Search...
FAQs Subscribe
Pie
FAQs
Recent topics Flagged topics Hot topics Best topics
Search...
Search within OCMJEA Search Coderanch
Advance search Google search
Register / Login
Forums Register Login
Certification » Architect Certification (OCMJEA)

Another Sample Question - Oracle SCEA Part 1

Teja Saab , Rancher
+Pie Number of slices to send: Send
I am referring to question 2 from the list of sample questions provided by Oracle here.


2) Your organization has a legacy thick-client application. The issue is that the presentation and business logic are currently coupled. A change in presentation logic requires a change in business logic. A suggestion is to re-factor this into a three-tier application and separate the business logic from the presentation logic.

What non-functional requirement would you improve by separating the presentation layer from the business layers?
a) Security
b) Response Time
c) Manageability
d) Maintainability (*)
e) Performance

REFERENCE:
Practical Software Estimation: (M. A. Parthasarathy)
Option D is correct.
Option A is incorrect because securing a one-tier application is generally easier than securing a three-tier application. With a three-tier you need to secure the web server, application server, and database.
Option C is incorrect because manageability of one-tier application is generally easier than tree-tier application. With a three-tier you need to manage the health the web server, application server, and database.
Options B, E are incorrect because performance and response time of a one-tier system should be better than a three-tier. With a three-tier application the request/response cycle includes a web server, application server, and database.


The question says which NFR is improved and does not say which NFR is easier to achieve. The answers seem to have no correlation to the question.

Security will be improved in a three tier architecture as opposed to a single tier architecture because you can have multiple layers of security (business logic tier possibly in DMZ, EIS tier on the very secure internal LAN etc). But the answers given by Oracle talk about what is easier to accomplish which is not the question at all.

Does someone else think that the answers have no correlation to the questions or maybe I have gone bonkers?

Ranchers...Please provide your thoughts

Thanks
sivan jai , Ranch Hand
+Pie Number of slices to send: Send
I think the answer sun has provided is right - you will ofcourse decrease security when going for multiple tiers - more places to secure. Maintainability is improved when you go for separation of concerns - think you got it wrong here.
Teja Saab , Rancher
+Pie Number of slices to send: Send
 

sivan jai wrote:I think the answer sun has provided is right - you will ofcourse decrease security when going for multiple tiers - more places to secure. Maintainability is improved when you go for separation of concerns - think you got it wrong here.



Hi Sivan,

Thanks for your feedback and thoughts.

However, I disagree that security will be decreased in a multi tier system. You will increase security in a multi tier system. In a single tier system, if you compromise one tier, all the other tiers are compromised as well. On the other hand, in a multi tier system, due to the several security layers, a compromise of one tier will not lead to a compromise of the other. You can employ several sophisticated mechanisms such as use of DMZs, firewalls, payload encryption etc in a multi tier system, which you cannot in a non multi tier system.

Undoubtedly securing a multi tier system is more difficult. However, the question is "what non functional requirement is improved.....?" and security is clearly improved in a multi tier system even if it is more difficult to achieve.
sivan jai , Ranch Hand
+Pie Number of slices to send: Send
Just think of a castle with only one entry point and a castle with mutliple entry points - which is easier to guard? - why did medieval castles have a crocodile infested moat and a single draw bridge entry point :-)
I disagree that firewalls etc cannot be applied to single tier systems - who prevents you from doing all those in a single tier system?
Dmitri Ericsson , Ranch Hand
+Pie Number of slices to send: Send
The answer is pretty straightforward - coupled code, hard to maintain - added more tiers - easier to maintain. The question hints that there could be only one answer, so Maintainability is that NFR which will be satisfied most.

Why not Security? Yes, you can built DMZs, secure LANs and so on, but you will not get this advantage out of the box. Just after implementing new architecture 3 tier has more weak points than a single tier does. That what they mean.

And finally, It's a test, and when they require one answer you should provide the one in which you are most confident.

Teja Saab , Rancher
+Pie Number of slices to send: Send
Thanks Sivan and Dmitri.
Post by:autobot
Live a little! The night is young! And we have umbrellas in our drinks! This umbrella has a tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com


reply
reply
This thread has been viewed 1857 times.
Similar Threads
How a Distributed application differs from client server application,
Difference between 3 tiers and n tiers??
What is a fat client?
Oracle Sample Question - Contradiction with Cade's study guide
Three or 4 Tier?
More...

All times above are in ranch (not your local) time.
The current ranch time is
Apr 16, 2024 05:46:04.
Contact Us | advertise |
Copyright © 1998-2024 paul wheaton, missoula, MT
Jump to top of page