Backups, RTO, RPO, BCP, DR, and Resilience

Key Takeaways

RTO is the target time to restore service; RPO is the maximum acceptable data loss measured in time.
Backups are only reliable if restores are tested and results are documented.
BCP keeps critical business functions operating; DR focuses on restoring technology after disruption.
Resilience uses redundancy, failover, clustering, replication, and tested procedures to reduce downtime.
Backup designs should consider ransomware, deletion, corruption, region failure, and insider misuse.

Last updated: April 2026

Backups, Continuity, Disaster Recovery, and Resilience

Security+ expects you to connect business recovery requirements to technical designs. The best answer depends on how much downtime and data loss the business can tolerate.

RTO and RPO

Term	Meaning	Example
RTO	Recovery time objective: maximum acceptable time to restore service	"The portal must be back within 4 hours."
RPO	Recovery point objective: maximum acceptable data loss measured in time	"We can lose no more than 15 minutes of orders."

If the RPO is 15 minutes, a nightly backup is not enough. If the RTO is 30 minutes, a tape restore from offsite storage is probably too slow.

Backup Types

Backup type	What it copies	Restore notes
Full	All selected data	Simplest restore, highest storage/time cost
Incremental	Changes since last backup of any type	Efficient backup, restore may require multiple sets
Differential	Changes since last full backup	Larger over time, simpler than many incrementals
Snapshot	Point-in-time state	Fast rollback, not always a separate backup
Replication	Copies data to another system or region	Good for availability, can replicate corruption

Resilience Controls

Control	Purpose
Redundancy	Removes a single point of failure
Clustering	Multiple systems act together for availability
Load balancing	Distributes traffic and can route around failed nodes
Failover	Moves service to standby resources
Geographic diversity	Reduces impact of site or regional outage
Immutable backup	Reduces ransomware or accidental deletion risk
Offline backup	Protects a copy from online compromise

BCP vs DR

Plan	Focus	Example activity
Business continuity plan	Keep essential business functions operating	Manual order intake process during outage
Disaster recovery plan	Restore technology services after disruption	Rebuild database service in recovery region
Incident response plan	Manage security incidents	Contain ransomware and preserve evidence

These plans overlap but are not the same. A ransomware event may require incident response containment, disaster recovery restoration, and business continuity workarounds at the same time.

Practical Scenario

A clinic scheduling system has an RTO of two hours and an RPO of ten minutes. A single nightly backup does not meet either requirement. A stronger design may use database transaction log backups or continuous replication, tested failover to a warm standby environment, immutable backup copies, documented restoration steps, and periodic exercises with business users.

Common Exam Traps

Trap	Better exam reasoning
"A backup exists, so recovery is guaranteed."	Restore tests prove recoverability.
"Replication replaces backups."	Replication can copy deletion, corruption, or ransomware encryption.
"RTO means data loss."	RTO is time to restore service; RPO is acceptable data loss.
"High availability means no DR plan is needed."	HA reduces downtime but does not replace disaster planning.

Quick Drill

Match the clue:

"Back online within one hour": RTO.
"Lose no more than five minutes of transactions": RPO.
"Continue payroll manually during outage": BCP.
"Rebuild workloads in another region": DR.
"Backup copy cannot be changed for 30 days": immutable backup.

Test Your Knowledge

An application can tolerate 30 minutes of downtime but only 5 minutes of data loss. Which pair correctly identifies the requirements?

RTO 30 minutes, RPO 5 minutes

RTO 5 minutes, RPO 30 minutes

MTBF 30 minutes, MTTR 5 minutes

RPO 30 days, RTO 5 days

Test Your Knowledge

Why is replication alone not a complete backup strategy?

Replication can copy corrupted, deleted, or encrypted data to the replica

Replication only works for printed documents

Replication prevents all ransomware infections

Replication eliminates the need for access control

Test Your KnowledgeMulti-Select

Which activities best validate recovery readiness? Choose two.

Select all that apply

Performing a documented restore test

Assuming vendor uptime guarantees are enough

Running a tabletop exercise with business and technical teams

Deleting the recovery plan after the first successful backup

Up Next

Endpoint and Server Hardening

Domain 4 Part A: Secure Operations for Hosts, Cloud, Mobile, and IoT

CompTIA Security+

1Introduction & Exam Overview

2Domain 1: General Security Concepts (12%)

3Domain 1: Identity, Trust, and Cryptography Basics

4Domain 2: Threat Actors, Vectors, and Social Engineering

5Domain 2: Threats, Vulnerabilities, and Mitigations - Attacks

6Domain 2: Threats, Vulnerabilities, and Mitigations - Vulnerabilities

7Domain 3: Security Architecture - Secure Architecture Models

8Domain 3: Security Architecture - Network Security Architecture

9Domain 3 Part C: Data Protection and Resilience

10Domain 4 Part A: Secure Operations for Hosts, Cloud, Mobile, and IoT

11IAM Operations and Access Control

12Logging, Monitoring, and Detection

13Incident Response

14Digital Forensics and Investigation

15Vulnerability, Patch, Asset, and Automation Operations

16Governance, Policies, and Risk Management

17Third-Party Risk, Compliance, and Privacy

18Audits, Penetration Testing, and Awareness

19Final Review and PBQ Labs