my dog learned polymorphism*
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Another Sample Question - Oracle SCEA Part 1 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Another Sample Question - Oracle SCEA Part 1" Watch "Another Sample Question - Oracle SCEA Part 1" New topic
Author

Another Sample Question - Oracle SCEA Part 1

Teja Saab
Rancher

Joined: Mar 08, 2010
Posts: 152
I am referring to question 2 from the list of sample questions provided by Oracle here.


2) Your organization has a legacy thick-client application. The issue is that the presentation and business logic are currently coupled. A change in presentation logic requires a change in business logic. A suggestion is to re-factor this into a three-tier application and separate the business logic from the presentation logic.

What non-functional requirement would you improve by separating the presentation layer from the business layers?
a) Security
b) Response Time
c) Manageability
d) Maintainability (*)
e) Performance

REFERENCE:
Practical Software Estimation: (M. A. Parthasarathy)
Option D is correct.
Option A is incorrect because securing a one-tier application is generally easier than securing a three-tier application. With a three-tier you need to secure the web server, application server, and database.
Option C is incorrect because manageability of one-tier application is generally easier than tree-tier application. With a three-tier you need to manage the health the web server, application server, and database.
Options B, E are incorrect because performance and response time of a one-tier system should be better than a three-tier. With a three-tier application the request/response cycle includes a web server, application server, and database.



The question says which NFR is improved and does not say which NFR is easier to achieve. The answers seem to have no correlation to the question.

Security will be improved in a three tier architecture as opposed to a single tier architecture because you can have multiple layers of security (business logic tier possibly in DMZ, EIS tier on the very secure internal LAN etc). But the answers given by Oracle talk about what is easier to accomplish which is not the question at all.

Does someone else think that the answers have no correlation to the questions or maybe I have gone bonkers?

Ranchers...Please provide your thoughts

Thanks


SCEA 5, SCJD,SCWCD,SCJP,PMP,IBM-SOA Solution designer,IBM-XML
sivan jai
Ranch Hand

Joined: Feb 24, 2010
Posts: 115
I think the answer sun has provided is right - you will ofcourse decrease security when going for multiple tiers - more places to secure. Maintainability is improved when you go for separation of concerns - think you got it wrong here.
Teja Saab
Rancher

Joined: Mar 08, 2010
Posts: 152
sivan jai wrote:I think the answer sun has provided is right - you will ofcourse decrease security when going for multiple tiers - more places to secure. Maintainability is improved when you go for separation of concerns - think you got it wrong here.


Hi Sivan,

Thanks for your feedback and thoughts.

However, I disagree that security will be decreased in a multi tier system. You will increase security in a multi tier system. In a single tier system, if you compromise one tier, all the other tiers are compromised as well. On the other hand, in a multi tier system, due to the several security layers, a compromise of one tier will not lead to a compromise of the other. You can employ several sophisticated mechanisms such as use of DMZs, firewalls, payload encryption etc in a multi tier system, which you cannot in a non multi tier system.

Undoubtedly securing a multi tier system is more difficult. However, the question is "what non functional requirement is improved.....?" and security is clearly improved in a multi tier system even if it is more difficult to achieve.
sivan jai
Ranch Hand

Joined: Feb 24, 2010
Posts: 115
Just think of a castle with only one entry point and a castle with mutliple entry points - which is easier to guard? - why did medieval castles have a crocodile infested moat and a single draw bridge entry point :-)
I disagree that firewalls etc cannot be applied to single tier systems - who prevents you from doing all those in a single tier system?
Dmitri Ericsson
Ranch Hand

Joined: Feb 16, 2010
Posts: 109
The answer is pretty straightforward - coupled code, hard to maintain - added more tiers - easier to maintain. The question hints that there could be only one answer, so Maintainability is that NFR which will be satisfied most.

Why not Security? Yes, you can built DMZs, secure LANs and so on, but you will not get this advantage out of the box. Just after implementing new architecture 3 tier has more weak points than a single tier does. That what they mean.

And finally, It's a test, and when they require one answer you should provide the one in which you are most confident.


SCEA 5, SCJP 6 My SCEA Experience
Teja Saab
Rancher

Joined: Mar 08, 2010
Posts: 152
Thanks Sivan and Dmitri.
 
wood burning stoves
 
subject: Another Sample Question - Oracle SCEA Part 1
 
Similar Threads
Difference between 3 tiers and n tiers??
Oracle Sample Question - Contradiction with Cade's study guide
What is a fat client?
Three or 4 Tier?
How a Distributed application differs from client server application,