FAQ Flashcards
What is AWS Backup?
A fully managed service that enables you to centralize and automate data protection across on-premises and AWS services.
How does AWS Backup work?
Allows you to define a central data protection policy (called a backup plan) that works across AWS services for compute, storage, and databases.
Why should I use AWS Backup?
Protecting your data is an important step towards ensuring that you meet your business and regulatory compliance requirements.
What are the key features of AWS Backup?
AWS Backup provides a centralized console, automated backup scheduling, backup retention management, and backup monitoring and alerting.
What can I back up using AWS Backup?
Amazon Elastic Block Store (EBS) volumes,
Amazon Elastic Compute Cloud (EC2) instances (including Windows applications),
Amazon Relational Database Service (RDS) databases (including Amazon Aurora clusters),
Amazon DynamoDB tables,
Amazon Elastic File System (EFS) file systems,
Amazon FSx for Windows File Server file systems,
Amazon FSx for Lustre file systems,
Amazon Neptune databases,
Amazon DocumentDB (with MongoDB compatibility) databases,
AWS Storage Gateway volumes,
Amazon Simple Storage Service (S3).
Can I use AWS Backup to back up on-premises data?
Yes, you can use AWS Backup to back up your on-premises Storage Gateway volumes and VMware virtual machines, providing a common way to manage the backups of your application data both on premises and on AWS.
Can I use AWS Backup to access backups created by services with existing backup capabilities?
Yes. Backups created using services with existing backup capabilities, such as EBS Snapshots, can be accessed using AWS Backup.
How does AWS Backup work with other AWS services that have backup capabilities?
All existing per-service backup capabilities remain unchanged. AWS Backup provides a common way to manage backups across AWS services both on AWS and on premises.
How does AWS Backup relate to Amazon Data Lifecycle Manager and when should I use one over the other?
DLM provides a simple way to manage the lifecycle of EBS resources, such as volume snapshots. You should use DLM when you want to automate the creation, retention, and deletion of EBS Snapshots.
You should use AWS Backup to manage and monitor backups across the AWS services you use, including EBS volumes, from a single place.
What is a recovery point?
A recovery point represents the content of a resource at a specified time.
What is a backup plan?
A backup plan is a policy expression that defines when and how you want to back up your AWS resources, such as DynamoDB tables or EFS file systems.
What is a backup vault?
A backup vault (or backup storage vault) is an encrypted storage location in your AWS account that stores and organizes your backups (recovery points).
How does the AWS Backup lifecycle feature work?
The AWS Backup lifecycle feature allows you to automatically transition your recovery points from a warm storage tier to a lower-cost cold storage tier.
How does encryption work in AWS Backup?
Backups for Amazon EFS, Amazon DynamoDB, Amazon S3, and VMware virtual machines are encrypted in transit and at rest independently from the source services, giving your backups an additional layer of protection.
How do I use access policies in a backup vault to control access to backups?
AWS Backup allows you to set resource-based policies on backup vaults, enabling you to control access to the backup vault and the backups in it.
What services provide support for AWS Backup advanced features?
Services that have backup functionality built on AWS Backup support additional backup features, such as lifecycle tiering of backups to a low-cost storage tier, backup storage and encryption that is independent from its source data, and backup access policies.
What is AWS Backup Audit Manager?
AWS Backup Audit Manager allows you to audit and report on the compliance of your data protection policies to help you meet your business and regulatory needs.
Why should I use AWS Backup Audit Manager?
You should use AWS Backup Audit Manager if you want to verify that the workloads that you create in (or migrate to) AWS meet your data protection requirements.
How can I use AWS Backup Audit Manager?
You can use AWS Backup Audit Manager via the AWS Management Console, CLI, API, or SDK. AWS Backup Audit Manager provides built-in compliance controls and allows you to customize these controls to define your data protection policies.
What is a Backup Audit Manager control and framework?
An AWS Backup Audit Manager control is a procedure designed to audit the compliance of a backup requirement, such as backup frequency or backup retention period.
How does a Backup Audit Manager control work?
An AWS Backup Audit Manager control evaluates the configuration of your backup resources against your defined configuration settings.
How can I view the compliance results of my Backup Audit Manager controls and frameworks?
On the AWS Backup console, you can navigate to the Backup Audit Manager Frameworks section and click on the framework name to view the compliance status of your framework and controls.
What kind of reports can I create in Backup Audit Manager?
You can create reports related to your AWS Backup activity. These reports help you get details of your backup, copy, and restore jobs.
How does AWS Backup Audit Manager work with other AWS services?
AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.
Which compliance programs does AWS Backup support?
AWS has the longest-running compliance program in the cloud and is committed to helping customers navigate their requirements.
Is AWS Backup PCI compliant?
Yes. AWS Backup is PCI-DSS compliant, which means you can use it to transfer payment information.
