The "Ask Developer Community AI" tool is an excellent resource for studying for the certification. I asked it about each topic that will be covered in the test and the results are below.
Note: I classified each answer by the assertiveness that I consider as good, average and bad.

Note 2: The article has 4 parts, each one for an exam area.

2. Best practices

2.1 Uses recommended development tools and workflows with InterSystems IRIS

[GOOD]  Uses Visual Studio Code to connect to InterSystems IRIS and develop client-side and server-side code

To use Visual Studio Code (VS Code) to connect to InterSystems IRIS and develop both client-side and server-side code, you need to follow these steps:
1.    Install Necessary Extensions: Install the InterSystems Server Manager Extension, InterSystems ObjectScript Extension, and InterSystems Language Server Extension for VS Code. These extensions help in defining server connections, writing, and compiling code files, and providing language support for ObjectScript [1].
2.    Configure Server Connections: Use the InterSystems Server Manager Extension to define connections to your InterSystems IRIS server. This involves adding the server details such as name, hostname, port, and username [2].
3.    Develop and Sync Code: You can edit code locally on your machine and sync it with the server. The ObjectScript extension allows you to save and compile code directly on the server. You can also use version control systems like Git to manage your code changes [3].
4.    Use SQLTools for Database Interactions: Install the SQLTools extension and the SQLTools InterSystems IRIS driver to connect to your IRIS instance and run SQL queries directly from VS Code [4].
5.    Access the IRIS Terminal: Depending on your IRIS version, you can use the Web Terminal or WebSocket Terminal to open a terminal session within VS Code. For IRIS versions 2023.2 and later, the WebSocket Terminal is available. For earlier versions, you can use the Web Terminal extension [5].
For detailed instructions on each step, refer to the respective sections in the documentation provided by InterSystems [6][2][1][5].

Sources
1.Setting up VS Code to work with InterSystems technologies
2.InterSystems VSCode ObjectScript Extension Pack in glance
3.Where to save the local cache code after connecting the IRIS server using Visual Studio Code
4.Connecting to InterSystems IRIS in VS Code using SQLTools
5.Accessing the IRIS Terminal: A Comprehensive Guide for Visual Studio Code Users
6.Connecting an IDE | InterSystems IRIS Data Platform 2024.3

[GOOD]  Uses InterSystems IRIS debugging tools (e.g., uses debugger in VS Code)

To use InterSystems IRIS debugging tools, such as the debugger in Visual Studio Code (VS Code), follow these steps:
1.    Install the InterSystems IRIS extensions for VSCode: Go to Extensions in VSCode, search for InterSystems, and install the necessary extensions, particularly the InterSystems ObjectScript Extension Pack.
2.    Set up a sample application: Clone a sample project from a repository, such as https://github.com/yurimarx/debug-objectscript.git, and set it up using Docker.
3.    Open the project in VSCode: Open the project directory in VSCode and configure the ObjectScript connection.
4.    Debugging: Set breakpoints in your ObjectScript code, and use the debugging tools in VSCode to step through the code, inspect variables, and control execution.
For detailed instructions on setting up and using the debugger, refer to the article “Debug the ObjectScript code using VSCode” [1].
Additionally, you can watch the video “Using the VS Code Debugger for InterSystems ObjectScript” on the InterSystems Developers YouTube channel for a visual guide [2].

Sources
1.Debug the ObjectScript code using VSCode
2.[Video] Using the VS Code Debugger for InterSystems ObjectScript

[AVERAGE]  Identifies components required in Compose files used for container development

The components required in Compose files used for container development include:
1.    Version: Specifies the version of the Docker Compose file format.
2.    Services: Defines the services (containers) that make up the application.
3.    Image: Specifies the Docker image to use for the service.
4.    Build: Specifies the build context for the service.
5.    Ports: Maps ports between the host and the container.
6.    Volumes: Mounts directories or files from the host into the container.
7.    Environment: Sets environment variables for the service.
8.    Command: Overrides the default command for the container.
9.    Restart: Specifies the restart policy for the container.
For more detailed information, refer to the articles on Docker Compose and its usage [1][2].

Sources
1.Introduction to Docker - Part2 (Docker Compose, Docker File, Docker Volume)
2.Running InterSystems Products in Containers | InterSystems IRIS Data Platform 2024.3

[AVERAGE]  Enumerates available development tools (e.g., %SYS.MONLBL, ^PROFILE, and ^TRACE)

The available development tools in InterSystems include:
1.    %SYS.MONLBL: This tool is used for monitoring and performance analysis.
2.    ^PROFILE: This tool is used for profiling code to analyze performance.
3.    ^TRACE: This tool is used for tracing code execution to debug and understand the flow of the program.
Additionally, synonyms for the GOTO ObjectScript command include “G” [1].

Sources
1.GOTO (ObjectScript) | ObjectScript Reference | InterSystems IRIS Data Platform 2024.3

[GOOD]  Describes options for automatically documenting code

There are several options for automatically documenting code:
1.    Using Documatic: You can generate class documentation from comments embedded in the code using Documatic. This includes documenting each column in SQL views with HTML markup similar to how you document each method of a class [1].
2.    Static Documentation Generators: There are several documentation generation solutions that produce web documentation portals. Some popular open-source options include:
o    MkDocs: Supports static and dynamic documentation generation, Markdown and HTML, and integration with Git pages.
o    Docsify: Lightweight, supports smart full-text search, multiple themes, and embedded files.
o    Docusaurus: Powered by Markdown, built using React, supports translations, document versioning, and search.
o    Slate: Clean design, single-page documentation, Markdown support, syntax highlighting, and editable via GitHub.
o    GitBook: Collaborative work, drafts and versioning, multiple output formats, and cloud hosting [2].
3.    CodeInspector: This tool helps in automating custom code validation by applying custom rules tailored to your development requirements. It generates detailed reports and can be configured to enforce consistent coding practices [3].
4.    VSCode Snippets: In VSCode, you can use snippets to create templates for code documentation. This allows you to standardize method descriptions and other documentation elements [4].
5.    Swagger for REST APIs: For documenting REST APIs, you can use the Swagger open-source framework to provide interactive documentation based on the OpenAPI 2.0 specification. This can be hosted and viewed using tools like Swagger UI [5].

