Effective CISSP Questions

Your company sells toys online worldwide. A web-based E-Commerce system developed in-house supports the business. The EC system comprises a web server farm to present the web user interface and application programming interface. A cluster of application servers handles user transactions. A primary RDBMS server with two secondary servers holding DB replica persists user transactions and enables cache operations. Which of the following best describes the design of the deployment architecture?
A. Multi-layered model
B. Subject-Object model
C. Client/Server model
D. Multi-tiered model

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Multi-tiered model.

Layer vs Tier


Layering is a common architectural principle to organize things or separate concerns to increase maintainability and extensibility. Security requirements and security functionality can be allocated to each layer efficiently. It’s a typical architectural type to divide applications into three layers: presentation layer, business logic layer (BLL), and data access layer (DAL).


In contrast to layers emphasizing the logical architectural design, tiers are used in the physical deployment architecture. A three-layered application is logically separated into three layers, but each layer can be deployed into one or more computers to shape a tier. A three-layered application can be deployed to a one-tier, two-tier, three-tier, or multi-tier system.

ISO 19249

Layering is an architectural principle specified in ISO 19249.

Architectural and Design Principles

Added on 20210523:

The design of the software architecture can be logogically layered using the layering principle. The software solution with a layered architecture can be physically deployed on to one machine (one tire) or multiple machines grouped into various tiers of functions. The (physical) deployment model can be discribed using UML deployment diagrams. Layering is an architectural design principle to facilitate extensibility and maintenancability. However, layering contributes to security engineering in that an architect can consider security needs and allocate security requirements and security controls based on a well-designed layered architecture. Tiering is implemented to improve performance, availability, scalability, elasticity, and security.


Leave a Reply