Competitive Exam Master Guide โ Cybersecurity
Backup & Recovery Strategies
Complete Study Resource
Covers all exam-relevant concepts โ Types of Backup, RPO & RTO, DR Sites, 3-2-1 Rule, Indian cyber laws, RBI guidelines, and 60+ MCQs for Banking, UPSC, SSC, Railways & all Government Exams
๐ฆ IBPS / SBI / RBI
๐๏ธ UPSC / IAS
๐ SSC / Railways
๐ SEBI / NABARD
๐ป Cyber Security
๐ฎ๐ณ Indian IT Laws
๐ Rank Math SEO Settings
Focus Keyword
backup and recovery strategiesSecondary Keywords
types of backup in cybersecurity ยท RPO and RTO meaning ยท disaster recovery site types ยท 3-2-1 backup rule ยท backup recovery MCQ for competitive examsSEO Title (โค60 chars)
Backup and Recovery Strategies โ Cybersecurity MCQ Guide
Meta Description (โค160 chars)
Learn backup and recovery strategies for competitive exams. Covers full/incremental/differential backup, RPO, RTO, DR sites, 3-2-1 rule, RBI guidelines & 60+ MCQs.
Rank Math SEO Score Target
80+ (Good) โ Focus keyword in Title, H1, first paragraph, meta description, and at least one image alt text
Suggested Slug
/backup-and-recovery-strategies/Schema Type (Rank Math)
Article โ Educational Article
Internal Linking Tips
Link to: Cybersecurity Basics, GDPR & Data Protection, Ransomware & Malware, RBI Cybersecurity Framework articles
๐ Table of Contents
- What is Backup? โ Definition & Importance
- What is Recovery?
- Types of Backup โ Full, Incremental, Differential & More
- Backup Storage Methods
- RPO & RTO โ Key Recovery Parameters
- The 3-2-1 Backup Rule & Other Strategies
- Disaster Recovery (DR) Site Types
- Business Continuity & Disaster Recovery Planning
- RBI Guidelines & Indian Cybersecurity Context
- Security of Backup Data
- Quick Revision Sheet
- MCQ Practice Bank (60+ Questions)
Section 01
01What is Backup?
Core Definition
Backup is the process of creating a duplicate copy of data (files, databases, systems, or applications) so that it can be restored if the original is lost, deleted, corrupted, or destroyed due to any reason โ accidental or intentional.
Simple Way to Remember
Backup = Safety Copy of Data | Recovery = Getting that Copy Back
๐ก๏ธ
Protection from Data Loss
Guards against accidental deletion, file corruption, or software errors that wipe out critical information.
๐ป
Hardware Failure Recovery
Server crashes, hard disk failures, or storage device damage โ backups ensure data is not lost permanently.
๐ฆ
Ransomware / Cyber Attack
When ransomware encrypts data or malware deletes files, a clean backup is the only way to restore operations without paying ransom.
๐ฆ
Business Continuity
Banks and financial institutions MUST maintain backups to keep services running and comply with RBI, SEBI, and IT Act requirements.
๐ช๏ธ
Disaster Recovery
Natural disasters (floods, earthquakes, fire) can destroy physical servers. Offsite backups enable recovery from geographic disasters.
๐
Regulatory Compliance
RBI, CERT-In, IT Act 2000, and DPDP Act 2023 mandate secure data storage, retention, and recovery capability for organizations.
Section 02
02What is Recovery?
Definition
Recovery is the process of restoring lost, corrupted, or destroyed data from a backup copy to its original location or to an alternate system, so that normal operations can resume.
| Term | What It Means | Example |
|---|---|---|
| Data Recovery | Restoring specific files or databases from backup | Recovering a deleted customer database from last night’s backup |
| System Recovery | Restoring the entire server/system, including OS and applications | Rebuilding a crashed Core Banking Server from a full system backup |
| Disaster Recovery (DR) | Restoring full business operations after a major incident | Switching operations to a DR site after the primary data centre floods |
| Point-in-Time Recovery | Restoring data to a specific time before a failure or corruption event | Restoring bank database to the state it was in at 9:00 AM before a malware attack at 11:00 AM |
Section 03
03Types of Backup Most Asked
โ ๏ธ Exam Alert โ This Is the Most Frequently Tested Topic
The difference between Full, Incremental, and Differential backup is asked in almost every banking, SSC, and UPSC exam that covers cybersecurity or IT. Know these by heart.
| Backup Type | What It Copies | Speed (Backup) | Speed (Restore) | Storage Used | Example Use |
|---|---|---|---|---|---|
| Full Backup | Complete copy of ALL data every time | Slowest | Fastest | Most | Weekly Sunday night backup of entire bank database |
| Incremental Backup | Only data changed since the last backup (of any type) | Fastest | Slowest | Least | Daily backup of only Monday’s new transactions |
| Differential Backup | Only data changed since the last Full backup | Medium | Medium | Medium | Wednesday backup of all changes since Sunday’s full backup |
| Mirror Backup | Exact real-time copy of source โ no historical versions | Real-time | Instant | Very High | RAID disk mirroring for ATM transaction data |
| Snapshot Backup | Point-in-time image of data or system state | Very Fast | Fast | Medium | VM snapshot before a software update in a bank’s data centre |
| Continuous Data Protection (CDP) | Every change is instantly captured and saved | Continuous | Fastest | Highest | Core banking systems requiring near-zero data loss |
Full vs Incremental vs Differential โ Side-by-Side
Full Backup
Copies: Everything, every time
Restore: Need only 1 backup set
Storage: Highest
Time: Slowest to create
Best for: Weekly baseline backup
Incremental Backup
Copies: Changes since last backup
Restore: Need Full + every incremental
Storage: Lowest
Time: Fastest to create
Best for: Daily backups (space-saving)
Differential Backup
Copies: Changes since last Full
Restore: Need Full + latest Differential
Storage: Medium (grows over time)
Time: Medium
Best for: Balance of speed & restore ease
Tricky MCQ Trap โ Know This!
Incremental = changes since last backup of ANY type.Differential = changes since last FULL backup.
Incremental uses least storage but has slowest restore (you need Full + every incremental in sequence). Differential has faster restore (you only need Full + the latest Differential).
