Effective CISSP Questions

Your company is developing an E-Commerce system, which is a system of systems. It accepts orders on web servers, processes them on application servers, stores them on database servers, and sends short messages of transaction success to customers through external notification services. Internal DNS servers are deployed for domain name resolution, while external DNS servers are employed for failover. Which of the following is the best composition theory describing the DNS operations?
A. Cascading
B. Feedback
C. Hookup
D. Delegate

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Hookup.

Software Architecture

“Delegate” is a generic term and can be used in various contexts. It is a distractor in this question.

  • Cascading: It is a one-way operation that the system sends short messages through external notification services.
  • Feedback: The web server sends orders to the application servers and gets a response from them. It’s common for the application servers to “call back” the clients if the job is done. The communication is bidirectional or two-way.
  • Hookup: DNS operations use both internal and external DNS servers for name resolution.


A system-of-systems is a system-of-interest whose system elements are themselves systems; typically, these entail large-scale interdisciplinary problems with multiple, heterogeneous, distributed systems.

The engineering effort occurs across a set of constituent systems, each system with its own stakeholders, primary purpose, and planned evolution. The composition of the constituent systems into a system-of-systems produces a capability that would otherwise be difficult or impractical to achieve. This effort can occur across a continuum of system-of-systems types from a relatively informal, unplanned system-of-systems concept and evolution that emerges over time via voluntary participation, to degrees of more formal execution with the most formal being a system-of-systems concept that is directed, planned, structured, and achieved via a centrally managed engineering effort.

Source: NIST 800-160, VOLUME 1

Composition Theories

Composition theories are introduced in the Sybex CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide as follows:

Some other models that fall into the information flow category build on the notion of how inputs and outputs between multiple systems relate to one another— which follows how information flows between systems rather than within an individual system. These are called composition theories because they explain how outputs from one system relate to inputs to another system. There are three recognized types of composition theories:

* Cascading: Input for one system comes from the output of another system.
* Feedback: One system provides input to another system, which reciprocates by reversing those roles (so that system A first provides input for system B and then system B provides input to system A).
* Hookup: One system sends input to another system but also sends input to external entities.



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

您的公司正在開發一個電子商務系統,這是一個多系統組成的系統(system of systems)。 它接受Web服務器上的訂單,在應用程序服務器上處理訂單,將其存儲在數據庫服務器上,並通過外部通知服務將交易成功的短信發送給客戶。 部署在內部的DNS服務器用於域名解析,外部的DNS服務器則用來作為故障轉移。 以下哪項是描述DNS操作的最佳組合理論(composition theory)?
A. 級聯 (Cascading)
B. 反饋 (Feedback)
C. 掛勾 (Hookup)
D. 委派 (Delegate)


Leave a Reply