# Backup and restore

> Source: Courseiva IT Certification Glossary — https://courseiva.com/glossary/backup-and-restore

## Quick definition

Backup and restore is like making a spare copy of your important files and then being able to get them back if the originals get lost or damaged. You make a backup copy ahead of time, store it somewhere safe, and when something goes wrong you use that copy to bring everything back. Think of it as an insurance policy for your data.

## Simple meaning

Imagine you are writing a long essay on your laptop. You spend hours typing, editing, and perfecting every paragraph. Suddenly, your laptop crashes, the screen goes black, and you have not saved your work. All that effort is gone. That is a disaster. Now imagine that before you started typing, you made a photocopy of every page you planned to write. When the laptop crashes, you do not start from scratch, you pull out the photocopies and begin again from where you left off. That is backup and restore in a nutshell.


Backup is the act of making a copy of your data or your entire system at a point in time. You can copy files to an external hard drive, to the cloud, or to a tape drive. The important thing is that the copy is stored separately from the original. If the original gets deleted, corrupted, encrypted by ransomware, or physically destroyed (like in a fire or flood), the backup copy remains safe.


Restore is the reverse process: you take that backup copy and use it to bring back the data to its original location, or to a new location if the original hardware is gone. Restore can be as simple as dragging files from a backup folder, or as complex as rebuilding an entire server operating system, applications, and data from a system image.


In the IT world, backup and restore is a critical part of disaster recovery planning. Companies design backup strategies that follow the 3-2-1 rule: keep at least three copies of your data, on two different types of storage media, with one copy stored offsite. This ensures that even if one backup fails or is destroyed, you still have another to fall back on.


The goal of backup and restore is to minimize data loss and reduce downtime. The measure of how quickly you can restore is called the Recovery Time Objective (RTO), and the amount of data you can afford to lose is called the Recovery Point Objective (RPO). These terms define how often you need to take backups and how fast your restore process must be.

## Technical definition

Backup and restore in IT architecture refers to the systematic process of creating redundant copies of data, applications, system configurations, and entire machine states, and then using those copies to recover functionality after data loss or system failure. The process involves several key components: the source data, the backup target (storage destination), backup software or agent, a scheduling mechanism, and a restore tool.


There are multiple backup types. A full backup copies all selected data every time. It is the most comprehensive but also the most time-consuming and storage-intensive. An incremental backup only copies data that has changed since the last backup (full or incremental). This saves time and storage but makes restore more complex because you need the last full backup plus all subsequent incremental backups in sequence. A differential backup copies all changes since the last full backup. Restore requires only the last full backup and the most recent differential backup, which is faster than incremental but uses more storage for each differential.


Backup targets vary: Direct Attached Storage (DAS) like external hard drives, Network Attached Storage (NAS), Storage Area Networks (SAN), cloud storage services like Amazon S3, and tape libraries for long-term archival. On AWS, the AWS Backup service provides a centralized, policy-driven backup solution for services such as EC2, RDS, EBS, DynamoDB, and S3. AWS Backup allows you to define backup plans, automate scheduling, set retention rules, and perform cross-region or cross-account backups.


Restore operations can be file-level, volume-level, or full system restore. File-level restore brings back individual files or folders from a backup. Volume-level restore recovers an entire disk volume. System restore (also called bare-metal restore) recovers the entire operating system, applications, and data onto new hardware, often using a system image backup. On AWS, restoring an EC2 instance can mean launching a new instance from an AMI (Amazon Machine Image) that was created from a backup, or restoring an EBS volume from a snapshot.


Encryption is critical for backup security. Backups should be encrypted at rest (when stored) and in transit (during transfer). Hashing and checksums verify backup integrity, ensuring the data was not corrupted during backup or storage. Compression reduces storage costs and transfer times.


Retention policies define how long backups are kept. Common strategies include Grandfather-Father-Son (GFS) for long-term archival: daily backups kept for a week, weekly backups kept for a month, monthly backups kept for a year. Lifecycle policies automate deletion of old backups to control costs.


Testing restores is a non-negotiable best practice. A backup that cannot be restored is worthless. Regularly scheduled restore drills validate that the backup data is intact and the restore procedures work.