Section 04
04Backup Storage Methods & Media
| Method | Description | Advantages | Example |
|---|---|---|---|
| Local Backup | Stored on the same site โ hard disk, NAS, SAN | Fast restore; easy access | Branch-level file server backup |
| Offsite Backup | Stored at a different physical location | Protection from site disasters | Tapes transported to DR centre |
| Cloud Backup | Data backed up to cloud provider over the internet | Scalable; accessible anywhere; lower capital cost | AWS S3, Azure Backup, Google Cloud |
| Hybrid Backup | Combination of local + cloud backup | Speed of local + safety of cloud | Local for quick restore; cloud for DR |
| Tape Backup | Data written to magnetic tape cartridges | Very low cost per GB; long shelf life | Long-term archival; regulatory storage |
| NAS (Network Attached Storage) | Dedicated storage server on local network | Centralized; fast LAN access | Intra-bank network backups |
| SAN (Storage Area Network) | High-speed dedicated network for storage | Enterprise-grade; very fast | Large bank data centres |
| Immutable Storage | Backup that cannot be modified or deleted (even by admins) | Best protection against ransomware | WORM (Write Once Read Many) tapes; cloud object lock |
Latest Trend โ Ransomware Defence
Immutable backups are the gold standard against ransomware. Since ransomware often targets and encrypts backup files too, an immutable backup (which cannot be altered or deleted for a set period) ensures a clean copy always survives. This is now recommended by CERT-In and RBI cyber guidelines.
Section 05
05RPO & RTO โ The Two Critical Parameters Hot MCQ
| Parameter | Full Form | What It Means | Example |
|---|---|---|---|
| RPO | Recovery Point Objective | Maximum amount of data loss that is acceptable. Determines how often backups must be taken. | RPO = 15 minutes โ bank must backup every 15 minutes. If a crash occurs, you lose at most 15 min of data. |
| RTO | Recovery Time Objective | Maximum time allowed to restore systems and resume operations after a failure. | RTO = 2 hours โ systems must be fully operational again within 2 hours of the outage. |
Memory Trick
RPO = How much data can you afford to LOSE? (= backup frequency)RTO = How long can you afford to be DOWN? (= recovery speed required)
Lower RPO and RTO = More expensive but better protection. Critical systems (like Core Banking) need very low RPO & RTO.
| System | RPO (Max Data Loss) | RTO (Max Downtime) | Strategy Required |
|---|---|---|---|
| Core Banking System (CBS) | 5โ10 minutes | 30โ60 minutes | Real-time replication + Hot DR site |
| ATM Network | Near Zero | < 30 minutes | Continuous replication + instant failover |
| Email Server | 4โ8 hours | 4โ8 hours | Daily backup + Warm site |
| Archival / Compliance Data | 24 hours | 24โ48 hours | Daily backup + Offsite tape / cloud |
| Internal HR Systems | 24 hours | 48โ72 hours | Daily backup + Cold site |
Section 06
06The 3-2-1 Rule & Other Backup Strategies
The 3-2-1 Backup Rule Exam Favourite
3
Copies of Data
Keep 3 total copies: 1 primary + 2 backups
2
Different Media Types
Store on 2 different types of media (e.g., disk + tape, or disk + cloud)
1
Offsite Location
At least 1 copy stored at a geographically separate location
| Strategy | Description | Best Used For |
|---|---|---|
| 3-2-1 Backup Rule | 3 copies ยท 2 different media ยท 1 offsite | Universal best practice โ all organizations |
| 3-2-1-1-0 Rule (Modern) | 3-2-1 plus: 1 copy offline/immutable, 0 errors verified | Banks and enterprises facing ransomware threats |
| Grandfather-Father-Son (GFS) | Rotation: Monthly (Grandfather) โ Weekly (Father) โ Daily (Son) backups on rotation | Tape backup rotation in older banking systems |
| Continuous Data Protection (CDP) | Every data change is immediately captured โ enables point-in-time recovery to any moment | Core banking, stock exchange, payment systems |
| Snapshot | Point-in-time image of data, typically on the same storage system | Virtual machine management; quick rollback |
| Replication | Real-time or near-real-time copy of data to a secondary location/site | DR setup for mission-critical banking systems |
| Bare-Metal Backup | Full backup of entire system including OS, apps, and data โ restore to any hardware | Quick full-system recovery after catastrophic failure |
Section 07
07Disaster Recovery Site Types Most Asked
Cold Site
Basic infrastructure only โ power, cooling, network. No pre-installed systems or data. Cheapest but slowest to activate. Activation time: Days to Weeks.
Warm Site
Partially equipped โ hardware installed, some data synced periodically. Moderate cost. Activation time: Hours to a Day.
Hot Site
Fully equipped, systems running, data replicated in near-real-time. Can take over immediately. Most expensive. Activation time: Minutes.
Cloud DR Site
DR infrastructure hosted on cloud (AWS, Azure, GCP). Pay-as-you-go. Scalable. Increasingly adopted by Indian banks and fintechs.
| Feature | Cold Site | Warm Site | Hot Site | Cloud DR |
|---|---|---|---|---|
| Setup Cost | Lowest | Medium | Highest | Variable (OpEx) |
| Running Cost | Very Low | Medium | Very High | Pay-per-use |
| Recovery Time | DaysโWeeks | Hoursโ1 Day | Minutes | MinutesโHours |
| Data Currency | Outdated | Periodic sync | Near real-time | Configurable |
| Best For | Non-critical systems | Medium-priority apps | Core banking, ATM | Modern banks, fintechs |
| RBI Applicability | Not suitable for CBS | Acceptable for email | Mandatory for CBS | Compliant if data stays in India |
Exam Memory Trick
Cold = No data, no systems (just space & power)Warm = Some data, some systems
Hot = Full data, full systems โ always ready
Think of temperature: the hotter the site, the faster (and more expensive) the recovery.
