Effective CISSP Questions

Your company sells toys online worldwide. A web-based E-Commerce system developed in-house supports the business. The EC system comprises a web server farm to present the web user interface and application programming interface. A cluster of application servers handles user transactions. A primary RDBMS server with two secondary servers holding DB replica persists user transactions and enables cache operations. Which of the following best describes the design of the deployment architecture?
A. Multi-layered model
B. Subject-Object model
C. Client/Server model
D. Multi-tiered model

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Multi-tiered model.


Layering is a common architectural principle to organize things or separate concerns to increase maintainability and extensibility. Security requirements and security functionality can be allocated to each layer efficiently. It’s a typical architectural type to divide applications into three layers: presentation layer, business logic layer (BLL), and data access layer (DAL).


In contrast to layers emphasizing the logical architectural design, tiers are used in the physical deployment architecture. A three-layered application is logically separated into three layers, but each layer can be deployed into one or more computers to shape a tier. A three-layered application can be deployed to a one-tier, two-tier, three-tier, or multi-tier system.

ISO 19249

Layering is an architectural principle specified in ISO 19249.



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.

Leave a Reply