## Real-life example

Think of your kitchen. You are cooking a big holiday meal, roast turkey, mashed potatoes, gravy, stuffing, and green bean casserole. You have been cooking all day, and the kitchen is full of delicious smells. Then, just before serving, you accidentally knock the entire roast turkey off the counter. It lands on the floor, splattering everywhere. The main dish is ruined.


Now imagine you had been smart earlier in the day. You had roasted two turkeys instead of one. You hid the second turkey in the refrigerator, covered and safe. When the first turkey hits the floor, you do not panic. You calmly go to the fridge, pull out the backup turkey, reheat it, and dinner is saved. That is backup.


Restore is the act of getting that backup turkey out of the fridge, slicing it, and putting it on the platter so everyone can eat. The backup only helps if you know where it is, it is still good (not spoiled), and you have a plan for getting it onto the table quickly.


In IT, your data is the turkey. The backup is the second turkey in the fridge. The restore is the process of getting that backup data back to where it can be used. The fridge is your backup storage, maybe an external drive or cloud service. The time it takes to reheat the backup turkey is your Recovery Time Objective (RTO). If you had only one turkey and it fell, you would have to go to the store, buy a new one, cook it for hours, that would be a very long RTO. Having a backup stored safely means you can recover quickly.


But what if the refrigerator breaks and the backup turkey goes bad? That is why IT professionals use the 3-2-1 rule: three copies of your data (the original plus two backups), on two different media (like one on an external drive and one in the cloud), with one copy offsite (like the cloud or a different location). That way, even if the fridge and the kitchen are destroyed, you still have a backup at a relative's house.

## Why it matters

In the IT world, data is the most valuable asset an organization owns. Losing customer records, financial data, intellectual property, or critical system configurations can lead to permanent business damage, regulatory fines, and loss of trust. Backup and restore is the primary defense against data loss scenarios: accidental deletion, hardware failure, software corruption, ransomware attacks, natural disasters, and human error.


Without a proper backup and restore strategy, a single incident can cause catastrophic downtime. For a business, every minute of downtime translates to lost revenue, lost productivity, and potential customer churn. The cost of recovery without backups is often exponentially higher than the cost of implementing a backup solution. In many industries, compliance regulations (such as GDPR, HIPAA, PCI-DSS) mandate that certain data must be backed up and recoverable within specific timeframes.


Backup and restore also enables business continuity. If a server fails, you can spin up a replacement from a backup quickly. If ransomware encrypts your files, you can wipe the system and restore from a clean backup, avoiding paying the ransom. If an employee accidentally deletes a critical database, you can restore just that database from a recent backup without affecting other systems.


For IT professionals, mastering backup and restore is foundational. It appears in job roles from help desk to systems administrator to cloud architect. Understanding the different backup types, storage options, retention policies, and restore procedures is essential for designing resilient systems. In cloud environments like AWS, services like AWS Backup, EBS snapshots, RDS automated backups, and S3 versioning are all backup-related tools that solution architects must know how to configure and combine.


Finally, backup and restore strategies directly impact a company's Recovery Time Objective (RTO) and Recovery Point Objective (RPO). These two metrics determine how long recovery takes and how much data you can afford to lose. Choosing the right backup frequency and storage tier is a balancing act between cost and risk. IT professionals who can articulate these trade-offs are valuable to any organization.

## Why it matters in exams

For the AWS Certified Solutions Architect – Associate (SAA-C03) exam, backup and restore is a core concept that appears frequently across multiple domains. The exam objectives include designing disaster recovery solutions, implementing backup strategies, and understanding data lifecycle management. You must know how to use AWS Backup, EBS snapshots, RDS snapshots, S3 versioning, and S3 replication as backup mechanisms.


Question types include scenario-based questions where you must choose the most cost-effective backup solution meeting specific RTO and RPO requirements. For example, you might be asked: A company needs to recover an EC2 instance within 4 hours and can tolerate up to 24 hours of data loss. Which backup strategy should be used? You need to know that EBS snapshots are fast to create and can be used to launch new EC2 instances, but restoring from a snapshot takes time. You also need to know that Amazon Machine Images (AMIs) can be created for faster recovery.