Near DR vs Far DR โ Indian Banking Context
| Type | Location | Purpose | RBI Guidance |
|---|---|---|---|
| Primary Data Centre | Main operations location | Live production systems | Must have full redundancy |
| Near DR (Secondary Site) | Within same city / metro โ different zone | Quick failover for local incidents | Synchronous replication preferred |
| Far DR (Tertiary Site) | Different city / state / region | Recovery from regional disaster (earthquake, flood) | Required for Systemically Important Banks |
Section 08
08Business Continuity & Disaster Recovery Planning
| Term | Full Form | Meaning | Exam Relevance |
|---|---|---|---|
| BCP | Business Continuity Plan | Broader plan to keep ALL critical business functions running during and after a disaster โ covers people, processes, and technology | High |
| DRP | Disaster Recovery Plan | Specific technical plan to restore IT systems and data after a disaster. DRP is a subset of BCP. | High |
| BIA | Business Impact Analysis | Assessment of how an outage affects business operations โ identifies critical systems and acceptable downtime. Input to set RPO & RTO. | Medium |
| COOP | Continuity of Operations Plan | Government term for BCP โ ensures government functions continue during emergencies | Medium |
| Tabletop Exercise | โ | Simulation exercise where team discusses DR scenarios without actual system activation โ tests plan readiness | LowโMedium |
| Failover | โ | Automatic switching to a backup system/site when the primary fails โ key feature of a Hot Site | Medium |
| Failback | โ | Returning operations back to the primary site after it has been repaired and restored | Low |
Key Relationship
BCP โ DRP (BCP is the parent; DRP is a subset of BCP)DRP focuses on IT recovery; BCP covers entire business operations including staff, facilities, communications, and suppliers.
Section 09
09RBI Guidelines & Indian Cybersecurity Context
๐ฎ๐ณ Indian Banking โ Backup & DR Requirements
RBI Cybersecurity Framework & IT Policy (Key Backup Requirements)
- Banks must maintain at least 3 generations of backup (current + 2 previous copies โ Grandfather-Father-Son pattern)
- Backups must be stored offsite in a secure, geographically separate location
- All backup media must be encrypted with strong encryption (AES-256 recommended)
- Access control โ only authorised personnel can access backup media
- Periodic restore testing โ mandatory to ensure backups are actually recoverable
- Maintain a Backup Register for physical media tracking (tapes, disks)
- Backup and recovery strategy must align with the bank’s BCP and DRP
- Near DR site (same city) and Far DR site (different city) mandatory for Systemically Important Banks (SIBs)
- Core Banking Systems (CBS) require Hot DR site with real-time or near-real-time replication
CERT-In 2022 Directions โ Relevant for Backup/Logs
| Requirement | Details |
|---|---|
| Log Retention | All ICT system logs must be maintained for a rolling 180 days |
| Incident Reporting | Cyber incidents must be reported to CERT-In within 6 hours |
| Data Synchronisation | All systems’ clocks must be synchronised to NTP (Network Time Protocol) โ helps in forensic recovery |
| VPN / Cloud Provider Records | VPN and cloud service providers must maintain subscriber records for 5 years |
Other Relevant Indian Laws for Data & Backup
| Law / Act | Relevance to Backup & Recovery |
|---|---|
| IT Act 2000 (Section 43A) | Companies must protect sensitive personal data through reasonable security โ failure = compensation liability |
| DPDP Act 2023 | Data Fiduciaries must protect personal data โ failure/breach = penalties up to โน250 crore; implies need for secure backup |
| RBI Data Localisation | Payment data must be stored only on servers within India โ applies to cloud backup destinations too |
| SEBI | Stock brokers and market participants must maintain data backup as per SEBI circular requirements on BCP |
| IRDAI (Insurance) | Insurance companies must maintain BCP/DRP and data backup per IRDAI IT guidelines |
Section 10
10Security of Backup Data
| Security Measure | What It Does | Why It Matters |
|---|---|---|
| Encryption | Converts backup data into unreadable format โ AES-256 recommended | Protects data if backup media is lost, stolen, or intercepted |
| Access Control | Only authorised personnel can read or modify backups | Prevents insider threats and unauthorised access |
| Immutability | Backup cannot be altered or deleted for a defined period (WORM storage) | Essential defence against ransomware that targets backup files |
| Restore Testing | Periodically restore data from backup to verify it works | “A backup never tested is not a backup” โ critical for confidence |
| Offsite / Geographically Separate Storage | Store copies in different physical location | Protects against site-level disasters (fire, flood, theft) |
| Secure Transport | Encrypted transfer when moving tapes or data electronically | Prevents interception during backup media transit |
| Audit Logging | Track who accessed, modified, or restored backup data and when | Supports forensics, compliance, and accountability |
| Retention Policy | Define how long each backup version is kept before deletion | Meets regulatory requirements; prevents data hoarding or premature deletion |
| Labelling & Inventory | Properly label all backup media with date, content, and classification | Ensures correct media is used for restore; prevents mistakes |
Ransomware + Backup โ Critical Exam Concept
Modern ransomware actively seeks and encrypts backup files before attacking primary data. Defence:โ Immutable backups (cannot be modified) โก Air-gapped backups (physically disconnected from network) โข Offsite copies โฃ Regular restore testing
โก Quick Revision Sheet โ Read This Before Your Exam
Backup Types
Full = all data ยท Incremental = since last backup ยท Differential = since last Full ยท Mirror = real-time copy ยท Snapshot = point-in-time image ยท CDP = every change captured
RPO vs RTO
RPO = how much data you can LOSE (backup frequency) ยท RTO = how long you can be DOWN (recovery speed). Lower = Better but costly.
3-2-1 Rule
3 copies ยท 2 different media types ยท 1 offsite location. Modern version: 3-2-1-1-0 (add 1 immutable + 0 errors).
DR Site Types
Cold = cheapest, slowest (days) ยท Warm = medium ยท Hot = fastest (minutes), most expensive ยท Cloud DR = pay-per-use
GFS Rotation
Grandfather = Monthly ยท Father = Weekly ยท Son = Daily. Classic tape rotation backup strategy.
BCP vs DRP
BCP = entire business continuity ยท DRP = IT systems recovery ยท DRP is SUBSET of BCP
RBI Backup Rules
3 generations ยท Offsite storage ยท AES-256 encryption ยท Restore testing ยท Backup register ยท Near + Far DR sites
CERT-In Log Rule
Logs retained for 180 days ยท Cyber incidents reported in 6 hours ยท VPN records for 5 years
Incremental vs Differential
Incremental: least storage, slowest restore, needs ALL incrementals ยท Differential: more storage, faster restore, needs Full + 1 differential
Immutable Backup
Cannot be changed or deleted โ best defence against ransomware. WORM storage (Write Once, Read Many).
