall.


Computer security borrows this term from firefighting, where it originated. In firefighting, a firewall is a barrier established to prevent the spread of fire.




reverse proxy server


A reverse proxy server is a proxy server that relays connection requests for inbound network traffic


Web Proxies


A proxy server is a gateway for users to the Web at large. Users configure the proxy in their browser settings, and all HTTP requests are routed via the proxy. Proxies are typically operated by ISPs and network administrators, and serve several purposes: for example,


->to speed access to the Web by caching pages fetched, so that popular pages don't have to be re-fetched for every user who views them.
->to enable controlled access to the web for users behind a firewall.
->to filter or transform web content.


Reverse Proxies


A reverse proxy is a gateway for servers, and enables one web server to provide content from another transparently. As with a standard proxy, a reverse proxy may serve to improve performance of the web by caching; this is a simple way to mirror a website. But the most common reason to run a reverse proxy is to enable controlled access from the Web at large to servers behind a firewall.


The proxied server may be a webserver itself, or it may be an application server using a different protocol, or an application server with just rudimentary HTTP that needs to be shielded from the web at large. Since 2004, reverse proxying has been the preferred method of deploying JAVA/Tomcat applications on the Web, replacing the old mod_jk (itself a special-purpose reverse proxy module).


The Funda of Reverse Proxy - The web server will service any HTTP or HTTPS requests and CAN operate in reverse proxy mode. In this mode, the destination server will be hidden from the user and all requests will appear as though they are being fulfilled at the proxy. The web agent acts as a filter for requests directed to the proxy server. The web agent will intercept all requests directed to the web server where it is loaded and will communicate with SiteMinder to determine if the requested resource is protected. If the resource is protected, the web agent will challenge the user to provide an authorised set of credentials. Otherwise, the request is release to the web server for processing.

9/24/07

tar tips

If you want to make a tar of a folder, a typical examle :-
You have a mount, say, /servermount/swfcopy, in which you have to copy a folder foo to ur box.
Do like this
cd /servermount/swfcopy
tar cvf /where_to_keep_folder/filename.tar ./foo
say, tar cvf /export/home/myfolder/foo.tar ./foo

8/13/07

Test 252

Question 1: A WSAS administrator needs to plan a WSAS topology to allow for firewalls and DMZ. Which of the following topologies would meet this goal?

A. Multiple cells
Question 2: A WSAS administrator monitoring the performance of an Entity Bean EJB in a WSAS application, notices a lot of lock escalations and deadlocks in the underlying database. Which of the following deployment descriptors could cause this problem?

A. EJB methods are not marked with forUpdate flag.
B. EJB methods are marked with multiVersionControl flag.
C. EJB methods are marked with readOnly flag.
D. EJB methods are marked with treeLocking flag.
E. EJB methods are marked with useIntentLock flag.
Question 3: While deploying an EJB application, the WSAS administrator notices the following error:

WSVR0040E: addEjbModule failed for MyApp-EJB.jar [class com.ibm.ws.runtime.component.DeployedModuleImpl] java.lang.NoClassDefFoundError: com/ibm/ejs/ras/Tr

Which of the following could cause the error?

A. The WSAS installation is missing the EJB deployment library.
B. Security permissions are not given for the application in the installation_root\properties\server.policy file
C. The EJB jar file first has not been encapsulated in a J2EE EAR file.
D. The EJBrmic tool has not been run prior to deploying.
E. The EJB jar file has a misconfigured ejb-jar.xml file.
me: Possible causes of this error include:

Security permissions are not given for the application in the installation_root\properties\server.policy file.
Check the server.policy file to see if the security permissions are given for the application.

Give permissions for the application in the server.policy file. For example:

//purchaseOrder permission
grant codeBase "file:${was.install.root}/installedApps/myApp.ear/-"{
permission java.security.AllPermission;
};
where myApp.ear is the application name.

