I am referring to question 2 from the list of sample questions provided by Oracle here.
2) Your organization has a legacy thick-client application. The issue is that the presentation and business logic are currently coupled. A change in presentation logic requires a change in business logic. A suggestion is to re-factor this into a three-tier application and separate the business logic from the presentation logic.
What non-functional requirement would you improve by separating the presentation layer from the business layers?
b) Response Time
d) Maintainability (*)
Practical Software Estimation: (M. A. Parthasarathy)
Option D is correct.
Option A is incorrect because securing a one-tier application is generally easier than securing a three-tier application. With a three-tier you need to secure the web server, application server, and database.
Option C is incorrect because manageability of one-tier application is generally easier than tree-tier application. With a three-tier you need to manage the health the web server, application server, and database.
Options B, E are incorrect because performance and response time of a one-tier system should be better than a three-tier. With a three-tier application the request/response cycle includes a web server, application server, and database.
The question says which NFR is improved and does not say which NFR is easier to achieve. The answers seem to have no correlation to the question.
Security will be improved in a three tier architecture as opposed to a single tier architecture because you can have multiple layers of security (business logic tier possibly in DMZ, EIS tier on the very secure internal LAN etc). But the answers given by Oracle talk about what is easier to accomplish which is not the question at all.
Does someone else think that the answers have no correlation to the questions or maybe I have gone bonkers?
I think the answer sun has provided is right - you will ofcourse decrease security when going for multiple tiers - more places to secure. Maintainability is improved when you go for separation of concerns - think you got it wrong here.
Joined: Mar 08, 2010
sivan jai wrote:I think the answer sun has provided is right - you will ofcourse decrease security when going for multiple tiers - more places to secure. Maintainability is improved when you go for separation of concerns - think you got it wrong here.
Thanks for your feedback and thoughts.
However, I disagree that security will be decreased in a multi tier system. You will increase security in a multi tier system. In a single tier system, if you compromise one tier, all the other tiers are compromised as well. On the other hand, in a multi tier system, due to the several security layers, a compromise of one tier will not lead to a compromise of the other. You can employ several sophisticated mechanisms such as use of DMZs, firewalls, payload encryption etc in a multi tier system, which you cannot in a non multi tier system.
Undoubtedly securing a multi tier system is more difficult. However, the question is "what non functional requirement is improved.....?" and security is clearly improved in a multi tier system even if it is more difficult to achieve.
Joined: Feb 24, 2010
Just think of a castle with only one entry point and a castle with mutliple entry points - which is easier to guard? - why did medieval castles have a crocodile infested moat and a single draw bridge entry point :-)
I disagree that firewalls etc cannot be applied to single tier systems - who prevents you from doing all those in a single tier system?
The answer is pretty straightforward - coupled code, hard to maintain - added more tiers - easier to maintain. The question hints that there could be only one answer, so Maintainability is that NFR which will be satisfied most.
Why not Security? Yes, you can built DMZs, secure LANs and so on, but you will not get this advantage out of the box. Just after implementing new architecture 3 tier has more weak points than a single tier does. That what they mean.
And finally, It's a test, and when they require one answer you should provide the one in which you are most confident.