Robert is responsible for implementing a common architecture used when customers need to access confidential information through Internet connections. Which of the following best describes this type of architecture?

A.
Two-tiered model

B.
Screened subnet

C.
Three-tiered model

D.
Public and private DNS zones

Explanation:
C: Many of today’s e-commerce architectures use a three-tiered architecture approach. The three-tier architecture is a client-server architecture in which the user interface,
functional process logic, and data storage run as independent components that are developed and maintained, often on separate platforms. The three-tier architecture allows for
any one of the tiers to be upgraded or modified as needed without affecting the other two tiers because of its modularity. In the case of e-commerce, the presentation layer is a
front-end Web server that users interact with. It can serve both static and cached dynamic content. The business logic layer is where the request is reformatted and processed.
This is commonly a dynamic content processing and generation-level application server. The data storage is where the sensitive data is held. It is a backend database that holds
both the data and the database management system software that is used to manage and provide access to the data. The separate tiers may be connected with middleware and
run on separate physical servers.
A is incorrect because two-tiered, or client-server, describes an architecture in which a server provides services to one or more clients that request those services. Many of
today’s business applications and Internet protocols use the client-server model. This architecture uses two systems: a client and a server. The client is one tier and the server is
another tier, hence the two-tier architecture. Each instance of the client software is connected to one or more servers. The client sends its information request to a server, which
processes the request and returns the data to the client. A three-tier architecture is a better approach for protecting sensitive information when requests are coming in from the
Internet. It provides one extra tier that an attacker must exploit to gain access to the sensitive data being held on the backend server.
B is incorrect because a screened host architecture means that one firewall is in place to protect one server, which is basically a one-tier architecture. An external, publicfacing
firewall screens the requests coming in from an untrusted network as in the Internet. If the one tier, the only firewall, is compromised, then the attacker can gain access to
the sensitive data that resides on the server relatively easily.
D is incorrect because while separating DNS servers into public and private servers provides protection, it is not an actual architecture used for the purpose requested in the
question. Organizations should implement split DNS (public and private facing), which means a DNS server in the DMZ handles external resolution requests, while an internal
DNS server handles only internal requests. This helps ensure that the internal DNS has layers of protection and is not exposed to Internet connections.