A was.policy file does not exist in the application/META-INF directory, while deploying the application to the server.
Check for syntax errors in the was.policy file in theapplication\META-INF directory and make sure the application ear file name is given correctly.
Create a was.policy file in the EAR of the application containing the problem enterprise bean, under the application\META-INF directory with the following contents:
// WebSphere Application Server Security Policy for the application you are running
grant codeBase "file:myApp.ear"
{
permission java.security.AllPermission;
};
.

Exception: Class must implement the inherited abstract method AnnuityHolder20BeanCacheEntry_25ce2e23.setACustEmail(String)

The following error might appear when you use the Application Server Toolkit (ASTK) to regenerate deployment code.

Description:Class must implement the inherited abstract method
AnnuityHolder20BeanCacheEntry_25ce2e23.setACustEmail(String)
On Resource:AnnuityHolder20BeanCacheEntryImpl_25ce2e23.java
In Folder:Annuity20EJB/ejbModule/com/ibm/wssvt/tc/pli/ejb/websphere_deploy/DB2UDBNT_V72_1This error occurs because when you regenerate the deployment code, the old code is not deleted.

To correct this problem delete the folder com.ibm.wssvt.tc.pli.ejb.websphere_deploy.DB2UDBNT_V72_1


Question 4: A WSAS administrator notices the following error in the SystemOut.log:

javax.jms.InvalidDestinationException:
MQJMS0003: Destination not understood or no longer valid.

Which of the following could have caused this error?

A. The JMS destination requires IIOP protocol for access. The JMS client is using the default JMS message protocol.
B. The JMS destination is running on a non-WebSphere environment.
C. The JMS destination was accidentally deleted.
D. The JNDI binding to the destination was changed.
E. The JMS destination is listening on a non standard TCP port.
me: http://www-1.ibm.com/support/docview.wss?uid=swg1IY60708
PROBLEM SUMMARY:
This problem is caused by using JMS interfaces to access MQ JMS
classes (i.e. casting a com.ibm.mq.MQQueue to a
javax.jms.Queue).

The use of an (instanceof MQQueue) test was returning false
when an MQQueue object had been cast as a javax.jms.Queue. The
logic then treated this as an invalid object, and threw an
InvalidDestinationException.

Question 5: An administrator manages a WSAS deployment for a stock brokerage firm. The firm receives stock feeds from several exchanges. The current WebSphere Express configuration is running into performance issues as more stock feeds are added. Which of the following are valid approaches to address the problem?

A. Increase the weight assigned to the node running the Express configuration.
B. Run standalone JMS servers using the Network Configuration.
C. Reduce the frequency of commits to disk.
D. Increase the JVM garbage collection interval.
E. Throttle the rate at which stock feeds arrive by using the WSAS live feed manager.
Question 6: A JavaMail application running on a WSAS server is throwing "name not found" JNDI exceptions. Which of the following are valid resolutions for this problem?

A. Ensure recipient's email address is valid.
B. Ensure the SMTP or POP3 username is registered in JNDI name space.
C. Ensure the JavaMail security deployment descriptors allow SMTP relaying.
D. Ensure the JavaMail session object name is registered in the application servers name space using the administrative console.
E. Ensure the sender's email address is not on a SPAM block list.

Question 7: Which of the following changes to the session database will improve the performance of the WSAS session management module?

A. Striping the database across multiple disk drives
B. Database buffer pool tuning
C. Creating database index on session ID
D. Using multi-row sessions
E. Using database generated physical row ID instead of WSAS generated session ID
Question 8: A WSAS application has modules that depend on native code using Java's JNI facility. Which of the following are valid approaches to deploy this application?

A. Put the modules using JNI on a static classpath.
B. For the application classloader, turn on the JNI mode.
C. Copy the modules using JNI to the WEB-INF/lib/jni directory.
D. Put the application modules on the classpath of the JNIClassLoader.
E. Setup a module classloader with the native library path on its classpath.
Question 9: An administrator at a WSAS site needs to setup strong security such that only well known Web clients are allowed access. Which of the following are valid methods to meet this goal?

