Client/Server services allocate computing power resources among workstations with some shared resources centralized in servers.
For example, if you are using a product that is working in a client/ server model, in reality you have a small piece of the product on your computer (client portion) and the larger piece of the software product is running on a different computer (server portion). The communication between these two pieces of the same software product needs to be controlled, which is why session layer protocols even exist. Session layer protocols take on the functionality of middleware, which allows software on two different computers to communicate.
Distributed systems are the opposite of centralized systems like mainframes and thin client implementations. Traditional client/server architectures are the most common example of a distributed system. In a traditional client/server architecture, responsibilities for processing have been balanced between centralized servers providing services to multiple clients and client machines that focus on user interaction and standalone processing where appropriate. For the most part, servers are responsible for serving, meaning that they provide services that will be leveraged by the clients in the environment. Clients are the primary consumers of server services, while also hosting services of their own primarily for their own individual use.
Reference used for this question:
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 524). McGraw-
Hill. Kindle Edition.
and
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 18741-18745). Auerbach Publications. Kindle
Edition.
and
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, 2001, John Wiley & Sons, Page 100

Explanation/Reference:
Explanation:
Denial-of-service (DoS) attacks are attacks that prevent a system from processing or responding to legitimate traffic or requests for resources and objects. This type of attack makes the system unavailable.
Incorrect Answers:
A: Denial-of-service (DoS) attack main effect is not confidentiality, it is availability.
B: Denial-of-service (DoS) attack main effect is not integrity, it is availability.
C: Denial-of-service (DoS) attack main effect is not integrity, it is accountability.
References:
Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 64

According to web results, the most likely way to exfiltrate PII while avoiding detection is to use techniques that anonymize connections to servers, tunnel data over DNS, HTTP, or HTTPS, or use fileless attacks and remote code execution. These methods can help bypass network segmentation, encryption, packet capture, and logging measures.
Therefore, the best answer among the given options is B. Unauthorized access to the database server via a compromised web application. This could allow the attacker to execute malicious code on the server and send the data over an encrypted or obfuscated channel to a remote server.