3.4 Resilience & recovery
📘CompTIA Security+ (SY0-701)
Overview
Backups are one of the most important parts of resilience and recovery planning.
They ensure that data can be restored after events such as hardware failure, ransomware attacks, or accidental deletion.
The goal of a backup strategy is to make sure data is always recoverable, accurate, and secure, no matter what happens to the original copy.
For the Security+ exam, you must understand backup types, locations, methods, and protection mechanisms.
1. Onsite vs Offsite Backups
Onsite Backups
- These are backups stored locally, within the same physical location as the main systems — for example, on a local server, NAS (Network Attached Storage), or external drive inside the same data center.
- Advantages:
- Fast recovery time.
- Easy to manage and monitor.
- Disadvantages:
- Vulnerable to the same local threats (fire, flood, power surge, ransomware).
Offsite Backups
- These are stored away from the primary location, such as in a remote data center or cloud storage service.
- Advantages:
- Protected from local disasters.
- Enables geographic redundancy.
- Disadvantages:
- Slower recovery time.
- Dependent on network connectivity.
Exam Tip:
A good strategy uses both onsite and offsite backups — onsite for quick restores and offsite for disaster recovery.
This is often called the 3-2-1 rule:
- 3 copies of data
- 2 stored locally on different devices
- 1 stored offsite
2. Backup Frequency
Backup frequency means how often backups are performed.
It determines how much data can be lost in case of a failure — this is linked to the Recovery Point Objective (RPO).
Common backup frequencies:
| Type | Description | Use Case |
|---|---|---|
| Full backup | Copies all data | Used weekly or monthly; easiest to restore |
| Incremental backup | Copies only data changed since the last backup (any type) | Fast to run, slower to restore |
| Differential backup | Copies data changed since the last full backup | Larger than incremental, faster to restore |
| Continuous backup | Data is backed up in real-time or near-real-time | Used in critical systems (e.g., cloud environments) |
Exam Tip:
Remember the difference:
- Incremental = smallest daily backup, slower restore.
- Differential = larger daily backup, faster restore.
3. Backup Encryption
Backups often contain sensitive data, so they must be encrypted to prevent unauthorized access.
Why Encrypt Backups:
- Prevents data theft if storage devices are lost or stolen.
- Ensures compliance with regulations (e.g., GDPR, HIPAA).
Where to Encrypt:
- In transit: When data is moving to backup storage (e.g., over the internet).
- At rest: When stored in backup media or the cloud.
Example in IT:
A company uses AES-256 encryption for its backup files stored in Amazon S3 cloud storage, ensuring only authorized admins can decrypt the data.
Exam Tip:
If a backup is unencrypted and lost, it becomes a data breach. Always choose encrypted backups, especially for offsite or cloud environments.
4. Snapshots
A snapshot is a point-in-time copy of a system, virtual machine, or database.
How it works:
- Captures the system’s state and data at a specific moment.
- Used for quick restoration without needing a full backup restore.
Common Uses:
- Virtualization platforms (e.g., VMware, Hyper-V) and cloud systems use snapshots to revert to previous states quickly after configuration errors or software updates.
Limitations:
- Snapshots are not long-term backups.
- They depend on the original system storage — if the main system is lost, snapshots may also be lost.
Exam Tip:
Snapshots are best for short-term recovery and testing, not for full disaster recovery.
5. Replication
Replication means automatically copying data from one location to another, often in real-time or on a schedule.
Types of Replication:
- Synchronous replication:
- Data is copied instantly to another location.
- Ensures zero data loss but can affect performance.
- Used in high-availability systems.
- Asynchronous replication:
- Data is copied after a short delay.
- Reduces performance impact but may cause minimal data loss.
Purpose:
- Keeps systems and databases synchronized across multiple sites.
- Used in disaster recovery and multi-site resilience.
Exam Tip:
Replication provides high availability (HA) and redundancy, but it’s not a replacement for traditional backups — corrupted or deleted data can also be replicated.
6. Journaling
Journaling keeps a record of file system or database changes.
It doesn’t store the actual data but logs all modifications to track and recover data consistency.
How it works:
- The system logs every write operation before applying it.
- If a system crash or failure occurs, the journal can replay the logs to restore data to a consistent state.
Common Uses:
- File systems (e.g., NTFS, ext4) and databases (e.g., SQL Server, PostgreSQL) use journaling.
- Helps recover from corruption or incomplete write operations.
Exam Tip:
Journaling improves data integrity and recovery speed after crashes.
It’s not a substitute for backups but supports quick recovery from minor data corruption.
7. Summary Table
| Concept | Description | Purpose |
|---|---|---|
| Onsite backup | Backup stored locally | Fast restore, but vulnerable to local disasters |
| Offsite backup | Backup stored remotely | Protection from local failures |
| Frequency | How often backups run | Determines data loss tolerance (RPO) |
| Encryption | Protects backup data confidentiality | Prevents breaches if backups are lost |
| Snapshot | Point-in-time image of a system | Quick rollback or recovery |
| Replication | Copies data to another site/system | Ensures availability and redundancy |
| Journaling | Logs system/database changes | Restores consistency after crashes |
8. Exam Readiness Notes
- Understand the purpose of each backup type and when to use them.
- Know the difference between incremental and differential backups.
- Remember replication ≠backup — replication copies data, but backups are recoverable archives.
- Always mention encryption when discussing offsite or cloud backups.
- Snapshots are temporary and system-dependent; backups are permanent and portable.
✅ In summary:
Backups are essential for business continuity and data recovery. A solid backup strategy includes onsite and offsite storage, regular frequency, encryption, snapshots for quick rollback, replication for availability, and journaling for integrity.
