AWS Backup Primer

Question 1

What are Service-native backups and snapshots?

Answer 1

Backups that are tightly integrated with the service they support [for example, making a daily snapshot for Amazon Relational Database Service (Amazon RDS) through the RDS console].

Question 2

When do Service-native solutions work best?

Answer 2

When you have no auditing requirements for the service and you are only required to back up a limited number of AWS services.

Question 3

What is a centralized policy-based backup and snapshots solution?

Answer 3

You can centralize, simplify, and automate data protection across the AWS services, in the cloud, and with on-premises solutions with one administrative console.

Question 4

What are recovery point objective (RPO)?

Answer 4

How far back in time you can go to recover the data. How much data loss can you tolerate?

Question 5

What are recovery time objective (RTO)?

Answer 5

The maximum amount of time that your business can be down or offline without affecting the business.

Question 6

What are audit and compliance objectives?

Answer 6

Some businesses are regulated by external entities and are required to comply to a monitored set of operational standards.

Question 7

What gets backed up for an EC2 instance?

Answer 7

The root Amazon EBS storage volume
Launch configurations
All associated EBS volumes
Amazon Machine Image (AMI), including all launch configurations

Question 8

Where does an EC2 backup to?

Answer 8

The backup data for compute is stored as an Amazon EBS volume-backed AMI, which is then stored by AWS Backup within an Amazon Simple Storage Service (Amazon S3) bucket.

Question 9

What configuration parameters are stored for an EC2 instance?

Answer 9

Instance type
    Security groups
    Amazon Virtual Private Cloud (Amazon VPC)
    Monitoring configuration
    Tags

Question 10

What doesn’t get backed up for an EC2 instance?

Answer 10

Configuration of the Elastic Inference accelerator, if it is attached to the instance

User data used when the instance was launched

Question 11

How does AWS Backup interact with Amazon EBS?

Answer 11

You can back up the data on your Amazon EBS volumes to Amazon S3 by taking point-in-time snapshots. A snapshot takes a copy of the EBS volume and places it in Amazon S3, where it is stored redundantly in multiple Availability Zones. The initial snapshot is a full copy of the volume; ongoing snapshots store incremental block-level changes only.

Question 12

How does AWS Backup interact with Amazon EFS?

Answer 12

You can use AWS Backup to back up all data in an EFS file system, whatever storage class the data is in.

AWS Backup performs incremental backups of EFS file systems. During the initial backup, a copy of the entire file system is made. During subsequent backups of that file system, only files and directories that have been changed, added, or removed are copied.

You can restore the entire file system or restore specific individual files and directories.

Question 13

What are the cost saving and optimization benefits to using AWS Backup for EFS?

Answer 13

Tiering backups to cold storage to reduce storage costs

Cost allocation tagging for use with AWS Cost Explorer

EFS backups can also be transitioned to lower tier storage, which helps in optimizing costs.

Question 14

How does AWS Backup interact with Amazon RDS?

Answer 14

Amazon RDS creates a storage volume snapshot of your DB instance, backing up the entire DB instance and not just individual databases.

Question 15

How does AWS backup interact with Aurora clusters?

Answer 15

Supports the creation, management, and restoration of Aurora backups directly from the AWS Backup console for both PostgreSQL-compatible and MySQL-compatible versions of Aurora.

copy a snapshot within and across AWS Regions.

Question 16

How does AWS Backup interact with Neptune?

Answer 16

Supports continuous and incremental Neptune backups, so you can restore to any point within the backup retention period (no performance impact or interruption of database service occurs as backup data is being written)

Lets you specify a backup retention period, from 1 to 35 days, when you create or modify a DB cluster

Question 17

How does AWS Backup interact with DynamoDB tables?

Answer 17

Store backups in encrypted backup vaults, which you can secure with AWS Backup Vault Lock, backup policies, and encryption keys.

Backups inherit tags from their source DynamoDB tables, so you can use those tags to set permissions and service control policies (SCPs).

Question 18

How does AWS Backup interact with DocumentDB?