Sources
1.Best way to document a SQL view
2.Static Documentation Generators
3.CodeInspector: Automating Custom Code Validation
4.Is it possible to export User-Defined Code Fragments from Studio?
5.Listing and Documenting REST APIs | Creating REST Services | InterSystems IRIS Data Platform 2024.3

[AVERAGE]  Chooses background execution strategy

In ObjectScript, you can execute programs in the background using the JOB command. This command allows you to run a process independently of the current process, usually without user interaction. The JOB command can be used to start a routine, a class method, or an instance method in the background.
For detailed instructions on how to use the JOB command, including its syntax and examples, please refer to the relevant documentation [1].

Sources
1.JOB (ObjectScript) | ObjectScript Reference | InterSystems IRIS Data Platform 2024.3

2.2 Integrates InterSystems IRIS with CI/CD pipelines

[GOOD]  Describes deployment options for InterSystems IRIS (e.g., containers vs InterSystems IRIS installer)

InterSystems IRIS can be deployed using various methods, including containers and the InterSystems IRIS installer. Here are the deployment options:
1.    Containers: Deploying InterSystems IRIS in Docker containers is agile, highly repeatable, and well-suited to public cloud platforms. Containers cleanly separate code from data and support CI/CD and a DevOps approach, allowing for fast improvements. The configuration merge feature supports automated container deployment by varying the configurations of InterSystems IRIS instances in containers deployed from the same image [1].
2.    InterSystems IRIS Installer: You can also install and run multiple instances of InterSystems IRIS on a single host system using the InterSystems IRIS installer. Each instance is a unique, independent environment that can be managed using the iris command or the Windows launcher [2].
For detailed steps on using Docker containers, refer to the articles on deploying InterSystems IRIS in Docker containers and using the ObjectScript Package Manager with Docker containers [3][4].

Sources
1.Deploy in Containers | InterSystems IRIS Data Platform 2024.3
2.Manage InterSystems IRIS Instances: The iris Command | System Administration Guide | InterSystems IRIS Data Platform 2024.3
3.Using ObjectScript Package Manager With InterSystems IRIS and IRIS for Health Docker Containers
4.InterSystems IRIS Docker Container Image With ObjectScript Package Manager

[GOOD]  Manages changes to CPF file to support continuous deployment

To manage changes to the CPF file to support continuous deployment, you can use the configuration merge feature. This feature allows you to specify a configuration merge file containing the desired changes, which can be applied to the CPF file programmatically. This supports automated deployment and reconfiguration of multiple instances from the same source. The configuration merge file can be used to modify settings such as memory, journal settings, mappings, and device configurations. For more detailed steps and examples, refer to the articles on using the configuration merge feature and automating configuration with configuration merge [1][2].

Sources
1.CPF (Tools/APIs) | InterSystems API Index | InterSystems IRIS Data Platform 2024.3
2.Introduction to the Configuration Parameter File | Configuration Parameter File Reference | InterSystems IRIS Data Platform 2024.3

[GOOD]  Uses the %UnitTest framework to write and run unit tests

To use the %UnitTest framework to write and run unit tests in InterSystems IRIS, follow these steps:
1.    Create Test Cases: Extend the %UnitTest.TestCase class to create your testing class. Add test methods to this class, ensuring that each test method name begins with “Test”. Each test method can contain multiple tests, typically using the $$$AssertX macros to compare the method’s output to expected values [1].
2.    Preparation and Cleanup: Add code to special preparation and cleanup methods within your test class to handle tasks that need to be performed before and after tests run. This includes methods like OnBeforeOneTest(), OnBeforeAllTests(), OnAfterOneTest(), and OnAfterAllTests() [2].
3.    Execute Tests: Use the RunTest() method from the %UnitTest.Manager class to execute your tests. This method will load, compile, execute, and then delete the test classes by default. You can view the general results in your terminal window or more detailed results in the Management Portal [2][3].
For detailed instructions on each step, refer to the relevant sections in the documentation:
•    Creating test cases: Extending the %UnitTest.TestCase Class
•    Preparation and cleanup methods: %UnitTest.TestCase Class Preparation and Cleanup Methods
•    Executing tests: Executing Unit Tests Using the %UnitTest.Manager Methods
This framework is designed to be flexible and accommodate various testing needs, making it a robust tool for unit testing in InterSystems IRIS.

Sources
1.Creating Test Cases: The %UnitTest.TestCase Class | The %UnitTest Framework for InterSystems IRIS | InterSystems IRIS Data Platform 2024.3
2.About the InterSystems IRIS %UnitTest Framework | The %UnitTest Framework for InterSystems IRIS | InterSystems IRIS Data Platform 2024.3
3.Executing Unit Tests Using the %UnitTest.Manager Methods | The %UnitTest Framework for InterSystems IRIS | InterSystems IRIS Data Platform 2024.3

[BAD]  Runs integration tests to confirm expectations in other applications

Integration tests are designed to confirm expectations in other applications and typically require an external context, such as a database server. They can reference external resources and require a specific context in which to run. Integration tests can take longer to complete and are often run manually or prior to project deployment. In Maven, the life cycle phase where integration tests are run is called the “verify” phase [1].
For running integration tests with InterSystems IRIS, you can use the IrisApiTester tool. This tool allows you to perform unit tests, integration tests, and even add a CI/CD continuous integration layer. You can create a web application and define routes for your tests, which can then be executed via API calls. This setup allows you to automate the testing process and integrate it with your development workflow [2].

