VEEAM VMCA2022 Practice Test - Questions Answers

Immutable repositories are backup storage locations that prevent unauthorized modifications or deletions of backup data, ensuring its integrity and recoverability.Immutable repositories are essential for protecting backups against ransomware attacks, accidental deletions, or malicious insiders1.

Veeam Backup & Replication supports several types of immutable repositories, such as hardened repositories, immutable object storage repositories, and immutable deduplicating storage appliances2. Among these options, the best configuration for ensuring SLA compliance and providing protection against ransomware is to leverage hardened repositories at both primary and secondary sites, and offload to object storage in a public cloud with immutability enabled.

Hardened repositories are Linux-based repositories that use XFS file system with immutability flag to protect backup files from changes or removals.Hardened repositories can be used as primary or secondary backup targets, and can be combined with Veeam Scale-out Backup Repository to simplify backup management and optimize storage utilization3.

Object storage repositories are cloud-based repositories that use object storage services, such as Amazon S3, Microsoft Azure Blob Storage, or Google Cloud Storage, to store backup data. Object storage repositories can be used as secondary backup targets, and can leverage the immutability feature of the cloud provider to prevent backup data from being overwritten or deleted.

By using hardened repositories at both primary and secondary sites, you can achieve high availability and redundancy for your backup data, as well as fast and reliable restores. By offloading to object storage in a public cloud with immutability enabled, you can achieve long-term retention and compliance, as well as cost savings and scalability. This configuration also follows the 3-2-1-1 backup rule, which recommends having three copies of data, on two different types of media, with one copy off-site and one copy immutable.

You can find more information about immutable repositories and how to configure them in the following resources:

Immutable Backup Solutions: Linux Hardened Repository

Unstructured Data Backups in Immutable Repositories

Hardened Repository

[Immutability for Object Storage Repositories]

[3-2-1-1 Backup Rule]

The repository type that will be most impacted by using Veeam's native encryption is dedupe repositories. Dedupe repositories are backup repositories that use deduplication appliances or software to reduce backup size and optimize storage utilization. However, if you use Veeam's native encryption for backup jobs that target dedupe repositories, you will lose most of the deduplication benefits, as encrypted data blocks cannot be deduplicated effectively. Therefore, it is recommended to use either the encryption feature of the deduplication device or software, or avoid encryption altogether for dedupe repositories.

The gold tier backup jobs have the most stringent recovery point objective (RPO) of one hour for image backup and 15 minutes for transaction log backup. This means that they need to run more frequently than the other backup jobs and create more restore points per day. Therefore, to properly plan the backup copy job settings, you will need more information on the gold tier backup jobs, such as the number of VMs, the size of backups, the change rate, the retention policy, and the bandwidth available for copying backups to the offsite location.

The number of vSphere clusters and the total of virtual machines are important information related to the virtual infrastructure that are missing and must be collected during the discovery phase. These information can help you estimate the backup performance, scalability, and resource requirements for the Veeam backup infrastructure. For example, you can use the number of vSphere clusters to determine how many Veeam backup servers and proxies you need to deploy and how to distribute the backup load among them. You can also use the total of virtual machines to calculate the total amount of data to be backed up, the storage space required, and the network bandwidth needed.

The types of jobs that do not support using immutability from S3 Object Lock or hardened repositories are NAS backups and Agent for Mac backups. These types of jobs do not have the option to enable immutability in their settings, unlike VMware, Hyper-V, Linux Agent, or Windows Agent backup jobs. Therefore, they cannot leverage the immutability feature of S3 Object Lock or hardened repositories to protect their backups from ransomware or malicious deletion.

The additional information that is needed to define the implementation process later is how much backup data is stored on the old hardware. This information is important for designing and sizing the migration strategy and timeline for moving the backups from the old hardware to the new hardware. For example, you can use the amount of backup data to estimate how long it will take to copy or move the backups to the new storage devices. You can also use the amount of backup data to determine whether you need to use compression, deduplication, or WAN acceleration to optimize the migration traffic.

The component that can help meet the requirement of alternative decryption capabilities on encrypted backups in the event of lost passwords is Veeam Backup Enterprise Manager. Veeam Backup Enterprise Manager is a web-based interface that allows centralized management of multiple Veeam backup servers. It also provides a password loss protection feature that enables authorized users to restore encrypted backups without entering passwords if they forget or lose them. This feature requires enabling password loss protection in Veeam Backup Enterprise Manager settings and assigning a security officer role to a user who can approve password recovery requests.