A. Use Web client IP based access control in WSAS HTTP server.
B. Turn on SSL based encryption in the WSAS HTTP server.
C. Use Web client certificates that are signed by a Certificate Authority (CA) trusted by the WSAS HTTP server.
D. Use realm based HTTP digest authentication between the Web clients and WSAS server.
E. Turn on HTTP cookie based Web client tracking in the WSAS HTTP server.
Question 10: A WSAS application server has been running normally for several weeks when the associated Node Agent server crashes. Which of the following situations will result from this server failure?

A. The application server configuration data cannot be updated.
B. The WSAS cell can not be reconfigured till the attached Node Agent is restarted.
C. The application server JVM will stop soon after.
D. From other nodes, remote EJB invocations will stop working.
E. The message driven beans (MDB) will no longer be accessible.
Question 11: Which of the following steps must be completed in order to use the WSAS Administrative Console?

A. Configure the password used to access the Deployment Manager using the wspasswd tool.
B. Complete the installation of the Deployment Manager using the dmgrSetup tool.
C. Install the J2EE application contained in adminconsole.ear.
D. Ensure the Deployment Manager is running via startManager tool.
E. Configure the administrative database used by the Deployment Manager using the dmgrDatabase tool.
Question 12: To distribute workload across a cluster of WSAS servers, an administrator would like to use an external hardware loadbalancer instead of using WSAS plug-in based load balancing. Which of the following setup methods would allow an external hardware loadbalancer to be used?

A. In the DNS A entry, point to the hardware loadbalancer.
B. Modify the loadbalancer-cfg.xml and specify the Ethernet MAC address of the hardware loadbalancer.
C. Configure the hardware loadbalancer to redirect to port 80 of WSAS HTTP server.
D. In the plugin-cfg.xml specify the ClusterAddress to point to the IP of the hardware loadbalancer.
E. Install the external loadbalancer extensions module in the WSAS cluster manger.
Question 13: A WSAS administrator at an insurance exchange, is trying to setup access to a WebSphere nameserver from a BEA WebLogic application server environment. Which of the following are valid approaches to address this issue?

A. Use a corbaloc URL that has an object key of NameServiceServerRoot
B. Setup a JNDI server proxy for the WSAS nameserver.
C. Export the WSAS namespace using the CORBA CosNaming import facility.
D. Use a remoteCorbaProvider URL that points to a valid WSAS bootstrap server.
E. Use the J2EE Interoperable Naming Service (INS).
Question 14: A WSAS administrator is performing a full application upgrade. The current version of the application has several bindings that need to be merged with the bindings from the new version of the application. Which of the following statements about the merge process supported by WSAS are valid?

A. If new bindings are not present for existing application artifacts, then the current installed version’s bindings will be used.
B. If the bindings conflict and a conflict resolution script is specified, the resolution script would be used to resolve the conflicts.
C. If the new version has bindings for application artifacts, then these will be part of the merged binding information.
D. If bindings are not present in the old version and if the default binding generation option is disabled, then the default bindings will be part of the merged binding information.
E. The administrator has the opportunity to change any of the merged deployment bindings before finally applying the upgrade.
Question 15: Which of the following WSAS configuration options require the installation of a Web server plug-in?

A. To connect with WSAS XML Web Services
B. To increase the performance of the WSAS servlet container
C. To run a WSAS instance inside the firewall
D. To connect with the WSAS Tivoli performance viewer
E. To connect with the EJB container in WSAS using Web transport
Question 16: A B2B Web site uses HTTP/SSL for all requests from the Web client. The WSAS administrator wants to take advantage of this setup by using SSL based session ID for tracking user sessions. Which of the following scenarios would cause SSL based session tracking to not work?

A. Cookies or URL rewriting is not used to maintain session affinity in a clustered environment.
B. The SSL session ID for some Web clients is not compatible with WSAS session ID format.
C. The Web client is using certificate-based client-authentication.
D. Web browsers might not leave the SSL session ID active long enough to be useful as a mechanism for session tracking.
E. If the SSL version 2 protocol is being used, it does not generate a SSL session ID.
Question 17: Which of the following situations can cause the WSAS EJB container to generate a system core dump file on an AIX machine running an EJB application?