Sources
1.Maven Projects - Mixing Java and ObjectScript
2.Automate API Testing with IrisApiTester: A Developer's Guide

[GOOD]  Runs system checks to check functional and non-functional requirements at production scale

To run system checks to verify functional and non-functional requirements at production scale, you can use the %UnitTest.TestProduction class in InterSystems IRIS. This class allows you to create tests that start and stop the production being tested, send input to the production components, and examine the output and any errors generated. You will need to override the callback methods such as OnBeforeProductionStart, OnAfterProductionStart, CheckResults, and CheckErrors to implement the specific checks and validations required for your production environment [1][2].

Sources
1.TestControl | Testing Productions | InterSystems IRIS Data Platform 2024.3
2.Callback Methods | Testing Productions | InterSystems IRIS Data Platform 2024.3

[BAD]  Identifies implications of promoting changes

Promoting changes in your system can have several implications. It is important to consider the following:
1.    Compatibility and Future Proofing: Ensure that the changes are compatible with both your current platform and any anticipated upgrades. For example, if you are currently using Ensemble 2018 and plan to upgrade to IRIS, you need to be aware that certain features like InterSystems Reports are only available on IRIS and not on Ensemble [1].
2.    End-of-Life Announcements: Be aware of any end-of-life announcements for technologies you are using. For instance, Zen Reports are being removed from InterSystems IRIS and IRIS for Health starting from version 2025.1, so it would be prudent to avoid dependencies on Zen Reports for new developments [1].
3.    Alternative Solutions: Consider alternative solutions that might be more future-proof or better supported. For example, converting HL7 to FHIR and using the FHIR SQL Builder to make datasets available as SQL tables, which can then be consumed by InterSystems Reports, might be a viable option [1].
4.    Data Access and Integration: Evaluate how the changes will affect data access and integration. Using ODBC/JDBC to access data and integrating with third-party BI tools like MS PowerBI or Tableau could be an alternative approach if it meets your needs [1].
By considering these factors, you can better manage the implications of promoting changes in your system.

Sources
1.Reports roadmap

2.3 Uses source control with InterSystems IRIS

[GOOD]  Describes options for integrating InterSystems IRIS with source control systems
To integrate InterSystems IRIS with source control systems, you can follow these steps:
1.    Creating a Source Control Class: Create a subclass of %Studio.Extension.Base or %Studio.SourceControl.Base. Implement necessary methods such as AddToSourceControl(), CheckIn(), CheckOut(), and GetStatus(). These methods will handle importing/exporting documents, interacting with the source control system, and updating the status of files in InterSystems IRIS [1].
2.    Activating a Source Control Class: In the Management Portal, navigate to System Administration > Configuration > Additional Settings > Source Control. Select the namespace and the source control class to use [1].
3.    Configuring Source Control Settings: Configure the namespace to specify the location of files to be loaded into the code databases. This configuration often involves setting up a global to contain the relevant information [1].
4.    Using Tools for Managing Documents and Files: Use $system.OBJ.ExportUDL() for exporting UDL files, $system.OBJ.Export() for XML files, and $system.OBJ.Load() for importing files. The %RoutineMgr.TS class method can be used to obtain timestamps and compile times for documents [1].
5.    Accessing Your Source Control System: Ensure that the InterSystems IRIS server can locate the shared library or file defining the source control system’s API. Implement methods to call the appropriate functions of the source control software [1].
For a practical example, you can refer to the git-source-control package, which supports IPM packages for source control and can be installed and configured using ZPM commands [2]. Additionally, Deltanji is a source control solution tailored for InterSystems IRIS, providing seamless integration with various client tools like VS Code, Studio, and Management Portal [3].

Sources
1.Integrating InterSystems IRIS with Source Control Systems | InterSystems IRIS Data Platform 2024.3
2.Enabling IRIS Interoperability Source Control with InterSystems Package Manager and git-source-control
3.[Webinar] Deltanji demo: source control tailored for InterSystems IRIS

[GOOD]  Mitigates effects of importing an updated class/schema definition
 To mitigate the effects of importing an updated class/schema definition, you can follow these best practices:
1.    Add the new property to the target class: First, add the new property to the class where you want it to be moved.
2.    Write a utility class: Create a utility class to move the existing content from the old property location to the new property location.
3.    Update methods: Ensure all methods access the new property location.
4.    Clean up: Once you are satisfied with the changes, you can remove the old property from the original class. Set it to an empty string, make it internal or private, or delete it entirely. However, do not touch the storage map during this process.
These steps help ensure that the data is correctly migrated and that the application continues to function correctly with the new class definitions [1].

Sources
1.Guidance on modifying class definitions and switching my application to the new definitions

 The "Ask Developer Community AI" tool is an excellent resource for studying for the certification. I asked it about each topic that will be covered in the test and the results are below.
Note: I classified each answer by the assertiveness that I consider as good, average and bad.

Note 2: The article has 4 parts, each one for an exam area.