Data Localisation (RBI)
Payment system data must be stored on servers INSIDE India. Applies to cloud backup too.
Key Numbers
CERT-In: 6 hrs incident report ยท 180 days log retention ยท DPDP Act: โน250 Cr penalty ยท GDPR: 72 hrs breach report
MCQ Practice Bank
60+ Questions ยท Based on Previous Exam Trends ยท Banking ยท UPSC ยท SSC ยท Railways ยท RBI ยท SEBI
๐ Chapter 1 โ Basics: Backup & Recovery (Q1โQ12)
โ
HOT
Q1. The primary purpose of a backup is:
- a) To increase system speed
- b) To delete old files automatically
- c) To create a duplicate copy of data that can be restored if the original is lost or corrupted โ
- d) To encrypt data permanently
Answer: c) A backup is a safety copy of data used to restore operations after data loss due to deletion, corruption, hardware failure, or cyberattack.
โ
HOT
Q2. Recovery in the context of IT and cybersecurity means:
- a) Creating a new backup
- b) Restoring lost or damaged data from backup to resume normal operations โ
- c) Deleting corrupted files permanently
- d) Archiving old data to free up space
Answer: b) Recovery is the process of restoring data and systems from backup so that operations can continue after a failure or disaster.
Q3
Q3. Which type of backup copies ALL data every time it runs?
- a) Incremental Backup
- b) Differential Backup
- c) Full Backup โ
- d) Snapshot Backup
Answer: c) A Full Backup copies all data regardless of whether it changed. It takes the most time and storage but offers the simplest and fastest restore.
โ
HOT
Q4. Incremental backup copies data that has changed since:
- a) The last Full backup only
- b) The last backup of ANY type (Full or Incremental) โ
- c) The beginning of the month
- d) The system was installed
Answer: b) Incremental backup captures only changes since the LAST backup โ whether that was a Full or another Incremental. This is the key distinction from Differential backup.
โ
HOT
Q5. Differential backup copies data that has changed since:
- a) The last FULL backup only โ
- b) The last backup of any type
- c) Yesterday’s incremental backup
- d) The last archive
Answer: a) Differential backup always measures from the last FULL backup. Each day’s differential gets larger (contains all changes since Full), unlike incremental which resets after each backup.
Q6
Q6. Which backup type uses LEAST storage space?
- a) Full Backup
- b) Incremental Backup โ
- c) Differential Backup
- d) Mirror Backup
Answer: b) Incremental backup copies only the changes since the last backup (which may be very small), so it uses the least storage of any backup type.
Q7
Q7. Which backup type has the SLOWEST restore time?
- a) Full Backup
- b) Differential Backup
- c) Incremental Backup โ
- d) Mirror Backup
Answer: c) To restore from Incremental backups, you need the last Full backup PLUS every Incremental in sequence โ making it the slowest restore method.
Q8
Q8. A mirror backup differs from a full backup because it:
- a) Only copies half the data
- b) Is slower than full backup
- c) Provides a real-time exact copy without maintaining historical versions โ
- d) Only backs up the operating system
Answer: c) A mirror backup is an exact real-time copy of the source. Unlike a full backup, it does not keep previous versions โ if you delete a file on the source, it’s deleted from the mirror too.
Q9
Q9. A snapshot in backup and storage refers to:
- a) A photograph of the server room
- b) A point-in-time image of data or a system that can be used for quick rollback โ
- c) A compression technique for backups
- d) A type of tape backup
Answer: b) A snapshot captures the exact state of data or a virtual machine at a specific moment, enabling fast rollback if something goes wrong (e.g., before a software update).
Q10
Q10. Continuous Data Protection (CDP) means:
- a) Taking one backup per month continuously
- b) Backing up only documents
- c) Every data change is captured instantly, enabling recovery to any point in time โ
- d) Continuously deleting old data
Answer: c) CDP captures every write operation as it happens. It enables point-in-time recovery to any moment โ ideal for Core Banking Systems and stock exchanges where every second matters.
Q11
Q11. A “bare-metal backup” refers to:
- a) Backup of only the operating system
- b) A complete backup including OS, applications, and data that allows full system restore to any hardware โ
- c) Backup stored on external hard drives only
- d) A backup with no encryption
Answer: b) Bare-metal backup captures the entire system (OS + apps + data) as an image, allowing complete system rebuild on replacement hardware without reinstalling software separately.
Q12
Q12. Which backup type is growing fastest in modern banking due to its protection against ransomware?
- a) Tape Backup
- b) Mirror Backup
- c) Immutable Backup โ
- d) Incremental Backup
Answer: c) Immutable backups (which cannot be altered or deleted for a set period) are the best defence against ransomware, which actively targets and encrypts backup files. WORM storage and cloud object lock enable this.
๐ Chapter 2 โ RPO, RTO & Storage (Q13โQ25)
โ
HOT
Q13. RPO (Recovery Point Objective) defines:
- a) Maximum time allowed to restore systems
- b) Maximum acceptable data loss โ how far back in time you can recover โ
- c) Number of backup copies required
- d) Cost of the recovery process
Answer: b) RPO answers: “If a disaster strikes now, how much data can we afford to lose?” A 1-hour RPO means backups must run every hour, and you may lose up to 1 hour of data.
โ
HOT
Q14. RTO (Recovery Time Objective) defines:
- a) Maximum data loss acceptable
- b) Maximum time allowed to restore IT systems and resume operations after a disaster โ
- c) Number of recovery staff required
- d) Backup storage capacity
Answer: b) RTO answers: “How quickly must we be back online after a disaster?” A 2-hour RTO means systems must be fully operational within 2 hours of the outage.
โ
HOT
Q15. A bank’s Core Banking System has RPO = 5 minutes. This means:
- a) The system must be restored within 5 minutes
- b) Backups must run every 5 minutes so that no more than 5 minutes of data is ever lost โ
- c) The system can be down for 5 minutes maximum
- d) 5 copies of backup must be maintained
Answer: b) RPO = backup frequency. RPO of 5 minutes means if disaster strikes, at most 5 minutes of transactions are lost. This requires near-continuous replication.
