Here are the backup concepts you need to be familiar with for the exam and as they relate to operational security.

  • Full backup – as the name indicates, this is a copy of all data in the environment.
  • Differential – copying of data that changed since the last full backup.  Faster than doing a full backup.  
  • Incremental – copying of data that has changed since the last backup (of any kind).  

Know and fully understand the difference between the types of backups.

Considerations related to backups can include:

  • Versioning issues – too many versions can take up a lot of storage space.  On the other hand, keeping too few versions can cause loss of data and single points of failure (if only one copy is kept).
  • Validation – doing integrity checks on the data helps to ensure that copies are accurate. 

Know the difference between versioning and validation.  

RAID – redundant array of independent disks, is a method used to prevent downtime when a storage component fails.    

Striping – divides the data between disks.

Raid 0 – stripes over 2 disks.

Raid 1 – mirrors 2 disks

Raid 5 – data and parity info are striped (3 disk minimum) – data is striped across 2, and parity stored on 1

Raid 10 – mirrored, then striped (4 disks)

RAID 15 and 51:  combines techniques from RAID 1 and RAID 5; stripes parity bits and mirrors all the drives (including both the data and parity information). Note widely used outside of highly sensitive environments because the impact to productivity and high cost.

The CBK presents 3 choices for backup locations:

  • Onsite: typically more expensive. Must be supported internally.  Full control over protection.
  • Offsite: data is put onto tapes or other storage media and shipped to another location (or can be pulled remotely over the wire to a data vault). There is risk in transit and loss of control over how the data is protected once it leaves the main site.
  • Cloud Backup-as-a-Service: replicated multiple times
    • On-line: available instantly from a failover instance
    • Near-line: available with a delay, since the data must be pulled from an onsite library.

When a system goes down and needs to be recovered/rebuilt because of some type of disaster, a recovery site can be used.  Here are the types to be aware of:

  • Hot site – systems are mirrored or have high availability.  Operations are fully functional and available for use. This option has the highest cost.
  • Warm site – systems are available but not activated, such as devices and utilities (power, etc.). Data is not current but systems and environments are ready to be used and updated for production.
  • Cold – simply a location that is available but has no systems or utilities connected.  Equipment and data must be moved and installed/configured.
  • Mobile site – a limited portable location (like a trailer).  
  • Cloud – high availability, redundant systems duplicated/replicated at various locations and instances to provide almost 100% availability.

A new concept brought about in the May 2021 revision is the 3-2-1 backup strategy:

  • Three copies of the data: original plus two backups
  • Two different storage media types, such as magnetic tape, write-once/read-many (WORM) drives, removable disks and cloud.
  • One copy offsite: never locate backups in the same environment, that would defeat the purpose of a backup.

This page has been fully updated with May 2021 CBK topics from ISC2.