| 🏠 Back to Exam Syllabus | 📺 RooCloud on YouTube | 🌐 RooCloud Practice Exams |
CISSP 12.6 - Load Balancing
This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series spreads work across many systems to keep services fast and available within Domain 4. It covers the problem load balancing solves, how a balancer chooses a target, what TLS offloading and virtual IP addresses do, and how active-active and active-passive designs handle failure.
What this episode covers
- The problem it solves — spreading traffic across links or devices to lower response time, lift throughput, and remove single choke points.
- Scheduling methods — random, round robin, load monitoring, weighted, least connections, and locality by geography or affinity.
- TLS offloading — the balancer strips TLS so web servers skip the decrypt and re-encrypt burden, but the zone behind must be protected.
- Virtual IP addresses — one resilient front door mapped to a whole server pool for high availability and quiet scaling.
- Content and global routing — the virtual IP supports content-based routing and even global load balancing across data centers.
- Active-active — every path carries traffic for maximum throughput, though survivors bear the full load when one fails.
- Active-passive — dormant standbys take over on failure, keeping performance steady before and after.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
What problem does load balancing solve?
Load balancing makes the best use of your infrastructure by spreading traffic across several links or devices. The payoff is lower response time, higher throughput, less overload, and no single choke point. A common use is fanning requests across a server farm or cluster, with a load balancer sitting in front to decide where each request lands, so nobody waits behind a single overwhelmed register.
How does a balancer decide where each request goes?
It follows a scheduling method. Random choice sends each connection to a destination at random, round robin walks the list in order and loops, and load monitoring sends the next request to whichever target is least busy. Weighted, or preferencing, favors stronger machines, least connections routes to the target with the fewest active sessions, and locality picks the closest destination or keeps returning a client to the same server it used before.
What is TLS offloading?
A load balancer can strip the TLS encryption off incoming requests so the web servers behind it are spared the heavy work of decrypting and re-encrypting, freeing them to focus on the application itself. It is like a mailroom that opens and sorts every sealed envelope at the door. The cost is that traffic past that point may travel in the clear, so you must protect the zone behind it.
What role do virtual IP addresses play?
A virtual IP address is the single front door to a whole pool of servers. Unlike a physical address tied to one interface, it maps to a cluster and the balancer uses it as the entry point for incoming traffic. It boosts high availability by shifting traffic to healthy servers if one fails, enables scalability by adding or removing servers unseen, is often where TLS termination happens, and supports content-based and global load balancing.
What is the difference between active-active and active-passive?
Both are load-balancing designs, and the trade is about how you use spare capacity. In active-active, every pathway carries traffic during normal operations, maximizing throughput, but if one fails the survivors must shoulder the full load, so capacity drops under stress. In active-passive, some systems sit dormant as standbys, and when an active element fails a standby wakes and takes over, keeping performance steady before and after the failure.
📚 Master the ISC2 CISSP Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in CISSP 12.6 - Load Balancing.