Is AWS Backup HIPAA eligible?
Yes. AWS Backup is HIPAA eligible, which means if you have a HIPAA BAA in place with AWS, you can use AWS Backup to transfer protected health information (PHI).
What is AWS Backup Vault Lock?
AWS Backup Vault Lock is a feature that enables you to prevent changes to backup lifecycle as well as prevent manual deletion of backups, helping you meet your compliance requirements.
Why should I use AWS Backup Vault Lock?
You should use AWS Backup Vault Lock to ensure that no user, including administrators or perpetrators of malicious actions, can delete your backups or change their lifecycle settings such as retention periods and transition to cold storage.
How does AWS Backup Vault Lock differ from Amazon S3 Glacier Vault Lock?
While AWS Backup Vault Lock applies to data residing in your AWS Backup backup vault, Amazon S3 Glacier Vault Lock applies to an individual Amazon S3 Glacier Vault.
How does AWS Backup Vault Lock work?
AWS Backup Vault Lock is an optional configuration at the AWS Backup vault level and comprises three properties: minimum acceptable retention days, maximum acceptable retention days, and a cooling-off period. It blocks backup deletion operations and changes to their lifecycle.
How does AWS Backup for Amazon S3 work?
AWS Backup allows you to define a central backup policy to manage backup and restore for your application across AWS services for compute, storage, and database services.
How are these capabilities different from what Amazon S3 provides?
Both AWS Backup and Amazon S3 offer capabilities that help you manage the business continuity of your applications.
Can I use an existing backup plan in AWS Backup to start backing up Amazon S3?
Yes, if you already have a backup plan for your application and you want to use the same backup plan for S3, simply add your S3 resources to the existing backup plan using tags or S3 bucket ARNs.
What backup options are available in AWS Backup for Amazon S3?
You have two backup options available for S3 resources in AWS Backup: continuous and periodic. Continuous backups allow you to restore S3 resources to any point in time within the last 35 days.
Are there any prerequisites to creating backups of S3 buckets?
Yes, turning on S3 Versioning is a prerequisite to creating backups of S3 buckets and objects.
How does AWS Backup help with VMware data protection?
AWS Backup extends its in-cloud, fully managed service capabilities to your VMware environment, helping you provide a unified view of backups across your AWS and on-premises AWS environments.
How does AWS Backup support for VMware work?
AWS Backup connects to VMware workloads using AWS Backup gateway, which you’ll deploy in your VMware environment.
Which VMware versions and features do you support using AWS Backup?
AWS Backup supports VMware ESXi 6.7.X, and 7.0.X VMs running on NFS, VMFS, and VSAN datastores on premises, in VMware CloudTM on AWS, and on VMware CloudTM on AWS Outposts.
Where can I restore VMware backups?
You can restore VMware backups to a new on-premises VMware virtual host, VMware CloudTM on AWS, VMware CloudTM on AWS Outposts, or Amazon EBS from the AWS Backup console.
Can I transition VMware backups to a cold storage tier?
Yes, based on your organizational needs, you can configure lifecycle policies in AWS Backup to automatically transition your VMware backups from warm storage to low-cost cold storage.
What backup modes do you support for VMware?
AWS Backup supports first full, then incremental-forever backups of VMware VMs that you can create on demand or via the schedule as configured in your backup plan.
What level of consistency do you support for VMware backups?
AWS Backup, by default, captures app-consistent backups of VMware VMs using the VMware Tools quiescence setting on the VM.
Does AWS Backup support compression for VMware backups?
Yes, AWS Backup compresses VMware backups in transit to AWS, enabling you to optimally use your network connection to AWS.
Are my VMware backups encrypted?
Yes, your VM backups are encrypted in transit and at rest using AES-256 encryption algorithm. You can also use customer-managed keys to encrypt backups stored in the cloud.
Can I copy VMware backups to another AWS Region?
Yes, you can store a copy of VMware backups in a different AWS Region from your production backups, helping you to more easily meet business continuity, disaster recovery, and compliance requirements.
Can I copy VMware backups to another AWS account?
Yes, you can copy VMware backups to another AWS account, enabling you to use backups between your production and dev/test environments, or between different department and project accounts.
How much network bandwidth do I need to back up VMware VMs to AWS?
The network bandwidth you need depends on the number of VMware VMs you want to protect, the size of each VM, incremental data generated per VM, and your backup window and restore requirements.
What type of network connection do I use to back up VMware VMs to AWS?
You can use both AWS Direct Connect and VPN over the Internet to back up VMware VMs to AWS.
Reversed
A fully managed service that enables you to centralize and automate data protection across on-premises and AWS services.
What is AWS Backup?
Reversed
Allows you to define a central data protection policy (called a backup plan) that works across AWS services for compute, storage, and databases.
How does AWS Backup work?