Q16
Q16. Which combination of strategies would achieve the LOWEST possible RPO for a Core Banking System?
- a) Weekly full backup only
- b) Daily incremental backup to tape
- c) Real-time synchronous replication to a Hot DR site โ
- d) Monthly full backup to cloud
Answer: c) Synchronous replication copies every transaction to the DR site as it happens โ achieving near-zero RPO. This is why Hot Sites are used for mission-critical banking systems.
Q17
Q17. The 3-2-1 backup rule means:
- a) 3 total copies ยท on 2 different media types ยท 1 stored offsite โ
- b) 3 full backups ยท 2 weekly ยท 1 monthly
- c) 3 storage devices ยท 2 servers ยท 1 tape
- d) 3 years retention ยท 2 media types ยท 1 team
Answer: a) The 3-2-1 rule is the universal backup best practice: 3 copies (1 primary + 2 backups), stored on 2 different media types, with at least 1 copy offsite to protect against site disasters.
โ
EXPECTED
Q18. The modern 3-2-1-1-0 backup rule adds which two additional requirements to 3-2-1?
- a) 1 offline/immutable copy + 0 unverified backups
- b) 1 immutable or air-gapped copy + 0 errors (all backups verified) โ
- c) 1 extra offsite + 0 tapes
- d) 1 additional cloud copy + 0 full backups
Answer: b) The 3-2-1-1-0 rule extends 3-2-1 by requiring 1 copy to be immutable or air-gapped (ransomware defence) and 0 errors (backups must be tested and verified as restorable).
Q19
Q19. The Grandfather-Father-Son (GFS) backup rotation refers to:
- a) Three different backup software products
- b) A rotation scheme: Monthly (Grandfather) + Weekly (Father) + Daily (Son) backups โ
- c) Three generations of storage hardware
- d) A cloud backup rotation strategy
Answer: b) GFS is a classic tape rotation strategy. Grandfather = monthly (longest retention), Father = weekly, Son = daily (most frequent, shortest retention).
Q20
Q20. NAS in the context of backup storage stands for:
- a) Network Automation System
- b) Network Attached Storage โ
- c) Networked Archive System
- d) National Archival Service
Answer: b) NAS (Network Attached Storage) is a dedicated storage device connected to a network, providing centralized, fast file storage accessible over LAN โ commonly used for bank branch backups.
Q21
Q21. Which backup medium offers the lowest cost per GB for long-term archival?
- a) SSD (Solid State Drive)
- b) Cloud Storage
- c) Magnetic Tape โ
- d) NVMe Drive
Answer: c) Magnetic tape remains the cheapest storage medium per gigabyte and has a shelf life of 30+ years, making it ideal for long-term archival and regulatory compliance storage in banking.
Q22
Q22. Storing backup data at the same physical location as production data is:
- a) Best practice โ for fastest restore
- b) Acceptable if encrypted
- c) A poor practice โ a single disaster (fire, flood) could destroy both backup and production โ
- d) Required by RBI guidelines
Answer: c) Onsite-only backup creates a single point of failure. A fire, flood, or earthquake could destroy both primary and backup data simultaneously โ defeating the purpose of backup.
Q23
Q23. Data deduplication in backup systems means:
- a) Creating duplicate copies of data
- b) Identifying and eliminating duplicate data blocks to save storage space โ
- c) Doubling the backup frequency
- d) Deleting old backup files
Answer: b) Deduplication identifies identical data blocks (e.g., the same email attachment sent to 100 people) and stores only one copy, significantly reducing backup storage requirements.
Q24
Q24. An air-gapped backup means:
- a) A backup stored on cloud servers
- b) A backup with no encryption
- c) A backup physically disconnected from all networks โ impossible for ransomware to reach โ
- d) A backup compressed using zip format
Answer: c) Air-gapped backups are completely isolated from networks (stored offline). Since ransomware spreads through networks, it cannot reach air-gapped copies โ providing the strongest protection.
Q25
Q25. A cloud backup’s primary advantage over local backup is:
- a) It requires no internet connection
- b) It is always faster to restore
- c) It is offsite, scalable, and provides geographic redundancy at lower capital cost โ
- d) It eliminates the need for encryption
Answer: c) Cloud backup is automatically offsite (geographic redundancy), easily scalable, and eliminates capital investment in physical storage infrastructure โ ideal for modern banks and fintechs.
๐ Chapter 3 โ DR Sites, BCP & DRP (Q26โQ40)
โ
HOT
Q26. A Hot Site in Disaster Recovery terms is:
- a) A physically warm server room with good air conditioning
- b) A site with basic infrastructure but no data
- c) A fully equipped alternate site with real-time data replication that can take over operations within minutes โ
- d) A cloud-only backup solution
Answer: c) A Hot Site mirrors the primary site with live systems and near-real-time data. It can assume operations almost instantly (minutes) โ mandatory for Core Banking Systems per RBI guidelines.
โ
HOT
Q27. A Cold Site in Disaster Recovery is:
- a) A fully equipped site ready to take over immediately
- b) A basic facility with only power, cooling, and network โ no pre-installed systems or current data โ
- c) A cloud DR solution
- d) A site in a cold geographic region
Answer: b) Cold Site provides only the physical infrastructure. Systems and data must be installed during a disaster, making recovery take days to weeks โ but it’s the cheapest DR option.
Q28
Q28. A Warm Site is best described as:
- a) Identical to a Hot Site but in a warmer climate
- b) Partially equipped with some hardware and periodic data synchronisation โ recovery takes hours to one day โ
- c) Same as a Cold Site
- d) A hot site that has been shut down
Answer: b) Warm Site is a middle ground โ some hardware is pre-installed and data is synchronized periodically (not real-time). Recovery takes hours to a day. Good balance of cost vs. recovery speed.
Q29
Q29. Which DR site type is MOST EXPENSIVE to maintain?
- a) Cold Site
- b) Warm Site
- c) Hot Site โ
- d) Tape Vault
Answer: c) A Hot Site maintains a complete, running duplicate of the primary infrastructure with real-time data replication โ requiring double the hardware, licensing, and operational costs.
