The exam will describe a backup scenario and ask which type it is, or present a disaster and ask which backup would survive it. The discriminator is always location and what happens in a site-level disaster. On-site is fast but dies with the building; off-site survives the disaster but is slower to restore from.
The exam loves testing whether students understand that replication and backup are different tools for different threats. Replication is real-time and excellent for infrastructure failures. It is dangerous against ransomware and accidental deletion because it propagates those changes immediately. This is the single most important backup distinction on the exam.
The exam will ask about snapshots and their storage efficiency or restoration process. Remember: only the first snapshot is a full copy. Every snapshot after that captures only what changed since the previous snapshot. This makes daily snapshots of large VMs practical β but it means restoration to a specific day requires applying multiple snapshots in sequence.
Backup encryption questions test two things: why it is necessary and what its critical dependency is. The why: backup media is a complete copy of organizational data β easily stolen, easily read without encryption. The dependency: the recovery key must be stored separately from the media and must be accessible when needed. Both halves of this are frequently tested.
Journaling questions test the sequence of operations and the outcome of each failure point. The sequence is always: journal entry first, then storage write, then clear the journal entry. Power failure at any point is handled safely β either nothing was written yet, or the journal allows replay at startup. The exam tests which failure produces which outcome.