This chapter covers backup and recovery methods, a critical topic for the CompTIA A+ Core 2 (220-1102) exam, particularly under Operational Procedures (Objective 4.3). Approximately 10-15% of exam questions relate to backup and recovery concepts, including the 3-2-1 rule, backup types, and recovery procedures. Mastering this chapter will help you understand how to protect data, choose appropriate backup methods, and recover from data loss scenarios, which are essential skills for any IT professional.
Jump to a section
Think of your data as the only copy of a priceless manuscript in a library. A backup strategy is like having a fire insurance policy that not only pays out but also stores a duplicate of the manuscript in a separate, secure vault. The 3-2-1 rule is like having three copies: the original on the library shelf (production), a second copy in the library's basement (local backup), and a third copy in a vault across town (offsite backup). The backup software is the librarian who, every day, photocopies any new pages written and sends them to the basement and the vault. Full backups are like photocopying the entire manuscript each time; incremental backups copy only the pages changed since the last photocopy; differential backups copy all pages changed since the last full photocopy. The recovery point objective (RPO) is how many pages you are willing to lose — if you copy every hour, you lose at most one hour of writing. The recovery time objective (RTO) is how fast you need to retrieve the vault copy after a fire. If the vault is slow to access (tape retrieval), your RTO is long. If it's a cloud vault with instant download, your RTO is short. Just as you wouldn't store the only copy of the manuscript in the same building, you never keep backups on the same device or in the same physical location as the original.
Backup and recovery is the process of creating copies of data to protect against loss and the subsequent restoration of that data from those copies. The primary goal is to ensure business continuity and data integrity after events like hardware failure, accidental deletion, ransomware attacks, or natural disasters. The 220-1102 exam focuses on understanding different backup types, media, and the 3-2-1 rule.
The 3-2-1 Backup Rule
This is a foundational principle: maintain at least three copies of your data, on two different media types, with one copy offsite. The three copies include the original data and two backups. Using two different media types (e.g., external hard drive and cloud storage) protects against a single point of failure (e.g., a defective batch of tapes). The offsite copy protects against site-level disasters like fire or flood. The exam expects you to know this rule and apply it in scenario-based questions.
Backup Types
There are three primary backup types, each with different trade-offs in speed, storage space, and recovery time.
Full Backup: Copies all selected data. It is the slowest to create and uses the most storage, but recovery is fastest because only one backup set is needed. Typically performed weekly.
Incremental Backup: Copies only data that has changed since the last backup (full or incremental). It is the fastest to create and uses the least storage, but recovery is slowest because you must restore the last full backup plus all subsequent incremental backups in order. For example, if you have a full backup on Sunday and incremental backups Monday through Friday, restoring Friday's data requires restoring Sunday's full backup, then Monday, Tuesday, Wednesday, Thursday, and Friday incremental backups.
Differential Backup: Copies all data that has changed since the last full backup. It is slower than incremental but faster than full. Recovery is faster than incremental because you only need the last full backup and the latest differential backup. However, differential backups grow larger over time until the next full backup.
Backup Media
Common backup media include: - Hard Disk Drives (HDD) / Solid State Drives (SSD): External or internal drives. Fast, high capacity, but susceptible to physical damage and theft. - Tape Drives: Older technology, still used for long-term archival due to low cost per GB and durability. Slow access (sequential). - Optical Discs (CD/DVD/Blu-ray): Low capacity, suitable for small amounts of data. Prone to scratches and degradation. - Cloud Storage: Offsite, scalable, and accessible from anywhere. Requires internet connectivity and ongoing subscription costs. Examples: Google Drive, Dropbox, Microsoft OneDrive, AWS S3. - Network Attached Storage (NAS): A dedicated device on the local network that provides centralized storage for backups. Can be configured with RAID for redundancy.
Backup Methods
Image Backup: Creates a sector-by-sector copy of an entire drive or partition, including the operating system, applications, and data. This allows for bare-metal recovery (restoring a system to a completely different hardware). Common tools: Acronis True Image, Clonezilla, Windows System Image Backup.
File-Level Backup: Copies individual files and folders. More granular but does not capture system state or boot sectors. Requires reinstallation of OS if system drive fails.
System State Backup: Backs up critical system components such as the registry, boot files, and Active Directory (on domain controllers). Windows allows system state backup via wbadmin command.
Recovery Procedures
Full Restore: Restoring all data from a full backup. Simplest but may overwrite existing data.
Selective Restore: Restoring specific files or folders from a backup.
Bare-Metal Restore: Restoring a system to a new hardware without first installing an OS. Requires an image backup.
Point-in-Time Recovery: Restoring data to a specific moment, often used with databases or virtual machines.