Q30
Q30. BCP stands for:
- a) Backup Control Plan
- b) Business Cost Protection
- c) Business Continuity Plan โ
- d) Banking Compliance Protocol
Answer: c) BCP (Business Continuity Plan) is the comprehensive plan to keep all critical business functions running during and after a disaster โ covering people, processes, facilities, and technology.
โ
HOT
Q31. What is the relationship between BCP and DRP?
- a) They are the same thing
- b) DRP is the parent plan; BCP is a subset
- c) BCP is the parent plan; DRP is a subset of BCP focusing specifically on IT system recovery โ
- d) BCP covers only financial recovery; DRP covers only IT recovery
Answer: c) BCP is the broader plan for overall business continuity. DRP (Disaster Recovery Plan) is a specific component of BCP that focuses on restoring IT systems, data, and technology infrastructure.
Q32
Q32. BIA (Business Impact Analysis) is used to:
- a) Calculate backup costs
- b) Identify critical business processes and determine how outages would affect them โ used to set RPO and RTO โ
- c) Analyse backup media quality
- d) Survey employee satisfaction
Answer: b) BIA identifies which systems and processes are most critical, quantifies the impact of their unavailability, and provides the data needed to set appropriate RPO and RTO targets.
Q33
Q33. “Failover” in DR context means:
- a) A backup system that has failed
- b) The automatic switching of operations to a backup site or system when the primary system fails โ
- c) The process of testing backup media
- d) Restoring data to the primary site after repair
Answer: b) Failover is the automatic (or manual) switch to a standby system when the primary fails. A Hot Site enables fast, automatic failover for banking systems.
Q34
Q34. “Failback” in DR context means:
- a) A DR site that has failed to activate
- b) Returning operations from the DR site back to the repaired primary site โ
- c) Deleting data from the DR site
- d) Creating a backup of the DR site
Answer: b) After the primary site is repaired and ready, “failback” is the process of gracefully transferring operations back from the DR site to the primary site.
Q35
Q35. A “tabletop exercise” in DR planning involves:
- a) Testing backup systems on a table
- b) A simulated discussion where key staff walk through response to a disaster scenario without activating actual systems โ
- c) Installing backup software on laptops
- d) Moving servers to an alternate site
Answer: b) A tabletop exercise is a low-cost way to test DR plans โ teams verbally walk through disaster scenarios to identify gaps in procedures without actual system impact.
โ
EXPECTED
Q36. For India’s Systemically Important Banks (SIBs), RBI requires which DR site configuration?
- a) Cold site only
- b) Single onsite backup
- c) Near DR site (same city) + Far DR site (different city/region) โ
- d) Cloud backup only
Answer: c) RBI mandates that Systemically Important Banks maintain both a Near DR site (for local incidents) and a Far DR site (for regional disasters like floods or earthquakes) to ensure business continuity.
Q37
Q37. Which of the following is NOT a suitable DR strategy for a bank’s Core Banking System?
- a) Hot site with synchronous replication
- b) Cloud DR with near-real-time replication
- c) Cold site with no pre-loaded data โ
- d) Near DR + Far DR site combination
Answer: c) A Cold Site (days to restore) is completely unsuitable for Core Banking Systems which require very low RTO (typically under 1 hour) and RPO (under 10 minutes).
Q38
Q38. “Point-in-Time Recovery” allows restoration of data to:
- a) Only the most recent backup
- b) Any specific moment before a failure or corruption event โ e.g., 9:05 AM before a 10 AM malware attack โ
- c) Only the beginning of the day
- d) The previous month’s data only
Answer: b) Point-in-Time Recovery (PITR) allows restoring data to any specific historical moment, not just the last backup. Essential for recovering from ransomware or data corruption without losing all recent data.
Q39
Q39. WORM storage (Write Once Read Many) is important in backup because:
- a) It allows faster writes
- b) Once data is written, it cannot be modified or deleted โ enabling immutable backup copies โ
- c) It is cheaper than tape
- d) It enables faster network transfers
Answer: b) WORM storage allows data to be written once but read many times โ the data cannot be overwritten or deleted. This creates immutable backups that ransomware cannot corrupt.
Q40
Q40. Which TWO metrics are most critical when designing a backup and recovery strategy?
- a) CPU speed and RAM size
- b) RPO (Recovery Point Objective) and RTO (Recovery Time Objective) โ
- c) Number of employees and office size
- d) Backup software brand and storage manufacturer
Answer: b) RPO and RTO are the two fundamental metrics in every backup and DR strategy. They determine backup frequency, recovery site type, and the level of investment needed.
๐ Chapter 4 โ RBI, Security & Indian Laws (Q41โQ52)
โ
HOT
Q41. As per CERT-In 2022 directions, how long must organizations retain ICT system logs?
- a) 30 days
- b) 90 days
- c) 180 days โ
- d) 365 days
Answer: c) CERT-In 2022 directions require all organizations to maintain logs of their ICT systems for a rolling 180 days within India โ critical for forensic investigation of cyber incidents.
โ
HOT
Q42. CERT-In requires organizations to report cyber incidents within:
- a) 24 hours
- b) 6 hours โ
- c) 72 hours
- d) 48 hours
Answer: b) CERT-In 2022 directions mandate reporting cyber incidents within 6 hours of detection โ significantly stricter than GDPR’s 72-hour requirement.
Q43
Q43. Under RBI Cybersecurity Framework, banks must maintain at least how many generations of backup?
- a) 1 generation
- b) 2 generations
- c) 3 generations (current + 2 previous) โ
- d) 5 generations
Answer: c) RBI guidelines require banks to maintain at least 3 generations of backup โ the current backup plus 2 previous versions (aligning with the Grandfather-Father-Son rotation concept).
Q44
Q44. RBI’s data localisation requirement for payment systems means:
- a) Data must be available in all local languages
- b) Payment system data must be stored only on servers physically located within India โ
- c) Local branch staff must maintain backup copies
- d) Data must be backed up to local USB drives
Answer: b) RBI mandates that all data related to payment systems be stored only in India โ this applies to cloud backups too. Data cannot be backed up to servers outside India for payment data.