Another common exam topic is cross-region and cross-account backup. Questions may present a scenario where a company must comply with regulatory requirements to store backups in a different geographical region. You must know how to copy EBS snapshots across regions, automate it with AWS Backup or Lambda, and set appropriate permissions with IAM policies.


Retention policies are also tested. The exam expects you to understand lifecycle policies for backups to automatically transition older backups to cheaper storage tiers (like S3 Glacier) or delete them to reduce costs. You might see a question where a company keeps daily backups for 30 days, weekly backups for 6 months, and monthly backups for 7 years. The correct answer will use AWS Backup lifecycle rules or S3 lifecycle policies.


Restore operations are not just about data retrieval. The exam tests your understanding of different restore types: restoring an entire EC2 instance from an AMI, restoring a single file from an EBS snapshot by attaching the volume to a temporary instance, or using point-in-time recovery for RDS databases. Questions will ask which approach minimizes downtime or cost.


Finally, you need to know the differences between backup and disaster recovery. Backup focuses on data copies, while disaster recovery involves full system recovery including networking, security groups, and load balancers. The exam may ask you to design a full disaster recovery strategy using AWS services like Route 53 failover, CloudFormation templates, and cross-region backups.

## How it appears in exam questions

Backup and restore questions in the AWS SAA exam typically fall into three patterns: scenario-based design questions, configuration questions, and troubleshooting questions.


Scenario-based design questions: You are given a company's business requirements including RTO and RPO, budget constraints, and compliance needs. You must select the best combination of AWS services and settings. For example: A company has a production MySQL database on an RDS instance. They need to restore the database to any point within the last 24 hours with a maximum data loss of 5 minutes. Which feature should they enable? The correct answer is automated backups with a backup window and transaction log retention, because RDS automated backups enable point-in-time recovery (PITR) to within 5 minutes of the current time.


Configuration questions: These ask you to identify the correct steps or settings to implement a backup plan. For instance: A solutions architect must create a backup plan for an S3 bucket containing critical PDFs. The bucket versioning is already enabled. What additional steps are required to ensure backup copies are stored in a different AWS region? The answer would involve enabling cross-region replication (CRR) on the S3 bucket, not just relying on versioning within the same region.


Troubleshooting questions: These present a problem during backup or restore and ask you to identify the cause. For example: An administrator tries to create an EBS snapshot of a 500 GB volume that is attached to a running EC2 instance. The snapshot creation takes an unusually long time. What is the most likely reason? The answer: The volume has a high write rate during the snapshot process because EBS snapshots are incremental and capture data written during the snapshot operation. To avoid this, the administrator should either stop the instance (for a consistent snapshot) or use the No Reboot option with application-aware snapshots.


Another common pattern involves choosing between backup methods. For an EC2-based application, you need to decide between using AMIs, EBS snapshots, or third-party backup tools. The question might ask: Which approach provides the fastest recovery time for an entire server? The answer is to use a pre-built AMI, because launching an instance from an AMI is faster than creating a new instance and then restoring data from snapshots.


Cost optimization questions are frequent: A company has 30 TB of rarely accessed data that must be backed up daily and retained for 7 years. Which storage class is most cost-effective? The answer is to back up to S3 Standard initially, then transition to S3 Glacier Deep Archive using lifecycle policies after 30 days.


Finally, there are multi-service questions combining backup with other services like CloudFormation, Lambda, and IAM. For example: A company wants to automatically create backups of EBS volumes every 12 hours and delete backups older than 90 days. Which AWS service can automate this? The answer is AWS Backup, which allows you to create backup plans with schedules and lifecycle rules.

## Example scenario

ABC Corp runs a small e-commerce website on a single Amazon EC2 instance with an attached EBS volume containing the product database and customer data. The company wants a simple backup strategy to protect against accidental deletion or instance failure.


The solutions architect decides to use EBS snapshots for backup. She creates a schedule using AWS Backup to take a snapshot of the EBS volume every 24 hours at 1:00 AM. Snapshots are stored in the same region but are automatically replicated to another region for disaster recovery. She sets a retention policy to keep snapshots for 30 days.