A. The EJB container was sent a HUP POSIX signal.
B. The IBM Tivoli EJB resource monitoring agent embedded in the EJB container generated log events in the system core file.
C. The WSAS debug adapter could not attach to the EJB container JVM and, therefore, created a system core file.
D. The JNI component invoked by an EJB had a memory related bug.
E. The stateful EJBs were passivated into the disk-based system core file.
Question 18: A WSAS administrator observes that many incoming connections to the ORB used for remote IIOP requests to EJBs are being rejected. Which of the following are valid tuning options for the WebSphere ORB?

A. Increase the connection pool size in the ORB.
B. Use persistent connections in the ORB.
C. Increase the listen queue length specified by com.ibm.CORBA.ServerSocketQueueDepth.
D. Increase the connection keep-alive timeout.
E. Use UDP instead of TCP for RMI/IIOP connections to the ORB.
me: com.ibm.CORBA.ServerSocketQueueDepth
This property corresponds to the length of the TCP/IP stack listen queue and prevents WebSphere Application Server from rejecting requests when there is not space in the listen queue. If there are several simultaneous clients connecting to the server-side ORB, you can increase this parameter to support up to 1000 clients. The default value is 50. A valid range is between 50 and the maximum Java int value.
Question 19: An administrator managing a WSAS node, notices the following error in WSAS system log when an application server tries to start up:

WsServer E WSVR0003E: Server WebHAbbMember3 failed to start
com.ibm.ws.exception.RuntimeError
at com.ibm.ws.runtime.component.ORBImpl.start(ORBImpl.java:227)
at
com.ibm.ws.runtime.component.ContainerImpl.startComponents(ContainerImpl.java:3
43)
at com.ibm.ws.runtime.component.ContainerImpl.start(ContainerImpl.java:234)
at com.ibm.ws.runtime.component.ServerImpl.start(ServerImpl.java:180)
at com.ibm.ws.runtime.WsServer.start(WsServer.java:135)
at com.ibm.ws.runtime.WsServer.main(WsServer.java:232)
at java.lang.reflect.Method.invoke(Native Method)
at com.ibm.ws.bootstrap.WSLauncher.main(WSLauncher.java:94)
---- Begin backtrace for nested exception
com.ibm.ejs.EJSException: Could not register with Location Service Daemon;
nested exception is:
org.omg.CORBA.TRANSIENT: Host unreachable:
connect:host=10.2.90.84,port=9900 minor code: 4942F301 completed: No
org.omg.CORBA.TRANSIENT: Host unreachable: connect:host=10.2.90.84,port=9900
minor code: 4942F301 completed: No
at
com.ibm.CORBA.transport.TransportConnectionBase.connect(TransportConnectionBase
.java:338)

Which of the following situations could cause this error?

A. The WSAS ORB failed to start because ORB port 9900 is in use.
B. The EJB server with IP 10.2.90.84 is not running.
C. The Node Agent is not running.
D. The EJB container failed to authenticate with Location Service Daemon (LSD) and hence EJBs could not be registered with LSD.
E. The Deployment Manager is not running.
me: Software > Application Servers >

Server not starting after enabling Security with exceptions WSVR0003E and ADMC0019E
Technote (FAQ)

Problem
After enabling security, the application server does not start up (in this case, DMGR and nodeAgent comes up but not the servers).

Cause
When security is enabled, the SOAP connector needs to obtain the Secure Sockets Layer (SSL) configuration to intialize the SSL server socket. The error occurs when no SSL configuration is specified for the secure SOAP connector.
The error stack would look like this:
[12/27/06 14:19:33:297 EST] e28a61 WsServer E WSVR0003E: Server
server_name failed to start
com.ibm.ws.exception.RuntimeError
at
com.ibm.ws.security.core.ServerSecurityComponentImpl.start(ServerSecurit
yComponentImpl.java:206)

Question 20: An administrator deploying EJBs in a WSAS cell does not want to hardwire the path to the EJB objects or host:port of the nameserver in the JNDI name space. Which of the following bindings can the administrator use?

