Backup & Recovery Methods

Backup Types and the Archive Bit

CompTIA A+ objective 4.3 expects you to distinguish three backup types by what they copy and by how they treat the archive bit — a file attribute the OS sets when a file changes.

Because a differential never clears the archive bit, each day's differential keeps growing until the next full, but you only ever need two sets to restore. An incremental clears the bit, so each one is small and fast to create, but restoring requires the full plus every incremental in sequence.

Restore Math (Heavily Tested)

This is the most common Domain 4 calculation question.

Full (Sunday) + daily incrementals — restore Thursday:

Full (Sunday) + daily differentials — restore Thursday:

Rule of thumb: Incremental = fast backup, slow restore. Differential = slower backup each day, fast restore. Pick incremental when storage/backup window is tight; differential when fast recovery matters more.

The 3-2-1 Rule

This protects against single-drive failure, site-level disasters (fire, theft, flood), and ransomware that encrypts everything reachable on the LAN.

Recovery Objectives: RPO vs RTO

A tight RPO drives backup frequency; a tight RTO drives restore speed (which favors full or differential, and image-based recovery). The exam pairs each definition with one metric — do not swap them.

Backup Verification and Rotation

A backup you cannot restore is worthless, so CompTIA stresses backup testing/verification: periodically perform a test restore to confirm the media and job are good. Common rotation schemes:

• Grandfather-Father-Son (GFS) — daily (son), weekly (father), monthly (grandfather) sets, balancing retention with media use.
• 3-2-1 — the storage-distribution baseline above.
• On-site vs off-site/cloud — on-site restores fast; off-site/cloud survives a site disaster but restore speed depends on bandwidth.

Worked example: A small office has a 1-hour RTO and a 24-hour RPO. A nightly full backup satisfies the 24-hour RPO, and keeping that full on a fast local NAS plus a cloud copy satisfies the 1-hour RTO for local failures and the off-site requirement of 3-2-1. Switching to nightly incrementals would shrink the backup window but risks blowing the 1-hour RTO during a multi-set restore.

Choosing the Right Strategy on the Exam

CompTIA backup questions reward you for matching a strategy to a constraint. When a scenario emphasizes limited storage or a very short nightly backup window, the intended answer is incremental, because each incremental captures only the small set of files changed since the previous backup. When a scenario emphasizes fast or simple recovery, the intended answer is differential, because restoring requires only the most recent full plus the single latest differential rather than chaining many sets together.

A pure full-only strategy is correct when the data set is small enough to capture completely every night and recovery simplicity is the priority. Watch for distractors that mix the definitions, for example claiming that an incremental backup copies everything since the last full; that description actually belongs to a differential backup, and the swap is the single most common trick in this objective.

Backup Media, Location, and Why Testing Matters

The exam also distinguishes where backups live and how that affects both safety and recovery speed. An on-site backup on a local network-attached storage device restores quickly but shares the fate of the building in a fire, flood, or theft. An off-site or cloud backup survives a site-level disaster and is the copy that satisfies the off-site leg of the 3-2-1 rule, but its restore speed is gated by available internet bandwidth, which is why a large cloud-only restore can blow an aggressive recovery time objective.

This trade-off is why mature plans keep a fast local copy for routine restores and a cloud copy for disaster recovery rather than relying on either alone.

Finally, never lose sight of verification. A backup job that reports success but produces unrestorable media gives a false sense of safety, and CompTIA repeatedly frames this as the reason regular test restores are mandatory. A test restore confirms that the media is readable, the job captured the intended data, and the documented recovery steps actually work under pressure.

Encrypting backups, especially off-site and cloud copies, protects the data at rest, and documenting exactly what is backed up, how often, and how to restore it turns the backup plan into something any technician on the team can execute during an outage rather than tribal knowledge held by one person.