Yes, it's possible (as per JNK's answer: 2 overlapping MAX reads, both get 6, one fails with duplicate assuming a constraint)
Use IDENTITY columns for this very reason.
If you have some odd notion to not use IDENTITY, then you have to use lock granularity (TABLOCKX ) or semaphores (sp_getapplock) to restrict concurrency and allow only one process to run MAX at a time.
Edit:
Two requests that come in at the same time (or very close to it) run concurrently. They are both separate from each other but overlapping.
So each process will read the table using MAX and both get 6. At this point, both processes and reading and the INSERTs have not started yet.
The leading processes INSERTs 6, closely followed by the lagging process. The lagging process will get the unique key violation (you have uniqueness, right?)
If the gap between processes is enough so that the 2nd read happens after the 1st INSERT you're OK.
However, if you have enough calls that you have this risk of duplicate, then using locks/semaphores to decrease concurrency is madness...
Best Answer
There is not a dedicated "component of the SQL Server architecture" for this. The protocol layer, including the whole login process is handled by the Database Engine. The SQL Server Database Engine is a single large process that hosts
--Microsoft SQL Server 2012 Internals, pp 10 Kalen Delaney, et al
This is in contrast to Oracle, which has the "Oracle Net Listener" which is a separate process. https://docs.oracle.com/cd/B28359_01/network.111/b28316/architecture.htm#NETAG209