Backup Verification
A backup is only as good as its ability to be restored. Verification techniques include: - Checksums/Hashes: Compare hash values (e.g., MD5, SHA-1) of original and backed-up files to ensure integrity. - Test Restores: Periodically perform a test restore to a non-production environment to validate the backup. - Backup Logs: Review logs for errors or warnings.
Retention Policies
Retention policies define how long backups are kept. Common schemes: - Grandfather-Father-Son (GFS): Daily (son), weekly (father), monthly (grandfather) backups with different retention periods. - Towers of Hanoi: A rotation scheme that optimizes tape usage. - Simple Rotation: Overwrite the oldest backup with the newest.
Backup Software and Tools
- Windows Backup and Restore: Built-in tool in Windows 7, 8, 10, 11. Can create system images and file backups.
- Windows File History: Protects user files by saving copies to an external drive or network location.
- wbadmin: Command-line tool for backup and recovery in Windows Server and Windows 10/11.
Example: wbadmin start backup -backupTarget:E: -include:C: -allCritical -quiet
- Third-Party Tools: Acronis, Macrium Reflect, Veeam, Backup Exec.
Common Backup Strategies
Local Backup: Backup to an external drive or NAS. Fast, but vulnerable to same physical threats.
Offsite Backup: Backup to a remote location (cloud or physical site). Protects against site disasters.
Hybrid Backup: Combination of local and offsite backups (e.g., backup to NAS locally and replicate to cloud).
The 3-2-1 Rule in Practice
Example: A small business has:
- Copy 1: Original data on server (production) - Copy 2: Daily backup to external hard drive (local, different media) - Copy 3: Weekly backup to cloud storage (offsite, different media) This satisfies 3-2-1.
Recovery Point Objective (RPO) and Recovery Time Objective (RTO)
- RPO: Maximum acceptable amount of data loss measured in time. For example, if backups are taken every 4 hours, RPO is 4 hours. - RTO: Maximum acceptable downtime after a disaster. For example, if restoring from tape takes 24 hours, RTO is 24 hours. The exam may ask you to choose a backup type based on RPO/RTO requirements.
Encryption and Security
Backups should be encrypted to protect sensitive data. Encryption can be done at the file level (e.g., BitLocker, EFS) or at the backup software level. Also, ensure backup media is stored securely (locked cabinet, offsite vault).
Testing Backups
Regularly test backups by performing a restore to a test environment. This validates that the backup process works and data is intact. Many organizations fail to test and discover corrupt backups only when needed.
Disaster Recovery Plan
A disaster recovery plan (DRP) outlines procedures for recovering IT infrastructure after a disaster. Backups are a key component. The DRP should include:
Contact information for key personnel
Inventory of hardware and software
Backup schedules and locations
Step-by-step recovery procedures
Testing schedule
Exam Tips
Know the 3-2-1 rule: 3 copies, 2 media types, 1 offsite.
Understand the trade-offs between full, incremental, and differential backups.
Be able to recommend a backup strategy given RPO and RTO requirements.
Know common backup media and their characteristics.
Understand the difference between image backup and file-level backup.
Recognize that cloud backups are offsite but require internet.
Be aware that system state backup includes boot files, registry, and Active Directory.
Remember that a full backup resets the archive bit, while incremental and differential do not in the same way.
Command Examples
Windows: wbadmin get versions to list available backups.
Linux: rsync -av /source /destination for file-level backup.
Linux: dd if=/dev/sda of=/backup/sda.img for disk image backup.
Common Pitfalls
Only one copy of backup (violates 3-2-1).
Backing up to the same disk as original (no protection against drive failure).
Not testing restores.
Using only incremental backups without periodic full backups (recovery becomes very slow).
Not encrypting backups with sensitive data.
Storing backups in same physical location as original (no offsite copy).
Assess Data and Requirements
Identify critical data, acceptable data loss (RPO), and maximum downtime (RTO). For example, a database that changes every minute may need an RPO of 5 minutes, requiring frequent backups. This step determines the backup type and frequency. Also consider legal or compliance requirements (e.g., HIPAA, GDPR) that mandate retention periods and encryption. Document all systems and data that need protection.
Choose Backup Media and Location
Select media based on capacity, speed, cost, and offsite needs. For local backup, an external USB hard drive (e.g., 4TB) is common. For offsite, cloud storage (e.g., Backblaze B2) or tape shipped to a vault. Ensure the media is reliable and compatible with backup software. Consider using two different media types to satisfy the 3-2-1 rule, e.g., HDD locally and SSD in the cloud.
Select Backup Software and Configure
Choose software that supports the required backup types (full, incremental, differential). Configure the backup job: specify source data, destination, schedule (e.g., full backup every Sunday at 2 AM, incremental daily at 10 PM), and retention policy (e.g., keep 4 weekly full backups, 30 daily incrementals). Enable encryption (e.g., AES-256) and set a password. Configure email notifications for success/failure.