Q45
Q45. Under the DPDP Act 2023, failure to protect personal data (including through inadequate backup security) can result in a penalty of up to:
- a) โน10 crore
- b) โน100 crore
- c) โน250 crore โ
- d) โน500 crore
Answer: c) India’s Digital Personal Data Protection (DPDP) Act 2023 imposes penalties up to โน250 crore for significant data protection violations โ reinforcing the need for secure backup of personal data.
Q46
Q46. Section 43A of the IT Act 2000 relates to:
- a) Identity theft
- b) Compensation for failure to protect sensitive personal data through reasonable security practices โ
- c) Hacking punishments
- d) Cyberterrorism
Answer: b) Section 43A makes companies liable to pay compensation to affected individuals if they fail to implement reasonable security practices to protect sensitive personal data โ including backup security.
Q47
Q47. Why must backup data be encrypted?
- a) To speed up the backup process
- b) To make backup files smaller
- c) To protect sensitive data if backup media is lost, stolen, or intercepted during transport โ
- d) Encryption is optional for backup data
Answer: c) Backup media (tapes, disks, USB drives) can be lost or stolen during transport. Encryption ensures that even if the physical media falls into wrong hands, the data cannot be read.
โ
EXPECTED
Q48. In banking, which system typically requires a Hot DR Site with near-zero RPO per RBI guidelines?
- a) Email servers
- b) HR management systems
- c) Core Banking System (CBS) โ
- d) Printing and document management systems
Answer: c) The Core Banking System processes every customer transaction. RBI guidelines require it to have a Hot DR site with real-time replication, near-zero RPO, and very low RTO (typically under 30 minutes).
Q49
Q49. CERT-In (Computer Emergency Response Team โ India) operates under which ministry?
- a) Ministry of Home Affairs
- b) Ministry of Finance
- c) MeitY (Ministry of Electronics and Information Technology) โ
- d) Ministry of Defence
Answer: c) CERT-In is India’s nodal cybersecurity agency, operating under MeitY. It issues cyber incident reporting directions and coordinates India’s national cybersecurity response.
Q50
Q50. Regular restore testing (restore drills) is important because:
- a) It is only done for show during audits
- b) A successful backup job automatically guarantees recovery
- c) A backup that has never been tested may be corrupt or incomplete โ you only truly know it works when you restore it โ
- d) It helps free up storage space
Answer: c) “An untested backup is not a backup.” Backup media can degrade, data can be corrupted, or procedures can fail. Regular restore testing is the only way to confirm that recovery will work when needed.
Q51
Q51. Data retention policy in the context of backup defines:
- a) The speed at which data is backed up
- b) How long each backup version is kept before being deleted or overwritten โ
- c) The encryption algorithm used for backups
- d) Who can access backup data
Answer: b) A retention policy specifies how long different backup versions are stored โ e.g., daily backups kept 1 month, weekly kept 1 year, monthly kept 7 years. Critical for regulatory compliance in banking.
Q52
Q52. Under CERT-In 2022 directions, VPN and cloud service providers must maintain subscriber/customer records for:
- a) 180 days
- b) 1 year
- c) 5 years โ
- d) 3 years
Answer: c) CERT-In 2022 directions require VPN providers, data centres, and cloud service providers to maintain logs and customer records (including registration details) for a period of 5 years.
๐ Chapter 5 โ Scenarios & High-Probability Questions (Q53โQ65)
โ
HOT
Q53. A bank runs a Full Backup every Sunday. Then runs Incremental backups Monday through Friday. On Friday, the system crashes. To restore, which files are needed?
- a) Friday’s Incremental only
- b) Sunday’s Full + Friday’s Incremental only
- c) Sunday’s Full + Monday + Tuesday + Wednesday + Thursday + Friday’s Incrementals (all in sequence) โ
- d) Only Sunday’s Full Backup
Answer: c) Incremental restore requires the last Full backup PLUS every subsequent Incremental in order. This is why Incremental has the slowest restore time โ making Differential preferable when restore speed matters.
โ
HOT
Q54. A bank runs a Full Backup every Sunday. Then runs Differential backups Monday through Friday. On Friday, the system crashes. To restore, which files are needed?
- a) All Differentials from Monday to Friday
- b) Sunday’s Full Backup + Friday’s Differential only โ
- c) Only Sunday’s Full Backup
- d) Wednesday’s Differential only
Answer: b) Differential restore only needs the last Full backup + the latest Differential (Friday contains all changes since Sunday). This is why Differential has faster restore than Incremental.
Q55
Q55. Ransomware has encrypted ALL data including backup files on the network. What backup strategy would have prevented this?
- a) Larger backup storage capacity
- b) More frequent full backups on the same network
- c) Air-gapped or immutable offsite backups that ransomware cannot reach โ
- d) Better antivirus software on backup servers
Answer: c) Ransomware actively hunts and encrypts backup files connected to the network. Air-gapped backups (physically disconnected) or immutable cloud backups are the only way to guarantee a clean recovery copy survives.
Q56
Q56. A bank’s payment processing system requires RPO = 0 (zero data loss). Which strategy should be used?
- a) Daily full backup to tape
- b) Hourly incremental backup
- c) Synchronous real-time replication to a Hot DR Site โ
- d) Weekly differential backup to cloud
Answer: c) RPO = 0 means absolutely no data loss is acceptable. Only synchronous replication (every transaction simultaneously written to primary AND DR site) can achieve this โ used in critical payment systems.
Q57
Q57. Which backup-related term means keeping multiple dated file versions so you can return to any previous state?
- a) Mirroring
- b) Versioning โ
- c) Replication
- d) Archiving
Answer: b) Versioning maintains multiple historical copies of files with timestamps. This allows recovery to any prior state โ critical for recovering from accidental file corruption or ransomware that slowly encrypts data over time.
Q58
Q58. “Archive log mode” in a database enables:
- a) Only storing metadata
- b) Continuous archiving of transaction logs, enabling point-in-time recovery to any moment โ
- c) Faster full backups
- d) Automatic deletion of old logs
Answer: b) Archive log mode (available in databases like Oracle, SQL Server, PostgreSQL) saves every transaction log โ enabling restoration to any specific second, not just backup intervals. Essential for banking databases.
