Data Storage, Backup, Recovery Processes
Help Questions
CPA Information Systems and Controls (ISC) › Data Storage, Backup, Recovery Processes
A company performs full backups every Sunday and incremental backups Monday through Saturday. A system failure occurs on Friday. To restore the system completely, the company must restore:
Only the most recent incremental backup from Thursday.
The Sunday full backup only.
The Sunday full backup plus all incremental backups from Monday through Thursday.
All daily incremental backups from the past week without the full backup.
Explanation
Incremental backups only capture changes since the last backup. To restore fully, the last full backup (Sunday) must be restored first, then each incremental backup applied in sequence (Mon, Tue, Wed, Thu) to rebuild the complete data state. Answer C is correct. The most recent incremental alone (A) only contains Thursday's changes. The full backup alone (B) is missing a week of changes. Incrementals without the full backup (D) cannot reconstruct the complete dataset.
Which of the following backup types captures only the data that has changed since the last full backup, regardless of whether intervening differential or incremental backups were performed?
Incremental backup
Mirror backup
Differential backup
Snapshot backup
Explanation
A differential backup captures all changes since the last full backup, growing larger over time but requiring only two restores (full + latest differential). Answer B is correct. An incremental backup (A) captures only changes since the last backup of any type. A mirror backup (C) is an exact real-time copy. A snapshot (D) captures the state at a specific point in time using pointers.
The '3-2-1 backup rule' recommends that organizations:
Maintain three recovery team members, two recovery sites, and one recovery plan.
Maintain three copies of data, on two different storage media types, with one copy stored offsite.
Test backups three times per year, with two full restores and one partial restore.
Perform backups three times per day, two days per week, once per month.
Explanation
The 3-2-1 rule is a backup best practice: 3 total copies of data, stored on 2 different media types (e.g., disk and tape), with 1 copy kept offsite to protect against localized disasters. Answer D is correct. The other answers fabricate rules not associated with the 3-2-1 principle.
An organization stores its backup tapes in a fireproof safe within the same building as its primary servers. The primary risk of this backup strategy is:
On-site backup storage is more expensive than offsite storage.
The backup tapes will degrade faster in a fireproof safe than in an offsite facility.
The backup tapes may be accessed by unauthorized personnel since they are stored on-site.
A site-wide disaster (fire, flood, earthquake) could destroy both the primary systems and the backup tapes simultaneously, making recovery impossible.
Explanation
Storing backups in the same location as primary systems means a single catastrophic event can destroy both, eliminating recovery capability. Offsite storage is required to protect against site-level disasters. Answer A is correct. While unauthorized access (B) is a risk, it is not the primary concern with on-site storage. Cost (C) and tape degradation (D) are not the primary risks.
Which of the following best describes a 'hot site' in the context of disaster recovery?
A fully equipped and operational backup facility with live system replicas that can take over operations within minutes.
A mobile recovery unit that can be deployed to any location within 48 hours.
A partially equipped backup site where hardware must be configured before recovery can begin.
A backup location that stores only data backups with no active hardware.
Explanation
A hot site is a fully operational duplicate facility with live data replication, enabling near-instantaneous failover - the highest level of disaster recovery readiness. Answer C is correct. Data-only storage (A) describes a cold site's partial capability. Partially equipped hardware (B) describes a warm site. Mobile units (D) are a different recovery approach.
During a disaster recovery test, the IT team discovers they cannot restore data from a six-month-old backup tape. The most likely cause and the preventive control that should have been in place is:
The tape degraded over six months; backups should not be retained for more than one month.
The backup was never verified - periodic restore testing is required to confirm backups are complete, readable, and restorable.
The backup format is incompatible with the new recovery server; hardware should never be upgraded.
The tape was stored offsite; backups should be kept on-site for faster access.
Explanation
Unverified backups that cannot be restored provide a false sense of security. Regular restore testing validates that backups are complete, uncorrupted, and restorable when needed. Answer B is correct. Offsite storage (A) reduces disaster risk and is best practice. Hardware upgrades are necessary (C). Retention periods depend on business requirements (D).
An organization's backup policy requires that all backup media be encrypted before leaving the data center. The primary purpose of this requirement is to:
Prevent unauthorized individuals from reading sensitive data if backup media is lost or stolen during transit or storage.
Comply with the requirement to encrypt all data in transit over network connections.
Verify that the backup was completed successfully before it leaves the data center.
Increase the compression ratio of backup data to reduce storage costs.
Explanation
Encrypting backup media protects data confidentiality if media is lost, stolen, or mishandled during transport or offsite storage. Answer A is correct. Encryption does not improve compression (B), verify backup completeness (C), or apply specifically to network transmission (D) - though network transmission encryption is a separate requirement.
Which of the following best describes a 'snapshot' in the context of storage and backup?
A point-in-time logical image of a storage volume that captures the state of data without necessarily copying all blocks immediately, enabling fast creation and recovery.
A complete physical copy of all data on a storage volume at a given point in time.
An encrypted copy of a database transmitted to an offsite backup facility.
A compressed archive of files exported to tape for long-term retention.
Explanation
A snapshot captures a logical point-in-time view of data, often using copy-on-write techniques to create it instantly without copying all data immediately. Snapshots enable fast rollback to prior states. Answer B is correct. A full physical copy (A) describes a clone or mirror. Tape archives (C) describe traditional backup. Encrypted offsite copies (D) describe encrypted backups.
Which of the following correctly describes the difference between a warm site and a cold site disaster recovery option?
A warm site requires no activation time; a cold site requires weeks of preparation.
A warm site is located in a warm climate; a cold site is located in a northern region for temperature control.
A warm site has partially configured hardware and infrastructure that can be made operational within hours to days; a cold site has only basic facilities (power, space) with no pre-installed hardware.
A warm site stores backups on disk; a cold site stores backups on tape.
Explanation
A warm site sits between hot and cold - pre-installed hardware awaiting configuration and data restoration (hours to days). A cold site is an empty space where everything must be installed from scratch (days to weeks). Answer A is correct. Temperature/geography (B) is irrelevant. Storage media (C) does not define site types. A warm site still requires activation time (D).
A company stores backup copies of its financial data for seven years to comply with regulatory retention requirements. The primary reason for this long retention period is:
Seven-year retention ensures backup media does not degrade before it is used.
Seven-year retention allows the organization to recover from any type of system failure.
Regulatory requirements (such as SOX, tax laws, or audit standards) mandate that financial records be available for examination for a specified period.
All types of data must be retained for exactly seven years under GAAP.
Explanation
Long retention periods for financial data are driven by regulatory requirements - various laws require organizations to retain financial records so they are available for audits and regulatory examinations. Answer C is correct. Media degradation (A) is a storage concern, not a driver of retention periods. GAAP does not specify a universal seven-year retention (B). Recovery from system failures (D) typically requires much shorter retention periods.