Perform Initial Full Backup
Run the first full backup. This creates a baseline copy of all selected data. Depending on data size, this may take hours. Monitor the backup log for errors. Verify that the backup completed successfully and that the data is accessible. For large datasets, consider seeding the initial backup (e.g., shipping a hard drive to the cloud provider) to avoid long initial upload.
Schedule and Automate Subsequent Backups
Set up automated incremental or differential backups based on the schedule. For example, incremental backups run every 4 hours. Ensure the backup software runs as a service with appropriate permissions. Test that the schedule triggers correctly. Monitor backup logs daily for any failures. If a backup fails, investigate and resolve (e.g., disk full, network issue).
Test Restore Procedure
Periodically perform a test restore to a separate location (e.g., a virtual machine) to verify data integrity and the restore process. Document the restore steps and time required. For critical systems, simulate a full recovery scenario. This step ensures that when a real disaster occurs, the team knows exactly what to do and the backups are usable.
Review and Update Backup Strategy
Regularly review the backup strategy to accommodate changes (new systems, increased data volume, new compliance requirements). Update RPO/RTO if needed. Test restores at least quarterly. Ensure that backup media is replaced before end of life (e.g., tapes every 3-5 years, HDDs every 3-5 years). Keep documentation current.
Scenario 1: Small Business with File Server A dental practice has a Windows file server storing patient records (X-rays, documents). They implement a 3-2-1 backup strategy: (1) original data on server, (2) daily backup to a NAS (RAID 1) via Veeam Agent, (3) weekly backup to Backblaze B2 cloud. The NAS provides local fast recovery, while cloud protects against fire. RPO is 24 hours (daily backup), RTO is 4 hours (restore from NAS). They test restores quarterly. A common mistake is only having the NAS backup without offsite; if a ransomware attack encrypts both server and NAS (connected), they lose everything. The cloud backup is immutable, preventing deletion.
Scenario 2: Enterprise with Database An e-commerce company runs a SQL Server database with frequent transactions. They use a combination of full weekly backups, differential nightly backups, and transaction log backups every 15 minutes. This achieves an RPO of 15 minutes and RTO of 2 hours. Backups are stored on a dedicated backup server with deduplication and replicated to a remote data center. They use SQL Server Agent jobs and third-party software (Commvault). They perform monthly disaster recovery drills. A misconfiguration could be not backing up transaction logs regularly, leading to potential data loss of hours.
Scenario 3: Remote Worker Laptop A company provides laptops to remote employees. They use OneDrive for Business to sync files to the cloud, providing automatic file-level backup. Additionally, they require employees to connect to the corporate network weekly for a system image backup to a network share. This protects against laptop loss or failure. RPO is 1 day (sync interval), RTO is 1 day (reimage and restore). A common issue is employees saving files outside the synced folder, causing data loss. Policy and training are essential.
What the 220-1102 Tests Objective 4.3 focuses on backup and recovery methods. Expect 3-5 questions on backup types, the 3-2-1 rule, and recovery procedures. The exam presents scenarios where you must choose the appropriate backup type or strategy based on RPO/RTO, or identify the correct step in a recovery process.
Common Wrong Answers 1. Choosing incremental backup when RTO is very low: Candidates often pick incremental because it's fast to create, but they forget that recovery takes longer. The correct answer is often a full backup or a combination with differential. 2. Thinking that a single backup to an external drive satisfies the 3-2-1 rule: They see three copies (original, backup, maybe a second backup) but ignore the requirement for two different media types and one offsite. The exam may present a scenario with two local HDD backups and ask if it meets 3-2-1; the answer is no because both are same media type and both local. 3. Confusing incremental and differential: Candidates mix up which backup type resets the archive bit. Incremental clears the archive bit after backup; differential does not. This affects subsequent backups. 4. Selecting file-level backup when bare-metal recovery is needed: For system drive failure, an image backup is required. File-level backup cannot restore the OS.
Specific Numbers and Terms
- The 3-2-1 rule: exactly 3 copies, 2 media types, 1 offsite.
- Full backup: resets archive bit; incremental: resets; differential: does not reset.
- RPO and RTO definitions: know that RPO is data loss tolerance, RTO is downtime tolerance.
- Common backup media: tape, external HDD, cloud, NAS.
- The command wbadmin start backup for Windows.
Edge Cases - When backing up a system that is also being used for other tasks, consider open file backup (VSS) to ensure consistency. - For virtual machines, snapshots are not backups; they are point-in-time states but depend on the original disk. - Encrypted backups: if the encryption key is lost, data is unrecoverable.
How to Eliminate Wrong Answers - If the question asks for the fastest recovery, eliminate incremental and differential if they require multiple restores. - If the question asks for least storage used, eliminate full backup. - If the question mentions 'disaster at the site', ensure the answer includes offsite backup. - If the question mentions 'restoring the entire system including OS', look for image backup or system state backup.