4. Best practices: Code

4.1 Writes defensive code

[GOOD]  Chooses strategy for error handling  

Choosing a strategy for error handling in InterSystems can be approached in several ways depending on the specific requirements and context of your application.
1.    Extending EnsLib.HL7.Operation.TCPOperation: If you need to handle errors based on specific content within HL7 messages, you can extend the EnsLib.HL7.Operation.TCPOperation class and override the OnGetReplyAction method. This allows you to customize the error handling logic by checking the content of the error messages and deciding the appropriate action based on a lookup table. This approach provides granular control over error handling and makes it accessible to the wider team by using a lookup table for error actions [1].
2.    Traditional Error Processing: For legacy applications, traditional error processing using $ZTRAP and $ETRAP can be used. These methods allow you to set up error handlers that execute specific commands when an error occurs. $ZTRAP is used to specify a routine or label to handle errors, while $ETRAP can contain commands to handle errors within a specific context. However, these methods are less recommended for new applications due to their complexity and potential for errors [2].
3.    TRY-CATCH Mechanism: The recommended modern approach for error handling in InterSystems IRIS is the TRY-CATCH mechanism. This method allows you to define protected blocks of code (TRY blocks) and specify how to handle exceptions (CATCH blocks). This approach simplifies error detection and handling, separates error handling code from regular code, and supports error propagation and recovery [3][4].
4.    BPL Error Handling: For business processes using BPL (Business Process Language), you can use fault handlers within scopes to catch and handle errors. BPL provides elements like <scope>, <throw>, <catch>, and <catchall> to manage errors and specify how to recover from them [5].
Each of these methods has its own advantages and is suitable for different scenarios. For new applications, the TRY-CATCH mechanism is generally recommended due to its simplicity and robustness. For specific HL7 error handling, extending the EnsLib.HL7.Operation.TCPOperation class provides a tailored solution. For legacy systems, traditional error processing methods may still be in use.
References:
•    Extending EnsLib.HL7.Operation.TCPOperation for custom error handling [1]
•    Traditional Error Processing using $ZTRAP and $ETRAP [2]
•    Using TRY-CATCH for error handling [3][4]
•    Handling Errors in BPL [5]

Sources
1.Extending EnsLib.HL7.Operation.TCPOperation for custom error handling
2.(Legacy) Traditional Error Processing | Using ObjectScript | InterSystems IRIS Data Platform 2024.3
3.Using TRY-CATCH | Using ObjectScript | InterSystems IRIS Data Platform 2024.3
4.ObjectScript error management
5.Handling Errors in BPL | Developing BPL Processes | InterSystems IRIS Data Platform 2024.3

[GOOD]  Diagnoses and troubleshoots system performance and code execution performance
To diagnose and troubleshoot system performance and code execution performance, you can use several tools and methods available in InterSystems IRIS:
1.    ^PERFSAMPLE: This tool samples the state of processes at high frequency and sorts the data along various dimensions such as the process’s current routine, namespace, state string, and wait state within the database kernel. It helps in identifying what processes are spending their time doing, whether they are using CPU, reading database blocks, or waiting for other resources. [1]
2.    ^PERFMON and ^%SYS.MONLBL: These utilities help identify the busiest routines and analyze them in detail. ^PERFMON counts the number of accesses to globals and routines, while ^%SYS.MONLBL provides detailed statistics on the number of times each line in a routine was executed, the number of global references, and the time spent at each line. This approach is useful for pinpointing performance issues in specific pieces of code. [2]
3.    ^SystemPerformance: This utility collects detailed performance data about an InterSystems IRIS instance and the platform on which it is running. It generates performance reports that can help diagnose system problems. The utility can be run in the terminal or scheduled in the Management Portal. [3]
These tools provide comprehensive insights into system performance and can help you identify and resolve performance bottlenecks effectively.

Sources
1."What's taking so long?" - Process Sampling for Performance Analysis
2.APM - Finding the expensive parts of your application
3.Monitoring Performance Using ^SystemPerformance | Monitoring Guide | InterSystems IRIS Data Platform 2024.3

[GOOD]  Manages and monitors process memory
To manage and monitor process memory in InterSystems IRIS, you can use several tools and techniques:
1.    Monitor Memory Utilization: You can monitor the memory utilization of your system, including both the percentage of available memory and the percentage of available swap space. This can be done using the InterSystems IRIS Health Monitor or a third-party monitoring tool [1].
2.    Managing Process Memory: Processes in InterSystems IRIS use memory for various entities such as variables, object instances, and I/O buffers. Memory is allocated from a pool and returned to the pool when no longer needed. The system variable $ZSTORAGE can be used to set a limit on memory consumption for each process, with a maximum of 2TB. This value can be set via the Management Portal or the configuration file (iris.cpf) [2].
3.    Monitoring for Memory Swapping: It is important to monitor if memory swapping is occurring in your system. If swapping occurs, an administrator should be notified. This can be done using a third-party monitoring tool [3].
4.    Monitoring System Dashboard Indicators: The System Dashboard in the Management Portal provides various performance indicators, including memory usage. You can navigate to more detailed information from the dashboard [4].
5.    Evaluate Maximum Memory per Process Size: Periodically evaluate the maximum memory per process and decide whether to increase its size based on the system’s growth. This involves checking the bbsiz parameter and adjusting it as needed [5].
For detailed instructions on each of these tasks, please refer to the respective sections in the InterSystems documentation.