A. Indirect Name Binding
B. Simple Name Binding
C. CORBA Name Binding
D. Compound Name Binding
E. Federated Name Binding
Question 21: An administrator at an application hosting company needs to setup a WSAS deployment topology for easy site maintenance. The site needs to be frequently upgraded to meet the throughput requirements of the hosted applications. Which of the following deployment topologies represent valid choices for meeting the above requirement?

A. Setup WSAS with multiple hot standby servers.
B. Setup a horizontally scalable WSAS topology with an IP sprayer at the network edge.
C. Create a WSAS cell with a process pair topology.
D. Setup WSAS on a SMP machine with a large number of CPUs.
E. Mirror the WSAS instances on a secondary box.
Question 22: A WSAS administrator is trying to choose between several different global sharing policies for cache replication in WSAS. Which of the following are valid tradeoffs in selecting a policy?

A. The Not Shared policy offers better overall memory utilization.
B. A disadvantage of the Push policy is that caches are not synchronized.
C. With Push and Pull policy, retrieving the content from the remote cache can take longer compared to the local cache.
D. An advantage of the Push and Pull policy is that the content is distributed immediately.
E. The Synchronous policy offers the best cache coherency.
Question 23: A WSAS administrator is having trouble keeping the Web site available when the production database server goes down. The WSAS based Web site uses the production database for session persistence. Which of the following are valid approaches to increase the availability of the site while still providing session persistence?

A. Use WebSphere internal messaging instead of database persistence
B. Use database replication
C. Use WebSphere Process Group based sessions
D. Use WebSphere cluster with in-memory only sessions
E. Use distributed coordination engine-based sessions
Question 24: A WSAS administrator has been struggling to get the WebSphere installation to work as expected. After several re-tries and re-installs, the administrator decides to contact IBM WebSphere Technical Support. Which of the following are valid approaches to communicating information about a current WSAS installation to IBM Support?

A. Run the collector.sh tool and send the -ND|Base-WASenv.jar file to IBM Support.
B. Create a disk image of the WSAS machine and ship it to IBM Support.
C. Run the validate-wsas-env perl script and let it automatically send an email to IBM Support.
D. Create a tar ball of the current WSAS install-logs directory and send it to IBM Support.
E. Run the WSAS LogAnalyzer with the Failure Data Capture Log option and send the logs to IBM Support.
Question 25: Which of the following server types are supported by WSAS?

A. LDAP Server
B. Application Server
C. JMS Server
D. CORBA Object Server
E. Event Server
Question 26: A WSAS based supply-chain application, needs to deployed onsite at several suppliers' data centers. Multiple authentication schemes are in use at these data centers. Short of customizing the application for each supplier, which of the following are valid approaches to deal with heterogeneous authentication schemes?

A. Use security role mapping at each supplier
B. Use WS-Security Gateway
C. Use CSIv2 Single Sign On
D. Use JAAS-based login modules
E. Use the RunAs deployment descriptor
Question 27: Which of the following are valid WSAS classloaders?

A. WebSphere JNDI classloader
B. JCA Resource Archive classloader
C. Web Archive classloader
D. EJB Archive classloader
E. JMS Archive classloader
Question 28: Which of the following components can be declared in a WSAS EAR file?

A. JDBC DataSource objects
B. JMX MBeans
C. JMS ConnectionFactory and Destination objects
D. Classes that are triggered when an application is deployed or un-deployed
E. Native libraries required to implement a JCA resource adapter
Question 29: Which of the following are valid reasons for choosing WebSphere MQ JMS provider over the WebSphere embedded JMS provider?

A. Multi-broker capability
B. Support for communication with non-JMS destinations
C. Full compliance with the J2EE 1.3 specifications
D. Support for clusters
E. Support for Point-to-Point messaging
Question 29: A WSAS administrator recently encountered a disaster scenario whereby the entire cluster failed causing all the remote EJBs to be unavailable. Which of the following are valid approaches to deal with this?