One day, an administrator accidentally deletes the product database. The company needs to restore the database to the state it was in at 1:00 AM last night. The architect walks through the restore steps:

First, she stops the EC2 instance to ensure data consistency during restore. Then, she navigates to the EC2 console, selects the EBS volume, and chooses the most recent snapshot. She creates a new EBS volume from that snapshot. Next, she detaches the current (corrupted) volume from the instance and attaches the new volume. Finally, she starts the instance and verifies that the database is operational.


Total downtime is about 15 minutes. The company's RTO was 1 hour (they could tolerate up to 1 hour of downtime), and their RPO was 24 hours (they could afford to lose up to 24 hours of data). Both requirements are met.


The architect also sets up a test restore every month to ensure the snapshots are not corrupted. She uses a separate test EC2 instance to mount the restored volume and run database consistency checks.


This scenario meets the company's needs cost-effectively. EBS snapshots are incremental, so only data that has changed since the last snapshot is stored, saving storage costs. The cross-region replication adds security at an additional cost but satisfies their offsite backup requirement.

## Common mistakes

- **Mistake:** Thinking that enabling versioning on an S3 bucket alone provides a full backup strategy.
  - Why it is wrong: S3 versioning protects against accidental overwrites or deletions within the same bucket, but it does not protect against regional outages, bucket-wide deletion, or cost overruns from unlimited versions. It also does not provide offsite copies.
  - Fix: Use versioning as a component of backup, but also implement cross-region replication (CRR) or AWS Backup to store copies in a different region and apply lifecycle policies to manage version costs.
- **Mistake:** Assuming that EBS snapshots taken while an instance is running are always crash-consistent.
  - Why it is wrong: EBS snapshots of running instances without stopping the instance can result in inconsistent application data because writes occurring during the snapshot may not be captured atomically. For database volumes, this can lead to corruption.
  - Fix: For application-consistent backups, either stop the instance before taking a snapshot, or use the No Reboot option combined with application-aware tools (like AWS Backup with application-consistent settings) to quiesce the file system.
- **Mistake:** Using a single backup strategy for all workloads regardless of RTO/RPO requirements.
  - Why it is wrong: Different workloads have different tolerances for data loss and downtime. A one-size-fits-all approach either over-spends (daily full backups for non-critical logs) or under-protects (daily backups for a busy transactional database that needs 5-minute RPO).
  - Fix: Categorize workloads by criticality. Use automated backups with point-in-time recovery for RDS databases (5-minute RPO), EBS snapshots every 12 hours for critical EC2 instances, and less frequent backups for static content.
- **Mistake:** Never testing restores, assuming backups are always valid.
  - Why it is wrong: Backup files can become corrupted, incomplete, or inaccessible due to configuration errors, encryption key loss, or storage failures. Without periodic restore tests, you might only discover the backup is bad when you desperately need it.
  - Fix: Schedule quarterly or monthly restore drills. Use a separate test environment to restore backups and verify data integrity. Document the restore procedure and time the process to ensure RTO targets are achievable.

## Exam trap

{"trap":"In a question about RDS backups, you see the option 'Enable automated backups with a retention period of 35 days.' The question asks for the maximum point-in-time recovery window. Many learners pick 35 days, but the correct answer is actually within the retention period, which is between 1 and 35 days, but point-in-time recovery is only available for up to the last 5 minutes of available transaction logs.","why_learners_choose_it":"Learners see the retention period and assume that because backups are retained for 35 days, they can restore to any point within those 35 days. They overlook the distinction between backup retention and point-in-time recovery granularity.","how_to_avoid_it":"Understand that RDS automated backups enable point-in-time recovery to any second within the retention period, but the granularity depends on transaction log availability. In practice, you can restore to any point within the retention window, but the backup window and transaction log retention must align. Also, note that manual snapshots have no expiration by default and are not tied to the automated backup retention window."}