The 3-2-1 backup rule: 3 copies, 2 different media types, 1 offsite.
Full backup: copies everything, resets archive bit, slowest to create, fastest to restore.
Incremental backup: copies changes since last backup (full or incremental), resets archive bit, fastest to create, slowest to restore.
Differential backup: copies changes since last full backup, does not reset archive bit, moderate create and restore time.
RPO (Recovery Point Objective): maximum acceptable data loss in time; RTO (Recovery Time Objective): maximum acceptable downtime.
Image backup captures entire drive for bare-metal recovery; file-level backup only copies files.
Always test restores periodically to ensure backup integrity.
Backups should be encrypted, especially if containing sensitive data.
Common backup media: external HDD, tape, cloud, NAS.
Windows backup tools: Backup and Restore, File History, wbadmin.
Cloud backups are offsite but require internet and subscription.
These come up on the exam all the time. Here's how to tell them apart.
Full Backup
Copies all selected data every time
Slowest to create, uses most storage
Fastest to restore (only one set needed)
Resets archive bit
Typically performed weekly
Incremental Backup
Copies only data changed since last backup
Fastest to create, uses least storage
Slowest to restore (full + all incrementals)
Resets archive bit
Typically performed daily or more frequently
Local Backup
Fast backup and restore (local network speed)
Vulnerable to same physical threats (fire, flood)
One-time hardware cost, no ongoing fees
Requires manual offsite rotation for disaster protection
Limited by local storage capacity
Cloud Backup
Slower backup and restore (dependent on internet speed)
Offsite protection against site disasters
Subscription cost (monthly/annually)
Automatic offsite storage, no physical handling
Scalable storage, pay-as-you-go
Mistake
A single backup copy is sufficient as long as it is stored separately.
Correct
The 3-2-1 rule requires at least three copies total. One backup copy is vulnerable to media failure, theft, or corruption. You need at least two backups on different media types, with one offsite.
Mistake
Incremental backups are always better because they are faster.
Correct
Incremental backups are faster to create but slower to restore because you must restore the last full backup plus all subsequent incrementals. For quick recovery, full or differential backups may be better.
Mistake
Cloud backups are automatically secure and immutable.
Correct
Cloud backups can be deleted or encrypted by ransomware if the account credentials are compromised. Use immutable storage options (e.g., object lock) and enable multi-factor authentication.
Mistake
A system image backup is the same as a file-level backup.
Correct
An image backup captures the entire disk including OS, settings, and files, allowing bare-metal restore. File-level backup only copies individual files and requires OS reinstallation for system recovery.
Mistake
Once a backup is created, it is safe to delete the original data.
Correct
Backups can fail or become corrupted. Always verify backups by performing test restores. Keep the original data until a successful restore is confirmed.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Incremental backup copies only data that has changed since the last backup (full or incremental). It resets the archive bit, so each subsequent incremental is based on the previous one. Differential backup copies all data changed since the last full backup; it does not reset the archive bit, so each differential grows larger until the next full backup. Recovery: incremental requires full + all incrementals; differential requires full + latest differential only.
The 3-2-1 rule means you have at least three copies of your data (original plus two backups), stored on two different types of media (e.g., external hard drive and cloud storage), with one copy stored offsite (e.g., in a different physical location or cloud). This ensures protection against hardware failure, media corruption, and site disasters.
A cost-effective strategy is to use a combination of an external hard drive for local backups and a cloud backup service (e.g., Backblaze, Carbonite) for offsite. Perform a full backup weekly and incremental daily. This satisfies the 3-2-1 rule with minimal cost. Ensure backups are encrypted and tested regularly.
Yes, a system image backup can be restored to different hardware, a process called bare-metal recovery. However, Windows may require a repair installation or use of the 'Windows System Image Recovery' option. Some third-party tools (e.g., Acronis Universal Restore) handle driver differences. It's recommended to test on similar hardware.
At least quarterly, and after any major change to the backup system (new software, new hardware). For critical systems, monthly testing is advisable. A test restore should be performed to a separate location to verify data integrity and the restore process. Document the results.
A snapshot is a point-in-time copy of a system's state, often used for virtual machines. It is dependent on the original disk; if the original is lost, the snapshot may be useless. A backup is an independent copy that can be restored without the original. Snapshots are not considered backups for disaster recovery purposes.
A bare-metal restore is the process of restoring a computer system from a backup image to a new, empty hard drive (or different hardware) without first installing an operating system. This requires an image backup that includes the OS, applications, and data. It is used when the original system drive fails or is replaced.
You've just covered Backup and Recovery — now see how well it sticks with free 220-1102 practice questions. Full explanations included, no account needed.
Done with this chapter?