โ
EXPECTED
Q59. A “logical backup” of a database refers to:
- a) A block-level disk image copy
- b) An export of the database schema and data in readable format (e.g., SQL dump, CSV export) โ
- c) A real-time mirror of the database
- d) A snapshot of the virtual machine
Answer: b) A logical backup exports the database content (tables, data, structure) in a human-readable/importable format like SQL. A physical backup is a block-level disk image. Both have roles in banking backup strategy.
Q60
Q60. The PRIMARY reason why restore testing (restore drills) are essential is:
- a) To satisfy auditors with documented tests
- b) To improve backup speed
- c) A backup job completing successfully does NOT guarantee the data can actually be restored โ only a successful restore test proves this โ
- d) To free up storage space
Answer: c) Backups can fail silently โ data may be corrupted, backup software bugs may produce incomplete backups, or media may degrade. Only by actually restoring the data can you confirm the backup truly works.
Q61
Q61. Which of the following best describes “Hybrid Backup”?
- a) Backup using two different software tools
- b) Combination of local backup (for fast restore) and cloud backup (for disaster recovery and offsite protection) โ
- c) Backup of both data and applications only
- d) Alternating between Full and Incremental backups
Answer: b) Hybrid backup combines local storage for quick recovery of recent data with cloud storage for offsite protection and disaster recovery โ giving the best of both approaches. Increasingly popular in Indian banking.
โ
EXPECTED
Q62. Which of the following statements about backup encryption is CORRECT?
- a) Encrypted backups take longer to restore so they should be avoided
- b) Only cloud backups need encryption
- c) All backup data โ whether on tape, disk, or cloud โ should be encrypted to protect against unauthorized access โ
- d) Encryption is not required for backup data under Indian law
Answer: c) RBI guidelines and IT Act Section 43A require reasonable security for sensitive data โ encryption of all backup media is a fundamental requirement. Physical media can be lost or stolen during transport.
Q63
Q63. “Data compression” in backup context is used to:
- a) Speed up data recovery
- b) Reduce the size of backup files, saving storage space and transfer time โ
- c) Encrypt the backup data
- d) Create multiple copies of backup
Answer: b) Compression algorithms reduce backup file sizes โ sometimes by 50โ70% for text-heavy data like databases and email. This reduces storage costs and network transfer time for cloud backups.
Q64
Q64. Geographic separation of offsite backup helps protect against:
- a) Hardware failure at the primary site only
- b) Software bugs and data corruption only
- c) Regional disasters (floods, earthquakes, power outages) that could affect both primary and nearby backup locations โ
- d) Ransomware attacks specifically
Answer: c) Geographic separation ensures that a regional disaster (e.g., Chennai floods, Delhi earthquake) cannot simultaneously destroy both primary and backup data. This is why RBI mandates a Far DR site in a different city for major banks.
โ
HOT
Q65. Which of the following is the MOST complete backup policy for a bank?
- a) Daily full backup stored only on local server
- b) Weekly tape backup in the server room
- c) Full + Incremental daily backups ยท encrypted ยท offsite + cloud copies ยท immutable ยท 3 generations retained ยท restore tested quarterly ยท aligned with BCP/DRP โ
- d) Monthly full backup to USB drives kept in manager’s desk
Answer: c) A complete banking backup policy combines multiple backup types, encryption, offsite + cloud storage, immutability (ransomware defence), multiple generation retention, regular restore testing, and alignment with the bank’s BCP and DRP โ as required by RBI guidelines.
Master Reference
โKey Facts & Numbers โ All in One Place
| Topic | Key Fact / Detail |
|---|---|
| Full Backup | Copies ALL data ยท Slowest to create ยท Fastest to restore ยท Most storage |
| Incremental Backup | Changes since LAST backup (any type) ยท Fastest to create ยท Slowest to restore ยท Least storage |
| Differential Backup | Changes since LAST FULL backup ยท Medium speed & storage ยท Needs Full + 1 Differential to restore |
| RPO | Recovery Point Objective = maximum data loss acceptable = determines backup frequency |
| RTO | Recovery Time Objective = maximum downtime acceptable = determines DR site type |
| 3-2-1 Rule | 3 copies ยท 2 different media ยท 1 offsite |
| 3-2-1-1-0 Rule | Add: 1 immutable/air-gapped + 0 unverified errors |
| Cold Site | Only infrastructure ยท No systems/data ยท Days to recover ยท Cheapest |
| Warm Site | Partial systems + periodic data sync ยท Hours to recover ยท Medium cost |
| Hot Site | Full systems + real-time data ยท Minutes to recover ยท Most expensive |
| GFS Rotation | Grandfather = Monthly ยท Father = Weekly ยท Son = Daily |
| BCP vs DRP | BCP = overall business continuity ยท DRP = IT recovery ยท DRP is SUBSET of BCP |
| RBI Backup Rule | 3 generations of backup ยท Offsite ยท Encrypted ยท Restore tested ยท Backup register |
| CERT-In Log Retention | 180 days for ICT system logs |
| CERT-In Incident Report | Within 6 hours of detection |
| CERT-In VPN Records | 5 years subscriber records |
| DPDP Act 2023 Penalty | Up to โน250 crore for data protection violations |
| IT Act Section 43A | Compensation for failure to protect sensitive personal data |
| RBI Data Localisation | Payment system data must be stored inside India only |
| Immutable Backup | Cannot be modified or deleted ยท Best defence against ransomware ยท WORM storage |
| Air-Gapped Backup | Physically disconnected from network ยท Ransomware cannot reach |
| CBS DR Requirement | Hot Site with near-real-time replication โ required by RBI for Core Banking Systems |
GyanDesk โ Competitive Exam Cybersecurity Study Resource
Covers Backup & Recovery for Banking, UPSC, SSC, Railways, RBI, SEBI & all Government Exams ยท 65+ MCQs included
โ ๏ธ Always verify RBI / CERT-In guidelines before your exam โ regulations are updated periodically.
ยฉ GyanDesk | Study Smart. Revise Fast. Score High.
Covers Backup & Recovery for Banking, UPSC, SSC, Railways, RBI, SEBI & all Government Exams ยท 65+ MCQs included
โ ๏ธ Always verify RBI / CERT-In guidelines before your exam โ regulations are updated periodically.
ยฉ GyanDesk | Study Smart. Revise Fast. Score High.