## Commonly confused with

- **Backup and restore vs Disaster recovery:** Backup and restore focuses on copying data and restoring it, while disaster recovery (DR) is a broader process that includes restoring the entire IT infrastructure (servers, networking, security) to a working state after a major incident. Backup is a component of DR, but DR also involves failover strategies, load balancers, DNS routing, and application reconfiguration. (Example: Backup is like having a spare tire in your car. Disaster recovery is the plan for what to do when you get a flat tire: pull over safely, get the jack and spare, change the tire, and check the pressure before driving again.)
- **Backup and restore vs Replication:** Replication creates a live, continuous copy of data to another location, often in real-time or near-real-time. Backup is a point-in-time copy that is not continuously updated. Replication provides faster recovery with less data loss (lower RPO) but at higher cost and complexity. Backup is usually cheaper and better for long-term archival. (Example: Replication is like having a twin sibling who copies everything you do immediately. Backup is like taking a photograph of yourself every day, you can go back to any daily snapshot, but you cannot see what changed between photos.)
- **Backup and restore vs Archiving:** Archiving is moving data to long-term, low-cost storage for compliance or historical reference, with no intent to restore quickly. Backup is designed for quick recovery of active data. Archived data may have retrieval times of hours or days, while backup restoration is typically minutes to hours. (Example: Archiving is like putting old photo albums in a box in the attic. You can get them back, but it takes effort. Backup is like having your important documents in a fireproof safe in your bedroom, you can access them quickly in an emergency.)

## Step-by-step breakdown

1. **Identify backup scope and requirements** — Decide what data or systems need backup: files, databases, entire servers, or application state. Determine the Recovery Point Objective (RPO), how much data loss is acceptable, and the Recovery Time Objective (RTO), how quickly the system must be restored. This step also includes compliance and budget considerations.
2. **Choose backup type and storage target** — Select between full, incremental, or differential backups based on RPO and storage costs. Choose the storage target: local disk, NAS, cloud object storage (like S3), or tape. On AWS, this means deciding between EBS snapshots, S3 versioning, RDS automated backups, or an AMI-based approach.
3. **Configure the backup tool or service** — Set up the backup software or cloud service (like AWS Backup) to define the backup plan. This includes specifying the resources to back up, schedule (daily, hourly), retention rules (how long to keep each backup version), and lifecycle policies (transition to colder storage or delete). Enable encryption and integrity checks.
4. **Perform the initial full backup** — Run a complete backup of all selected data to establish a baseline. This backup is the foundation for all future incremental or differential backups. On AWS, this might be the first EBS snapshot or the first RDS automated backup. Monitor the process for errors and verify the backup completed successfully.
5. **Schedule and automate ongoing backups** — Set up automated backup jobs according to the schedule defined in step 3. For incremental backups, only changes since the last backup are processed. Automation ensures consistency and reduces human error. On AWS, AWS Backup handles scheduling, retention, and lifecycle automatically based on the backup plan.
6. **Monitor backup health and test restores** — Regularly check backup logs for failures, corrupted files, or insufficient storage. Perform scheduled restore drills to validate that backups can be restored successfully within the required RTO. Document the restore procedure and train team members. This step is often overlooked but is critical for reliability.
7. **Document and update the backup strategy** — Maintain documentation of the backup architecture, including which systems are backed up, how often, retention policies, restore steps, and contact information for backup failures. Review and update the strategy as systems change, new compliance requirements arise, or RTO/RPO targets are refined.

## Practical mini-lesson

Backup and restore in practice is not just about hitting a button and hoping for the best. It requires careful planning, automation, and ongoing maintenance. Here is what IT professionals need to know when implementing backup and restore in real-world environments.


First, understand the difference between file-level and image-level backups. File-level backup copies individual files and folders. It is easy to restore a single file but does not capture the operating system or application settings. Image-level backup (also called bare-metal or system image backup) captures the entire disk including the OS, applications, and configurations. Restoring from an image-level backup is faster for full system recovery but requires more storage space. In AWS, EBS snapshots are image-level for volumes, while S3 versioning is object-level.


Second, consider the impact of backup on production systems. Taking a backup of a busy database can degrade performance because it uses I/O and CPU. Schedule backups during low-traffic windows. Use incremental backups to minimize the backup window. For large databases, consider using backup tools that support compression and deduplication to reduce the amount of data transferred and stored. On AWS, EBS snapshots are inherently incremental, which reduces time and cost for subsequent snapshots.


Third, encryption should be a default. All backup data should be encrypted at rest (when stored) and in transit (during transfer). On AWS, you can use KMS keys to encrypt EBS snapshots and S3 objects. Ensure that backup encryption keys are backed up separately, losing the key means losing the backup.