Sources
1.Monitor Memory Utilization | Monitoring and Operations Guide | InterSystems IRIS Data Platform 2024.3
2.Process Memory in InterSystems Products | InterSystems IRIS Data Platform 2024.3
3.Monitor for Memory Swapping | Monitoring and Operations Guide | InterSystems IRIS Data Platform 2024.3
4.Monitoring InterSystems IRIS Using the Management Portal | Monitoring Guide | InterSystems IRIS Data Platform 2024.3
5.Evaluate Maximum Memory per Process Size | Monitoring and Operations Guide | InterSystems IRIS Data Platform 2024.3

[AVERAGE]  Manages processes (including background processes)

To manage processes, including background processes, in InterSystems IRIS, you can use the JOB command to initiate a background process. The process issuing the JOB command is known as the parent process, and the initiated background process is known as the child process. This background process may also be referred to as a “jobbed process” or a “spawned process” [1].
You can manage and control these processes using the Management Portal. The available functions include displaying process information, displaying process details, suspending/resuming a process, terminating a process, displaying process variables, and broadcasting messages to terminals [2].
For more detailed instructions on managing processes, including suspending, resuming, and terminating processes, please refer to the relevant sections in the Management Portal documentation [2].

Sources
1.Process Management | Specialized System Tools and Utilities | InterSystems IRIS Data Platform 2024.3
2.Controlling InterSystems IRIS Processes | System Administration Guide | InterSystems IRIS Data Platform 2024.3

[GOOD]  Describes general system limits in IRIS (e.g., max string vs stream, # of properties)
InterSystems IRIS has several system limits that you should be aware of:
1.    String Length Limit: The maximum length of a string is 3,641,144 characters. If a string contains only characters with codes from 0 to 255, each character takes up 8 bits. If it contains at least one character with a code greater than 255, each character takes up 16 bits [1].
2.    Subscript Limits:
o    For a local array, the maximum length of a subscript is 32,767 encoded bytes.
o    For a global array, the maximum length of a subscript is 511 encoded bytes.
o    For a process-private global, the maximum length of a subscript is 507 encoded bytes.
o    The maximum number of subscript levels is 255 for a local variable and 253 for a global or process-private global [1].
3.    Maximum Length of a Global Reference: The total length of a global reference is limited to 511 encoded characters [1].
4.    Class Limits:
o    Inheritance depth: 50
o    Foreign keys: 400 per class
o    Indexes: 400 per class
o    Methods: 2000 per class
o    Parameters: 1000 per class
o    Projections: 200 per class
o    Properties: 1000 per class
o    Queries: 200 per class
o    SQL constraints: 200 per class
o    Storage definitions: 10 per class
o    Superclasses: 127 per class
o    Triggers: 200 per class
o    XData blocks: 1000 per class [1].
5.    Class and Routine Limits:
o    Class method references: 32,768 unique references per routine or class
o    Class name references: 32,768 unique references per routine or class
o    Instance method references: 32,768 per routine or class
o    Lines: 65,535 lines per routine, including comment lines
o    Literals (ASCII and Unicode): 65,535 per routine or class
o    Parameters: 255 per subroutine, method, or stored procedure
o    Procedures: 32,767 per routine
o    Property read references: 32,768 per routine or class
o    Property set references: 32,768 per routine or class
o    Routine references: 65,535 per routine or class
o    Target references: 65,535 per routine or class
o    TRY blocks: 65,535 per routine
o    Private variables: 32,763 per procedure
o    Public variables: 65,503 per routine or class [1].
For more detailed information, you can refer to the specific sections in the InterSystems IRIS documentation [1].

Sources
1.General System Limits | ObjectScript Reference | InterSystems IRIS Data Platform 2024.3

4.2 Writes secure code  

[GOOD]  Implements database and data element encryption
InterSystems IRIS provides a suite of encryption technologies to protect data at rest, including both block-level database encryption and data-element encryption.
1.    Block-level Database Encryption: This encrypts the entire database, including data, indexes, bitmaps, pointers, allocation maps, and incremental backup maps. The encryption and decryption processes are optimized for performance and are transparent to users and applications. To create an encrypted database, you need to activate a database encryption key and then specify encryption when creating the database through the Management Portal [1][2][3][4].
2.    Data-element Encryption: This allows for encrypting specific data elements within an application, such as credit card numbers or social security numbers. It is implemented programmatically using an API, which provides methods for encrypting and decrypting individual data elements. This method is useful for applications that need to encrypt only certain fields and can be used alongside block-level encryption [1][2][5][6].
3.    Encryption Key Management: InterSystems IRIS provides tools for creating and managing encryption keys, which can be stored in key files or on key servers using the Key Management Interoperability Protocol (KMIP). These keys are essential for both database and data-element encryption [1][2][3][5].
For detailed steps on implementing these encryption methods, please refer to the respective sections in the documentation:
•    For block-level database encryption, see the “Create an Encrypted Database” section [4].
•    For data-element encryption, see the “Using Data-Element Encryption” section [5].

Sources
1.Encryption | InterSystems IRIS Data Platform 2024.3
2.Encryption | Security Reference (Contents) | InterSystems IRIS Data Platform 2024.3
3.Demo: Database Encryption | Security Reference | InterSystems IRIS Data Platform 2024.3
4.Using Encrypted Databases | Security Reference | InterSystems IRIS Data Platform 2024.3
5.Data-Element Encryption | Security Reference | InterSystems IRIS Data Platform 2024.3
6.Making encrypted datafields SQL-searchable

[GOOD]  Connects securely to external systems

InterSystems IRIS provides several options for securely connecting to external systems:

•     HTTP Adapters: These enable productions to send and receive HTTP requests and responses. The port and interface IP addresses of the inbound HTTP adapter are configurable, and the server and port for the outbound HTTP adapter are provided by class settings [1].
•     Java Gateway: This allows production adapters to communicate through a Java intermediary process. The InterSystems IRIS server process communicates with the Java process via a configurable TCP connection [1].
•     LDAP: The EnsLib.LDAP.OutboundAdapter class can be used by Business Services to send requests to an LDAP server and receive responses [1].
•     MQSeries: The EnsLib.MQSeries.InboundAdapter and EnsLib.MQSeries.OutboundAdapter enable productions to retrieve messages from and send messages to IBM WebSphere MQ message queues [1].
•     Pipe: The EnsLib.Pipe.InboundAdapter and EnsLib.Pipe.OutboundAdapter enable productions to invoke operating system commands or shell scripts, communicating with them via a pipe [1].
•     SAP: The Java Gateway is used to communicate with the SAP Java Connector using classes imported with the EnlLib.SAP.BootStrap class ImportSAP method [1].
•     SQL: The SQL inbound and outbound adapters enable productions to communicate with JDBC or ODBC-compliant databases [1].
•     TCP: InterSystems IRIS provides input and output TCP adapters for managing incoming or outgoing TCP connections [1].
•     Telnet: The EnsLib.Telnet.OutboundAdapter permits outbound telnet connections to the telnet facility on another system [1].

For more detailed information on configuring these adapters and gateways, please refer to the relevant sections in the InterSystems IRIS documentation.

Sources
1.Secure InterSystems Processes and Operating-System Resources | Securing Your Instance | InterSystems IRIS Data Platform 2024.3

[GOOD]  InterSystems IRIS provides several options for securely connecting to external systems:
1.    HTTP Adapters: These enable productions to send and receive HTTP requests and responses. The port and interface IP addresses of the inbound HTTP adapter are configurable, and the server and port for the outbound HTTP adapter are provided by class settings [1].
2.    Java Gateway: This allows communication through a Java intermediary process. The InterSystems IRIS server process communicates with the Java process via a TCP connection, and the TCP ports used are configurable [1].
3.    LDAP: The EnsLib.LDAP.OutboundAdapter class can be used by Business Services to send requests to an LDAP server and receive responses [1].
4.    MQSeries: The EnsLib.MQSeries.InboundAdapter and EnsLib.MQSeries.OutboundAdapter enable productions to retrieve messages from and send messages to IBM WebSphere MQ message queues [1].
5.    Pipe: The EnsLib.Pipe.InboundAdapter and EnsLib.Pipe.OutboundAdapter enable productions to invoke operating system commands or shell scripts, creating a process external to InterSystems IRIS and communicating with it via a pipe [1].
6.    SAP: The Java Gateway is used to communicate with the SAP Java Connector using classes imported with the EnlLib.SAP.BootStrap class ImportSAP method [1].
7.    SQL: The SQL inbound and outbound adapters enable productions to communicate with JDBC or ODBC-compliant databases [1].
8.    TCP: InterSystems IRIS provides input and output TCP adapters for managing incoming or outgoing TCP connections [1].
9.    Telnet: The EnsLib.Telnet.OutboundAdapter permits outbound telnet connections to the telnet facility on another system [1].
For more detailed information on configuring these adapters and connections, please refer to the relevant sections in the InterSystems IRIS documentation.

Sources
1.Secure InterSystems Processes and Operating-System Resources | Securing Your Instance | InterSystems IRIS Data Platform 2024.3

[GOOD]  Prevents SQL injection attacks (e.g., sanitizing, concatenating vs parameterizing)  

To prevent SQL injection attacks in InterSystems IRIS, it is crucial to use parameterized queries instead of concatenating user inputs directly into SQL statements. Parameterized queries ensure that user inputs are treated strictly as data rather than executable code, significantly reducing the risk of SQL injection. For example, instead of constructing a query string by concatenating user inputs, use placeholders (?) and bind the user inputs as parameters:

Set query = "SELECT Name, Age FROM Patients WHERE Age > ?"
Set statement = ##class(%SQL.Statement).%New()
Set status = statement.%Prepare(query)
If status {
    Set result = statement.%Execute(age)
    While result.%Next() {
        Write "Name: ", result.Name, ", Age: ", result.Age, !
    }
}

This approach ensures that the age value is treated as data, not as part of the SQL command, thus preventing SQL injection [1].
Additionally, InterSystems IRIS provides several built-in measures to make SQL injection more difficult:
1.    It does not allow multiple SQL statements to be executed in a single request.
2.    It offers object access, which can be used to implement update processing, thereby preventing SQL injection through SQL statements.
3.    CSP (IRIS’s web technology) can encrypt all URL query strings, making it challenging to use techniques such as obtaining clues for injection from query strings.
4.    The IRIS security model allows granting database access to applications rather than users, and users can be restricted to read and write access to the database, with only permissions to run the application [2].

Sources
1.Avoiding SQL Injection in InterSystems IRIS: The Case for Secure Query Practices
2.Countermeasures against SQL injection

[AVERAGE]  Prevents remote code execution
To disable remote code execution in InterSystems IRIS, you can limit remote privileged access by disabling the handling of remote jobs. This can be done by setting the netjob parameter to false. This setting is true by default. For detailed instructions on changing this parameter, refer to the procedure in the documentation [1].

Sources
1.Tighten Security for an Instance | Securing Your Instance | InterSystems IRIS Data Platform 2024.3

[GOOD]  Leverages InterSystems IRIS security model

InterSystems IRIS employs a Role-Based Access Control (RBAC) model for its security framework. In this model, a system administrator assigns users to one or more roles, each of which is authorized to perform a specific set of activities with a particular set of resources. This helps manage and control access to various assets such as databases, services, applications, and administrative actions. The RBAC model ensures that users only have the permissions necessary to perform their tasks, enhancing security and simplifying privilege management [1][2][3].