Reversed
Protecting your data is an important step towards ensuring that you meet your business and regulatory compliance requirements.
Why should I use AWS Backup?
Reversed
AWS Backup provides a centralized console, automated backup scheduling, backup retention management, and backup monitoring and alerting.
What are the key features of AWS Backup?
Reversed
Amazon Elastic Block Store (EBS) volumes,
Amazon Elastic Compute Cloud (EC2) instances (including Windows applications),
Amazon Relational Database Service (RDS) databases (including Amazon Aurora clusters),
Amazon DynamoDB tables,
Amazon Elastic File System (EFS) file systems,
Amazon FSx for Windows File Server file systems,
Amazon FSx for Lustre file systems,
Amazon Neptune databases,
Amazon DocumentDB (with MongoDB compatibility) databases,
AWS Storage Gateway volumes,
Amazon Simple Storage Service (S3).
What can I back up using AWS Backup?
Reversed
Yes, you can use AWS Backup to back up your on-premises Storage Gateway volumes and VMware virtual machines, providing a common way to manage the backups of your application data both on premises and on AWS.
Can I use AWS Backup to back up on-premises data?
Reversed
Yes. Backups created using services with existing backup capabilities, such as EBS Snapshots, can be accessed using AWS Backup.
Can I use AWS Backup to access backups created by services with existing backup capabilities?
Reversed
All existing per-service backup capabilities remain unchanged. AWS Backup provides a common way to manage backups across AWS services both on AWS and on premises.
How does AWS Backup work with other AWS services that have backup capabilities?
Reversed
DLM provides a simple way to manage the lifecycle of EBS resources, such as volume snapshots. You should use DLM when you want to automate the creation, retention, and deletion of EBS Snapshots.
You should use AWS Backup to manage and monitor backups across the AWS services you use, including EBS volumes, from a single place.
How does AWS Backup relate to Amazon Data Lifecycle Manager and when should I use one over the other?
Reversed
A recovery point represents the content of a resource at a specified time.
What is a recovery point?
Reversed
A backup plan is a policy expression that defines when and how you want to back up your AWS resources, such as DynamoDB tables or EFS file systems.
What is a backup plan?
Reversed
A backup vault (or backup storage vault) is an encrypted storage location in your AWS account that stores and organizes your backups (recovery points).
What is a backup vault?
Reversed
The AWS Backup lifecycle feature allows you to automatically transition your recovery points from a warm storage tier to a lower-cost cold storage tier.
How does the AWS Backup lifecycle feature work?
Reversed
Backups for Amazon EFS, Amazon DynamoDB, Amazon S3, and VMware virtual machines are encrypted in transit and at rest independently from the source services, giving your backups an additional layer of protection.
How does encryption work in AWS Backup?
Reversed
AWS Backup allows you to set resource-based policies on backup vaults, enabling you to control access to the backup vault and the backups in it.
How do I use access policies in a backup vault to control access to backups?
Reversed
Services that have backup functionality built on AWS Backup support additional backup features, such as lifecycle tiering of backups to a low-cost storage tier, backup storage and encryption that is independent from its source data, and backup access policies.
What services provide support for AWS Backup advanced features?
Reversed
AWS Backup Audit Manager allows you to audit and report on the compliance of your data protection policies to help you meet your business and regulatory needs.
What is AWS Backup Audit Manager?
Reversed
You should use AWS Backup Audit Manager if you want to verify that the workloads that you create in (or migrate to) AWS meet your data protection requirements.
Why should I use AWS Backup Audit Manager?
Reversed
You can use AWS Backup Audit Manager via the AWS Management Console, CLI, API, or SDK. AWS Backup Audit Manager provides built-in compliance controls and allows you to customize these controls to define your data protection policies.
How can I use AWS Backup Audit Manager?
Reversed
An AWS Backup Audit Manager control is a procedure designed to audit the compliance of a backup requirement, such as backup frequency or backup retention period.
What is a Backup Audit Manager control and framework?
Reversed
An AWS Backup Audit Manager control evaluates the configuration of your backup resources against your defined configuration settings.
How does a Backup Audit Manager control work?
Reversed
On the AWS Backup console, you can navigate to the Backup Audit Manager Frameworks section and click on the framework name to view the compliance status of your framework and controls.
How can I view the compliance results of my Backup Audit Manager controls and frameworks?
Reversed
You can create reports related to your AWS Backup activity. These reports help you get details of your backup, copy, and restore jobs.
What kind of reports can I create in Backup Audit Manager?
Reversed
AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.
How does AWS Backup Audit Manager work with other AWS services?
Reversed
AWS has the longest-running compliance program in the cloud and is committed to helping customers navigate their requirements.
Which compliance programs does AWS Backup support?
Reversed
Yes. AWS Backup is PCI-DSS compliant, which means you can use it to transfer payment information.
Is AWS Backup PCI compliant?