Fourth, test your restore process regularly and without prior notice. A common failure is that backup jobs appear to run successfully but the backup data is incomplete or corrupted. Run integrity checks and perform full recovery tests in a separate environment. Measure the time it takes to complete a restore and compare it to your RTO. If the restore takes longer than expected, you may need to adjust your strategy.


Fifth, consider the cost of backup storage. Retaining too many backups can drive up costs significantly. Implement lifecycle policies to transition older backups to cheaper storage tiers (like S3 Glacier or Glacier Deep Archive) or delete them entirely. On AWS, S3 lifecycle rules can automatically move objects to colder storage after a set number of days. AWS Backup also supports lifecycle rules for backup vaults.


Finally, understand that backup and restore is part of a larger business continuity plan. Backups alone do not guarantee recovery if the network, load balancers, or security groups are not also restored. In cloud environments, consider using infrastructure as code (like CloudFormation) to re-create the entire environment, and use backups only for the data layer.

## Memory tip

Remember the 3-2-1 rule: three copies, two media types, one offsite. For exam questions about Backup and Restore, always prioritize solutions that meet the given RTO and RPO.

## FAQ

**What is the difference between a full backup and an incremental backup?**

A full backup copies all selected data every time, taking the longest time and using the most storage. An incremental backup only copies data that has changed since the last backup (full or incremental), which is faster and uses less storage but requires all previous backups to be present for a full restore.

**What does RTO and RPO stand for?**

RTO stands for Recovery Time Objective, which is the maximum acceptable time to restore a system after a failure. RPO stands for Recovery Point Objective, which is the maximum acceptable amount of data loss measured in time (e.g., you can afford to lose up to 4 hours of data).

**Is versioning in S3 a complete backup solution?**

No, S3 versioning protects against accidental overwrites and deletions within the same bucket, but it does not protect against regional outages or bucket deletion. You should combine versioning with cross-region replication or AWS Backup for a complete backup strategy.

**Can I restore a single file from an EBS snapshot?**

Yes, you can create a new EBS volume from the snapshot, attach it to a temporary EC2 instance, and then copy the specific file to your production instance. This is more complex than restoring a whole volume but is possible.

**How often should I test my backups?**

You should test your backups at least quarterly, and ideally monthly. Regular testing ensures that backups are not corrupted and that the restore process meets your RTO. Document the test results and update procedures as needed.

**What is the 3-2-1 backup rule?**

The 3-2-1 rule means you should keep at least three copies of your data (the original plus two backups), store them on two different media types (e.g., one on an external hard drive, one in the cloud), and have one copy stored offsite to protect against local disasters.

**Do I need to stop my EC2 instance to take an EBS snapshot?**

Stopping the instance ensures a crash-consistent snapshot, which is recommended for databases. However, you can take snapshots of running instances if you are willing to accept potential inconsistency. For application-consistent backups, use AWS Backup with application-consistent settings or third-party tools.

## Summary

Backup and restore is a fundamental IT practice that ensures data and systems can be recovered after loss or failure. It involves creating copies of data (backups) and using those copies to restore the original data or system to a working state. The process is central to disaster recovery and business continuity planning, with key metrics like Recovery Time Objective (RTO) and Recovery Point Objective (RPO) guiding strategy.


In the context of the AWS Certified Solutions Architect – Associate (SAA) exam, you must understand how to implement backup strategies using services such as AWS Backup, EBS snapshots, RDS automated backups, S3 versioning, and cross-region replication. You need to be able to choose the right backup type, storage target, retention policy, and restore method based on given business requirements. Common exam traps include confusing backup retention with point-in-time recovery granularity, assuming versioning is a complete backup solution, and neglecting restore testing.


For IT professionals, backup and restore is non-negotiable. A well-designed backup strategy protects against data loss from hardware failure, accidental deletion, ransomware, and natural disasters. The 3-2-1 rule (three copies, two media, one offsite) is a best practice. Regular restore testing is critical to ensure backups are valid and recovery procedures are efficient. By mastering backup and restore, you build resilient systems that can withstand failures and keep businesses running.

---

Practice questions and the full interactive page: https://courseiva.com/glossary/backup-and-restore