Sources
1.About InterSystems Authorization | InterSystems IRIS Data Platform 2024.3
2.About InterSystems Authorization | Authorization Guide | InterSystems IRIS Data Platform 2024.3
3.InterSystems IRIS Security | Orientation Guide for Server-Side Programming | InterSystems IRIS Data Platform 2024.3

InterSystems IRIS leverages a comprehensive security model that includes several key features:
1.    System Security: Tools to protect and harden instance-level security.
2.    Auditing: Keeps a log of predefined system and application-specific events.
3.    Authentication: Verifies the identity of all users.
4.    Authorization: Ensures that users can access only the resources they need.
5.    Encryption: Protects stored data from unauthorized access.
6.    TLS: Creates protected channels for communications and data transmission.
InterSystems IRIS security is designed to interoperate with other security products and tools, such as firewalls and operating system security features, to create a secure computing environment [1]. Additionally, the security model includes role-based access control, which allows for fine-grained access control based on roles and permissions [2].

Sources
1.Introducing InterSystems Security | InterSystems IRIS Data Platform 2024.3
2.InterSystems IRIS Security | Orientation Guide for Server-Side Programming | InterSystems IRIS Data Platform 2024.3

4.3 Ensures data integrity  
 

[GOOD]  Differentiates between journaling behavior inside vs outside transactions

Journaling behavior in InterSystems IRIS differs inside and outside transactions.
1.    Inside Transactions: InterSystems IRIS automatically journals any global update that is part of a transaction, regardless of the global journal state setting for the database in which the affected global resides. This ensures that all changes within a transaction are recorded and can be rolled back if the transaction does not complete successfully. If a transaction is incomplete, IRIS uses the journal entries to roll back the transaction, returning the globals involved to their pre-transaction values. This rollback occurs during recovery after a system crash, when a process is halted, or when a process is terminated from the Management Portal [1].
2.    Outside Transactions: For non-transactional operations, journaling records all global update operations performed on a database. This allows the database to be restored to its state immediately before a failure or crash by applying the changes in the journal files after restoring from a backup. However, if a database is not journaled, updates to it will not be recorded in the journal, and thus, these updates cannot be recovered after a failure [1].
In summary, journaling ensures data integrity by recording all updates within transactions and providing a mechanism to roll back incomplete transactions, while also maintaining a log of all global updates for recovery purposes outside of transactions.

Sources
1.Journaling Overview | Data Integrity Guide | InterSystems IRIS Data Platform 2024.3
 

[GOOD]  Minimizes requirements for journal volumes and performance
To minimize the requirements for journal volumes and improve performance, consider the following strategies:
1.    File System Separation: Use separate file systems for installation files, database files, primary journal directory, and alternate journal directory. This separation helps in performance and recoverability by ensuring that damage to one file system does not affect the others [1].
2.    Buffered I/O vs. Direct I/O: Use direct or concurrent I/O for journal files to bypass the operating system cache, which can improve performance. For database files, use direct I/O as InterSystems IRIS uses its own database cache [1].
3.    Data Compression: Implement journal compression to reduce storage costs. This can offer significant storage reduction and is compatible with journal encryption. However, it may increase the overhead necessary for journal restores [1].
4.    Disabling Journaling for Certain Operations: Under specific circumstances, you can disable journaling for filing operations, such as object saves and deletes, by setting the concurrency value to 0 when opening an object or by suspending object filer transaction processing for the current process [2].
5.    Monitoring and Profiling: Regularly monitor and profile your journal files to identify which globals are causing rapid growth. Use tools like the Journal Profile utility to get a summary of the size of the file taken up by each global and investigate further to determine if the growth is natural or if it can be minimized [3].
6.    Journal Syncs: Ensure that the average write response time for journal syncs is less than or equal to 0.5 ms, with a maximum of 1 ms, to maintain scalability and performance. This is particularly important in ECP deployments where journal syncs are frequent [4].
By implementing these strategies, you can optimize the performance and minimize the requirements for journal volumes in your InterSystems IRIS environment.

Sources
1.System Resource Planning and Management | InterSystems IRIS Data Platform 2024.3
2.Special Considerations for Journaling | Data Integrity Guide | InterSystems IRIS Data Platform 2024.3
3.What is causing the journals to grow rapidly?
4.Data Platforms and Performance - Part 7 ECP for performance, scalability and availability

[GOOD]  Manages transactions  
To manage transactions in InterSystems IRIS, you can use either SQL or ObjectScript commands. Here are the key commands and their functions:
1.    SQL Commands:
o    START TRANSACTION: Begins a transaction.
o    COMMIT: Signals a successful end of the transaction.
o    ROLLBACK: Signals an unsuccessful end of the transaction, rolling back all changes made during the transaction.
o    SAVEPOINT: Marks a point within a transaction to which you can roll back.
2.    ObjectScript Commands:
o    TSTART: Marks the beginning of a transaction.
o    TCOMMIT: Commits the transaction.
o    TROLLBACK: Rolls back the transaction. You can use TROLLBACK 1 to roll back only the current level of nested transactions.
These commands ensure that all operations within a transaction are completed successfully or none at all, maintaining the integrity of the database. For more detailed instructions on managing transactions, refer to the relevant documentation for SQL and ObjectScript transaction processing [1][2][3].