Reversed
Yes. AWS Backup is HIPAA eligible, which means if you have a HIPAA BAA in place with AWS, you can use AWS Backup to transfer protected health information (PHI).
Is AWS Backup HIPAA eligible?
Reversed
AWS Backup Vault Lock is a feature that enables you to prevent changes to backup lifecycle as well as prevent manual deletion of backups, helping you meet your compliance requirements.
What is AWS Backup Vault Lock?
Reversed
You should use AWS Backup Vault Lock to ensure that no user, including administrators or perpetrators of malicious actions, can delete your backups or change their lifecycle settings such as retention periods and transition to cold storage.
Why should I use AWS Backup Vault Lock?
Reversed
While AWS Backup Vault Lock applies to data residing in your AWS Backup backup vault, Amazon S3 Glacier Vault Lock applies to an individual Amazon S3 Glacier Vault.
How does AWS Backup Vault Lock differ from Amazon S3 Glacier Vault Lock?
Reversed
AWS Backup Vault Lock is an optional configuration at the AWS Backup vault level and comprises three properties: minimum acceptable retention days, maximum acceptable retention days, and a cooling-off period. It blocks backup deletion operations and changes to their lifecycle.
How does AWS Backup Vault Lock work?
Reversed
AWS Backup allows you to define a central backup policy to manage backup and restore for your application across AWS services for compute, storage, and database services.
How does AWS Backup for Amazon S3 work?
Reversed
Both AWS Backup and Amazon S3 offer capabilities that help you manage the business continuity of your applications.
How are these capabilities different from what Amazon S3 provides?
Reversed
Yes, if you already have a backup plan for your application and you want to use the same backup plan for S3, simply add your S3 resources to the existing backup plan using tags or S3 bucket ARNs.
Can I use an existing backup plan in AWS Backup to start backing up Amazon S3?
Reversed
You have two backup options available for S3 resources in AWS Backup: continuous and periodic. Continuous backups allow you to restore S3 resources to any point in time within the last 35 days.
What backup options are available in AWS Backup for Amazon S3?
Reversed
Yes, turning on S3 Versioning is a prerequisite to creating backups of S3 buckets and objects.
Are there any prerequisites to creating backups of S3 buckets?
Reversed
AWS Backup extends its in-cloud, fully managed service capabilities to your VMware environment, helping you provide a unified view of backups across your AWS and on-premises AWS environments.
How does AWS Backup help with VMware data protection?
Reversed
AWS Backup connects to VMware workloads using AWS Backup gateway, which you’ll deploy in your VMware environment.
How does AWS Backup support for VMware work?
Reversed
AWS Backup supports VMware ESXi 6.7.X, and 7.0.X VMs running on NFS, VMFS, and VSAN datastores on premises, in VMware CloudTM on AWS, and on VMware CloudTM on AWS Outposts.
Which VMware versions and features do you support using AWS Backup?
Reversed
You can restore VMware backups to a new on-premises VMware virtual host, VMware CloudTM on AWS, VMware CloudTM on AWS Outposts, or Amazon EBS from the AWS Backup console.
Where can I restore VMware backups?
Reversed
Yes, based on your organizational needs, you can configure lifecycle policies in AWS Backup to automatically transition your VMware backups from warm storage to low-cost cold storage.
Can I transition VMware backups to a cold storage tier?
Reversed
AWS Backup supports first full, then incremental-forever backups of VMware VMs that you can create on demand or via the schedule as configured in your backup plan.
What backup modes do you support for VMware?
Reversed
AWS Backup, by default, captures app-consistent backups of VMware VMs using the VMware Tools quiescence setting on the VM.
What level of consistency do you support for VMware backups?
Reversed
Yes, AWS Backup compresses VMware backups in transit to AWS, enabling you to optimally use your network connection to AWS.
Does AWS Backup support compression for VMware backups?
Reversed
Yes, your VM backups are encrypted in transit and at rest using AES-256 encryption algorithm. You can also use customer-managed keys to encrypt backups stored in the cloud.
Are my VMware backups encrypted?
Reversed
Yes, you can store a copy of VMware backups in a different AWS Region from your production backups, helping you to more easily meet business continuity, disaster recovery, and compliance requirements.
Can I copy VMware backups to another AWS Region?
Reversed
Yes, you can copy VMware backups to another AWS account, enabling you to use backups between your production and dev/test environments, or between different department and project accounts.
Can I copy VMware backups to another AWS account?
Reversed
The network bandwidth you need depends on the number of VMware VMs you want to protect, the size of each VM, incremental data generated per VM, and your backup window and restore requirements.
How much network bandwidth do I need to back up VMware VMs to AWS?
Reversed
You can use both AWS Direct Connect and VPN over the Internet to back up VMware VMs to AWS.
What type of network connection do I use to back up VMware VMs to AWS?