Answer 18

Supports a single data protection policy in AWS Backup to automate the creation of independent, immutable, and protected snapshots of Amazon DocumentDB clusters across AWS Regions or accounts and restore your clusters from these snapshots

Question 19

What are the three key benefits of AWS Backup support for VMware?

Answer 19

Centrally manage data protection: Provides an automated, centrally managed backup location.

Improve backup compliance: Provides built-in controls for VMware backups so you can track backup and restore operations and generate auditor-ready reports.

Flexible restore options: Provides a single-click restore experience so you can restore VMware backups on-premises and in VMware Cloud on AWS.

Question 20

How does AWS Backup integrate with AWS Storage Gateway Volume?

Answer 20

You can back up on-premises applications that use Storage Gateway volumes for cloud-backed storage.
Supports backup and restore of both cached and stored volumes

Question 21

How is AWS Backup priced?

Answer 21

Different services are priced differently, so the pricing is unique to each service. The storage amount billed in a month is based on the average storage space used throughout the month and the charges appear on your bill next to each service; for instance, Amazon EC2, Amazon RDS, or Amazon S3.

Question 22

How is AWS Backup pricing determined?

Answer 22

The amount of storage you use

The service being used

Question 23

Which EC2 configuration parameters does AWS Backup back up?

Answer 23

Instance type
Security groups and Amazon Virtual Private Cloud (Amazon VPC)
Monitoring configuration and tags

Question 24

What are the three ways to access AWS Backup?

Answer 24

AWS Management Console through the graphical user interface
AWS Backup API for easy plugin
AWS Software Development Kits (SDKs) for added application ties and development

Question 25

What is transition to cold storage?

Answer 25

Resource types, such as Amazon EFS and DynamoDB, can be transitioned by AWS Backup to cold storage automatically. When available, use this feature to reduce storage costs.

Question 26

How long does recovery points have to remain in cold storage?

Answer 26

The recovery points that AWS Backup transitions to cold storage must remain there for at least 90 days.

Question 27

How long can snapshots be retained?

Answer 27

Snapshots can be retained between 1 day and 100 years (or indefinitely, if you do not enter a retention period), and continuous backups between 1 and 35 days.

Question 28

What is the benefits of cross-region copy?

Answer 28

Quickly restore from backups in the new AWS Region to reduce risk of downtime and ensure that disaster recovery and business continuity requirements are met.

Question 29

What is cross-account copy?

Answer 29

Store a backup copy in another account’s vault using the external vault Amazon Resource Name (ARN) or a different vault within the same account to provide multiple levels of security to your backups.

Question 30

What are recovery point tags?

Answer 30

Tags are key-value pairs that you can assign to specific resources to help you identify, organize, and filter your resources and backups.

Question 31

What is application-consistent backup?

Answer 31

Backup and restore your Volume Shadow Copy Service (VSS) enabled Microsoft Windows applications, including Windows Server, Microsoft SQL Server, Exchange Server, and SharePoint running on EC2 instances.

Question 32

What is a resource type?

Answer 32

includes every instance or resource of an AWS service or third-party application supported by AWS Backup.

Question 33

What is a resource?

Answer 33

is a single instance of a resource type, such as a specific EBS Volume ID. You can specify a resource using its unique resource ID.

Question 34

What are tags?

Answer 34

you can automate to include and ensure compliance for any new resources created and protected by this backup plan.

Question 35

What are some of the quotas in AWS Backup?

Answer 35

The following quotas apply to a single resource assignment in AWS Backup:

500 Amazon Resource Names (ARNs) without wildcards

30 ARNs with wildcard expressions

30 conditions

30 tags per resource assignment

Question 36

Which options are available when creating a new backup plan?

Answer 36

Define a plan using JavaScript Object Notation (JSON)
Build a new plan
Start with a template

Question 37

Which parameters are included when configuring a backup rule?

Answer 37

Backup frequency
Resource type
Backup window

Question 38

Which parameters are includes when configuring resource assignments?

Answer 38

AWS Identity and Access Management (IAM) role
Resource type
Resource assignment name

Question 39

What method does NOT result in a default backup vault being created?