A. Set up a cluster watchdog to restart the cluster.
B. Set up a backup cluster.
C. Run more EJB servers in the cluster.
D. Reduce the cluster failure probability by using weighted round-robin workload management between cluster members.
E. Use a hardware workload balancer instead of WSAS software based workload management.
Question 31: A WSAS administrator checks the status of the servers on the local node using the command below:

$ serverStatus.sh -all

Which of the following statements provides a possible result of the command execution?

A. The status of all the servers excluding the node agent are reported.
B. The command reads the node’s local serverindex.xml configuration file to determine the JMX connector ports for each of the servers on the node.
C. The /logs/allServerStatus.log contains the status of all the servers.
D. The command will fail if it is not run from the bin directory of the server installation root: /bin.
E. The command bypasses any WebSphere security that the administrator might have setup.
Question 32: A popular sports Web site running WSAS uses local session management. The administrator notices that on the days when key matches are played, the WSAS server crashes frequently with out of memory exceptions. Which of the following could cause this problem?

A. The Allow overflow setting on the session manager is enabled.
B. The WSAS instance is running out of TCP buffer space when handling a large number of simultaneous connections.
C. WSAS is running out of SWAP space.
D. The first session cache is using the default settings which permit an unlimited number of in-memory sessions.
E. The WSAS JVM is configured to use the mark and sweep heap garbage collector.
Question 33: A WSAS administrator notices the following exception when deploying a J2EE application in WSAS:

ConnectionFac E J2CA0102E: Invalid EJB component: Cannot use an EJB module with version 1.1 using The Relational Resource Adapter

Which of the following could cause this problem?

A. An EJB developed to the EJB 1.1 specification is deployed with a WebSphere Application Server Version 5 J2C-compliant data source.
B. The EJB module is using WSAS version 1.1 style deployment descriptors.
C. The EJB interfaces were compiled using EJB 1.1 based WSAS rmic compiler.
D. The WSAS JCA resource is compliant with EJB 2.0 specification only.
E. The WSAS JCA container needs to be configured to EJB 1.1 specification support.
me: This error occurs when an enterprise bean developed to the EJB 1.1 specification is deployed with a WebSphere Application Server V5 J2C-compliant data source, which is the default data source. By default, persistent enterprise beans created under WebSphere Application Server V4.0's using the fulfill the EJB 1.1 specification. To run on WebSphere Application Server V5, these enterprise beans must be associated with a WebSphere Application Server V4.0-type data source.
Question 34: An administrator needs to install WSAS on a Windows 2003 server machine. Which of the following are valid installation steps for a Windows 2003 install of WSAS?

A. Elect to install an xinetd.d entry for WSAS startup
B. Setup a Web administrator account using htpasswd utility
C. Modify /etc/profile to include a path to WSAS installation
D. Elect to run WSAS as a service
E. Elect to setup a Windows Active Directory instance for managing WSAS access control lists
Question 35: Which of the following statements correctly describe the WSAS installation defined by the deployment directory structure below?

cells/cellA/applications/bank.ear/ contains -
commerce.ear
cells/cellA/applications/bank.ear/deployments/bank contains -
deployment.xml
META-INF/application.xml
META-INF/ibm-application-bnd.xmi
META-INF/ibm-application-ext.xmi
META-INF/was.policy

A. The META-INF/application.xml specifies the allocation of application modules to application servers.
B. The META-INF/was.policy specifies the application-specific Java 2 security configuration.
C. The application EAR file name commerce.ear is invalid as it does not match with the application directory name bank.ear
D. The deployment.xml specifies the module startup order.
E. The META-INF/ibm-application-ext.xmi specifies all the IBM-specific external resources used by the application.
Question 36: Which of the following are valid approaches to configure connectivity from a WSAS server to a legacy IBM CICS system?