Sources
1.Transaction Processing | Using ObjectScript | InterSystems IRIS Data Platform 2024.3
2.START TRANSACTION (SQL) | InterSystems SQL Reference | InterSystems IRIS Data Platform 2024.3
3.TROLLBACK (ObjectScript) | ObjectScript Reference | InterSystems IRIS Data Platform 2024.3
 

[GOOD]  Enumerates causes for automatic transaction rollbacks
Automatic transaction rollbacks can occur due to several reasons:
1.    System Failure: If a system failure occurs, InterSystems IRIS automatically rolls back any incomplete transactions during the recovery process when the system restarts [1].
2.    Process Termination: When a process is terminated using the HALT command or the ^RESJOB utility, any transactions in progress are rolled back [1].
3.    Transaction Suspension: If transactions are suspended during a process, any changes made while transactions were suspended cannot be rolled back, but changes made before or after the suspension are rolled back [2].
4.    Error During Transaction: If an error occurs during a transaction, the transaction can be rolled back using the SQL ROLLBACK command or the ObjectScript TROLLBACK command [1][3].
These rollbacks ensure the logical integrity of the data by reverting the database to a consistent state before the transaction began.

Sources
1.Transaction Processing | Using ObjectScript | InterSystems IRIS Data Platform 2024.3
2.ROLLBACK (SQL) | InterSystems SQL Reference | InterSystems IRIS Data Platform 2024.3
3.TROLLBACK (ObjectScript) | ObjectScript Reference | InterSystems IRIS Data Platform 2024.3

4.4 Implements concurrency controls  

[GOOD]  Describes functionality of locking mechanisms with respect to stateful and stateless applications

Locking mechanisms in InterSystems IRIS are crucial for managing concurrency control in both stateful and stateless applications. The basic locking mechanism is the LOCK command, which delays activity in one process until another process signals that it is okay to proceed. This ensures that different processes do not change the same data element simultaneously, preventing data corruption.
For stateful applications, locks are typically used to control access to application data stored in globals. For example, if an application needs to read or modify global nodes, it creates shared or exclusive locks to prevent other processes from modifying or reading these nodes during the operation. This ensures data consistency and integrity during the application’s stateful operations.
For stateless applications, locks can be used to prevent multiple processes from performing the same activity simultaneously. For instance, a routine that should not be run by more than one process at a time can create an exclusive lock on a specific global node. If the lock is acquired, the routine proceeds; otherwise, it quits with an error message indicating that the routine is already running.
Locks can be exclusive or shared, and they can be non-escalating or escalating. Exclusive locks prevent any other process from acquiring a lock with the same name, while shared locks allow multiple processes to hold non-conflicting locks on the same resource. Escalating locks help manage large numbers of locks by consolidating them into a single lock when a threshold is reached, reducing memory consumption and the chance of filling the lock table.
In summary, locks in InterSystems IRIS are used to control access to data resources, ensuring data integrity and preventing simultaneous conflicting operations in both stateful and stateless applications [1] [2].

Sources
1.Locking and Concurrency Control | Using ObjectScript | InterSystems IRIS Data Platform 2024.3
2.LOCK (ObjectScript) | ObjectScript Reference | InterSystems IRIS Data Platform 2024.3

[GOOD]  Follows best practices when using locks

When using locks in InterSystems IRIS, it is important to follow best practices to ensure system stability and prevent issues such as deadlocks. Here are some key best practices:
1.    Identify and Terminate Processes: Rather than removing a lock directly, identify and terminate the process that created the lock. Removing a lock can have a severe impact on the system depending on the purpose of the lock [1].
2.    Avoid Deadlocks: To prevent deadlocks, always include a timeout argument when acquiring locks. Follow a strict protocol for the order in which you issue incremental LOCK commands, ensuring all processes follow the same order for lock names. Using simple locking rather than incremental locking can also help avoid deadlocks [2].
3.    Use Shared and Exclusive Locks Appropriately: Use shared locks when multiple processes need to view the same record, and exclusive locks when a process needs to modify a record. Shared locks prevent other processes from acquiring exclusive locks, and vice versa [3].
4.    Lock Arrays Correctly: When locking arrays, you can lock either the entire array or specific nodes. Locking a node prevents other processes from locking any subordinate nodes or direct ancestors of the locked node [3].
5.    Monitor and Manage Locks: Use the Management Portal to view and manage the lock table. This includes viewing current locks and, if necessary, removing locks. The lock table records all current locks and the processes that own them [2].
6.    Use the LOCK Command Properly: The LOCK command is used to add and remove locks. Incremental locks are added using LOCK +lockname, and removed using LOCK -lockname. You can also specify lock types and timeouts to control the behavior of locks [2][3].
For detailed instructions on using the LOCK command and managing locks, refer to the relevant sections in the documentation [2][3].

Sources
1.Locks (Tools/APIs) | InterSystems API Index | InterSystems IRIS Data Platform 2024.3
2.Locking and Concurrency Control | Using ObjectScript | InterSystems IRIS Data Platform 2024.3
3.Lock Command, continued | ObjectScript Tutorial | InterSystems IRIS Data Platform 2024.3

[GOOD]  Chooses between row locks and table locks
The choice between row locks and table locks in InterSystems SQL is managed by the LOCK_ESCALATION_THRESHOLD option. This option is set to an integer value that determines when to escalate from row-level locking to table-level locking. The default value is 1000. This means that if a process performs more than 1000 inserts, updates, or deletes on a single table within a single transaction, the system will attempt to acquire a table-level lock instead of continuing to lock individual rows. This helps to prevent the lock table from becoming too full [1].

Sources
1.SET OPTION (SQL) | InterSystems SQL Reference | InterSystems IRIS Data Platform 2024.3