Answer 39

AWS CLI
AWS SDK
AWS CloudFormation

Question 40

What are the requirements for a backup vault?

Answer 40

Backup vault names are case sensitive.

Backup vault names must contain 2–50 alphanumeric characters, hyphens, or underscores.

Question 41

How does AWS Backup work with AWS Organizations?

Answer 41

You can turn on organization-wide backup protection and monitoring using AWS Backup. This helps you achieve compliance by using backup policies to centrally apply AWS Backup plans to resources across all the accounts in your organization.

Question 42

What are the data protection benefits of using AWS Backup and AWS Organizations together?

Answer 42

A backup policy combines a backup plan with the other details required to apply the plan automatically to your accounts.

Policies attached to an account are merged with policies inherited from the organization’s root and any parent organizational unit (OU) to create an effective policy that applies to the account.

Question 43

What are the backup monitoring benefits of using AWS Backup and AWS Organizations together?

Answer 43

When you turn on trusted access for AWS Backup you can:
Use the AWS Backup console to view details about the backup, restore, and copy jobs in any of the accounts in your organization.

AWS Backup requires trusted access with AWS Organizations for monitoring of backup, restore, and copy jobs across your organization’s accounts.

Question 44

What type of security does the AWS Backup Vault Lock feature use?

Answer 44

Write-once, read-many (WORM)

Question 45

What are the benefits of having multiple backup vaults?

Answer 45

Limits who can access recovery points.
Limits the ability to delete backups.
Separates permissions.

Question 46

In Amazon CloudWatch metrics, what is the function of a namespace?

Answer 46

A container to hold CloudWatch metrics

Question 47

Which event notifications does AWS Backup support?

Answer 47

Recovery point jobs
Copy jobs
Backup and restore jobs

Question 48

What is AWS Backup Audit Manager?

Answer 48

A built-in service that automatically detects violations of your defined data protection policies and prompts you to take corrective actions.

Question 49

What is ‘backup resources protected by backup plan’ control?

Answer 49

This control helps identify gaps in your backup coverage, by a tag, by type, or a particular resource.

Question 50

What is the ‘backup plan min freq and min retention’ control?

Answer 50

Governs how frequently the backup plan should be taking backups and for how long recovery points should be maintained.

Question 51

What is the ‘backup prevent recovery point manual deletion’ control?

Answer 51

Up to five IAM roles allowed to manually delete recovery points if there are exceptions.

Question 52

What is ‘backup recovery point encrypted’ control?

Answer 52

Evaluates if the backup recovery points are encrypted.

Question 53

What is ‘backup recovery point min retention’ control?

Answer 53

Specify parameters ensuring that selected resources have valid recovery points in your backup vault and that the recovery points are retained for at least the specified backup recovery point minimum retention period.

Question 54

What are AWS Audit Manager reports?

Answer 54

These reports can illustrate to any third party auditor that you are adhering to the regulations required by your particular industry and its set of regulations.

Question 55

What is the AWS Audit manager report format and limits?

Answer 55

AWS Backup Audit Manager delivers a daily report in CSV, JSON, or both formats to your Amazon S3 bucket.

You can also run an on-demand report anytime.
You can have a maximum of 20 report plans per AWS account.

Question 56

What is an AWS Backup Audit report plan?

Answer 56

Similar to a backup plan, you create a report plan to automate the creation of your reports and define their destination Amazon S3 bucket.

Question 57

What is an AWS Backup Audit report template?

Answer 57

A report template defines the information you want included in your report.

Question 58

How does AWS Backup Audit Manager use controls?

Answer 58

To audit the adherence of a backup requirement

Question 59

What does a report plan require before you run reports?

Answer 59

An S3 bucket for storage

Question 60

What is cross-account management?

Answer 60

It allows them to set, change, and manage policies and resources for hundreds or thousands of accounts within a single view.

Question 61

What is cross-region copy?

Answer 61

Customers can easily build policies around a multiple-Region scheme for recovery in event of disaster or significant downtime.

Question 62

What is cross-account backup?

Answer 62

Being able to back up to another account within an AWS Organization can help you increase your footprint for recoverable data.