A. From the Administrative Console, install a CICS RAR archive.
B. Run a WSAS object request broker on the CICS machine.
C. At installation time, configure a WebSphere CICS server.
D. From the Deployment Manager, install a CICS WAR archive and CICS native dlls.
Question 37: In order to secure EJBs in a WSAS EJB container, which of the following steps must be completed?

A. Define J2EE roles for EJB modules
B. Specify WS-Security principal mappings for valid EJB roles
C. Create Kerberos credentials for EJB users
D. Assign EJB method permissions
E. Setup WebSphere ACL on EJB interfaces
Question 38: Which of the following are valid statements about session affinity in WSAS?

A. Session affinity only works with persistent sessions.
B. The JSESSIONID cookie contains the server ID for session affinity.
C. The URL rewriting session tracking method can not be used when session affinity is desired.
D. Session affinity ensures a user agent is always routed to the same JVM in a WSAS cluster.
E. WSAS supports session affinity for only desktop Web user agents and not for mobile Web user agents.
Question 39: Which of the following are valid statements about session failover in WSAS?

A. Session failover can improve the overall performance of a WSAS cell.
B. Session failover ensures a WSAS session can never timeout.
C. Session persistence must be enabled for session failover.
D. Session failover only works in a WSAS cluster configuration.
E. Session failover can be setup on a single node WSAS configuration provided hardware clustering is available.
Question 40: A WSAS administrator while monitoring the performance of a WSAS application, observed the following statistics:

The Web Server can process 50 requests in 100 ms.
The Web container can process 18 requests in 300 ms.
The EJB container can process 9 requests in 150 ms.
The datasource can process 40 requests in 50 ms.

Which of the following are valid tuning strategies to remove immediate bottlenecks and improve the overall system performance?

A. If possible use read-only EJB beans.
B. Setup dynamic caching in the Web Container.
C. Setup a kernel mode Web server.
D. Add more CPUs to the database machine.
E. Use a hardware loadbalancer.
Question 41: Which of the following WSAS configuration files require manual editing in order to make configuration changes?

A. cell.xml
B. admin-authz.xml
C. integral-jms-authorizations.xml
D. multibroker.xml
E. variables.xml
Question 42: Which of the following approaches can a WSAS administrator take to configure the Web server plug-in so that it sends Web requests to all the HTTP servers in the cell?

A. Use the deployWebPlugin tool to automate discovery and configuration of all HTTP servers in the cell.
B. First run the gencellplugin -all tool and then run the setupplugin command line tool.
C. Use the GenPluginCfg command line tool
D. Run the wsadmin -webplugin -all command line tool
E. Use the wsinstance tool on each node to create it's local Web server plug-in configuration
Question 43: A WSAS administrator notices frequent StaleConnectionException from a JDBC WSAS Version 4 resource. Which of the following are valid causes for this problem?

A. The JDBC database is reaping the connection.
B. The JDBC connection orphan timeout is too small.
C. The TCP keepalive timeout for the JDBC connection was exceeded.
D. A transaction was rolled back on the JDBC connection and thus marked as stale.
E. A duplicate JDBC connection was established causing the old connection to become stale.

me: The application tries to get a connection and fails, as when the database is not started.
A connection is no longer usable because of a database failure. When an application tries to use a previously obtained connection, the connection is no longer valid. In this case, all connections currently in use by the application can get this error when they try to use the connection.
The connection is orphaned (because the application had not used it in at most two times the value of the unused timeout setting) and the application tries to use the orphaned connection. This case applies only to Version 4.0 data sources.
The application tries to use a JDBC resource, such as a statement, obtained on a stale connection.
A connection is closed by the Version 4.0 data source auto connection cleanup and is no longer usable. Auto connection cleanup is the standard mode in which connection management operates. This mode indicates that at the end of a transaction, the transaction manager closes all connections enlisted in that transaction. This enables the transaction manager to ensure that connections are not held for excessive periods of time and that the pool does not reach its maximum number of connections prematurely.

Question 44: A company manages a digital marketplace portal which processes high value transactions ($1 million and higher) in small volumes. Which of the following WSAS topologies are valid choices for the portal?

A. Setup a network deployment topology with memory-to-memory replication of session state.
B. Setup a WSAS cluster on a 64-CPU SMP box to handle the high value transactions.
C. Setup a front-end WSAS Web redirector, spraying requests to multiple WSAS instances.
D. Setup a cluster of WSAS nodes and have them use database based session persistence.
E. Setup a WSAS cluster with process pair topology.

Question 45: Which of the following files store WSAS extensions to standard J2EE deployment descriptors?

A. ibm-ejb-mdb-bean.xmi
B. ibm-ejb-jndi-ext.xmi
C. ibm-ejb-jar-bnd.xmi
D. ibm-ejb-jar.xml
E. ibm-web-session.xmi
Question 46: When using Generic JMS providers in WSAS, which of the following valid limitations exist?

A. The provider may not provide JMS tools that can register its objects
in the WebSphere name space.
B. The generic JMS providers do not allow integration into non-WebSphere MQ based environments.
C. The generic JMS providers can not link to the WebSphere security infrastructure.
D. JMS resources can not be managed using WebSphere administration tools.
E. The generic JMS providers do not support Message Driven Beans (MDB).
Question 47: Which of the following are valid approaches to change the JDBC data sources contained in the system partition of the WSAS JNDI namespace?

A. Use the JNDI APIs directly
B. Use the IBM Tivoli JNDI system manager
C. Modify the WSAS system partition database using the IBM DB2 system tool
D. Use the JNDI administration client
E. Use the IBM data source manager tool
Question 48: Which of the following are valid statements about WSAS classloaders?

A. The system classloader is responsible for loading the code that is found on java.class.systempath.
B. The system classloader is the parent for the extensions classloader.
C. Each Java class must be loaded by a classloader.
D. The bootstrap classloader is responsible for loading the EJB dependency JARs.
E. A class loaded by a specific classloader can reference classes that this
classloader or its children classloaders load.
Question 49: A Web application (servlet context /bank) contained in the webbank.war module has been deployed on a WSAS application server (www.webank.com). However when a user agent tries to access the application (at http://www.webbank.com/bank), it gets a page not found exception. Which of the following could cause this problem?

A. The webbank.war module has not been bound to the WSAS virtual host (www.webank.com).
B. The war module does not have the deployment file bank.xml in it.
C. The war file name and the server host name do not match.
D. The user agent needs to use a secure URL like https://www.webbank.com/bank to access the banking application.
E. The WSAS Web plug-in needs to be regenerated for the war module.
Question 50: Which of the following statements correctly describe node usage in WSAS?

A. A node is a logical grouping of WebSphere-managed server processes.
B. A node is associated with one physical installation of WebSphere Application Server.
C. A node can contain multiple WSAS cells.
D. In the Express and Base configurations of WebSphere Application Server, there is only one node.
E. A node can only support embedded HTTP transport.
Question 51: Which of the following steps must be completed in order to correlate log files from multiple WSAS processes?

A. From the application server toolkit, merge the imported log files into a single file.
B. From the application server toolkit, select the type of correlation desired.
C. From the application server toolkit, run the log file cruncher.
D. From the application server toolkit, import all the log files to correlate.
E. From the application server toolkit, execute the log file record filter.
Question 52: Which of the following TCP ports can be specified during a WSAS installation?

A. LDAP port
B. JavaMail port
C. ORB listener port
D. FTP port
E. Message Send Protocol (MSP) port

Question 53: In which of the following cases, can the physical machine, configured to run the Web container, be up and running while the Web container is unavailable?

A. Network cable is disconnected
B. JVM crash
C. Operating system crash
D. Application server weight is inappropriate
E. System memory board failure
Question 54: Which of the following requirements must be met by WebSphere cluster members
in order to participate in WSAS clustering?

A. Have identical application components
B. Have identical heap sizes
C. Have identical JVM versions
D. Have identical weights
E. Have identical deployment descriptors