The Veeam ONE Client provides several views to monitor different aspects of the environment. The Data Protection View is specifically designed to display the state and details of the Veeam Backup & Replication infrastructure. Within this view, an administrator can select the "Backup Repositories" node in the inventory pane to see a comprehensive list of all repositories from the connected VBR servers, including their total capacity, used space, and remaining free space.

A. Business View is used for grouping infrastructure objects based on business criteria (like department or SLA) for reporting, not for direct infrastructure component monitoring.

B. Infrastructure View displays the virtual environment (hosts, clusters, datastores, VMs), not the specific components of the Veeam Backup & Replication infrastructure.

C. Infrastructure View is incorrect for the same reason as B; it focuses on the virtualized infrastructure, not the backup components like repositories.

1. Veeam ONE User Guide for VMware vSphere v12

"Data Protection View"

Page 17: "The Data Protection view provides a detailed overview of the Veeam Backup & Replication infrastructure. In this view

you can see the list of connected Veeam Backup & Replication servers and the hierarchy of backup infrastructure components..."

2. Veeam ONE User Guide for VMware vSphere v12

"Backup Repositories"

Page 21: "The Backup Repositories view shows the list of backup repositories configured on Veeam Backup & Replication servers... For every backup repository in the list

the following details are available: ... Capacity

Free Space

Used Space."

The "Cloud machines" protection group type is specifically designed to discover and manage computers residing in public clouds like Amazon Web Services (AWS). This method uses the cloud provider's API to discover the EC2 instances, bypassing the need for direct network connectivity from the Veeam Distribution Server. After discovery, the Veeam Agent can be installed manually or through cloud automation tools. The agent then connects outbound to the Veeam infrastructure, which is ideal for scenarios where inbound network access to the cloud instances is restricted.

A. Individual computers: This type requires direct network access from the Veeam Distribution Server to each machine for discovery and agent push installation, which is explicitly unavailable in the scenario.

B. Microsoft Active Directory objects: This method relies on querying Active Directory and requires network connectivity to the discovered computers to push the agent installation.

C. Computers listed in a CSV file: While this allows for bulk import, it is a sub-type of the "Individual computers" group and still requires network access for the standard agent push installation process.

1. Veeam Agent Management Guide V12: In the section "Protection Group for Cloud Machines

" it states

"You can create a protection group for cloud machines to discover computers that reside in Amazon Web Services (AWS)

Microsoft Azure or Google Cloud Platform (GCP) and use Veeam Backup & Replication to manage these computers." This section details using cloud accounts for discovery via API

not direct network connections. (Reference: helpcenter.veeam.com/docs/backup/agents/protectiongroupcloud.html?ver=120)

2. Veeam Agent Management Guide V12: The section "How Protection Group for Cloud Machines Works" explains the discovery process: "To discover cloud machines

Veeam Backup & Replication connects to the cloud environment using an account that has permissions to access the cloud infrastructure." This confirms the use of cloud APIs. (Reference: helpcenter.veeam.com/docs/backup/agents/protectiongroupcloud.html?ver=120

Section: "How Protection Group for Cloud Machines Works")

3. Veeam Agent Management Guide V12: In contrast

the section "Protection Group for Individual Computers" describes a discovery and installation process that relies on network reachability. It states

"Veeam Backup & Replication connects to the added computer

performs a number of checks and installs the necessary components." This highlights the requirement for direct network access

which is absent in the question's scenario. (Reference: helpcenter.veeam.com/docs/backup/agents/protectiongroupindividual.html?ver=120)

Veeam Enterprise Manager is the designated component for delegating restore capabilities to specific users or groups, such as database administrators (DBAs). By assigning the "Restore Operator" role to the DBA group within Enterprise Manager and scoping this role to the specific Microsoft SQL Server database objects, the corporation can enable self-service restores for DBAs. This approach grants them the necessary permissions to restore their databases through the web-based interface without providing access to the main Veeam Backup & Replication console or other restore operations, thereby adhering to the principle of least privilege.

A. Denying access is a restrictive action. It does not grant the necessary permissions for the DBAs to perform their required tasks.

B. The Restore Operator role on the main backup server provides broad permissions to restore any workload, not just SQL databases, violating the principle of least privilege.

D. This option describes the desired outcome (delegation) but does not specify the correct Veeam mechanism or role required to implement it.

1. Veeam Backup Enterprise Manager Guide V12

"Security

" section "Managing Roles and Users." This section details the predefined security roles

including the "Restore Operator." It states

"Users with this role can perform restore operations with Veeam Backup Enterprise Manager. When you assign this role

you can specify the scope of objects that the user will be able to restore." This confirms that the role can be scoped to specific items.

2. Veeam Backup Enterprise Manager Guide V12

"Restoring Microsoft SQL Server Databases

" section "Required Permissions." This section explicitly states

"To restore Microsoft SQL Server databases

you must have the Portal Administrator or Restore Operator role." This directly links the required task to the specific role in Enterprise Manager.

The "File share copy job" is the specific feature in Veeam Backup & Replication designed to create a secondary copy of unstructured data backups. This job type allows you to copy file share backups from a source repository to a target repository, which can be at an alternate site. Crucially, it enables the configuration of a separate retention policy for the copied data, fulfilling the requirement for 10 additional days of retention. This functionality directly mirrors the backup copy strategy used for VMs and agents.

A. File to tape job: This job is for archiving file share backups to tape media for long-term retention, not for creating a secondary disk-based copy.

B. File share backup job: This job creates the primary backup of the unstructured data from the source file share; it does not copy an existing backup.

D. Periodic backup copy: This is a scheduling mode within a standard Backup Copy job, which is used for VM and agent backups, not for unstructured data backups.

1. Veeam Backup & Replication V12 User Guide for VMware vSphere

"File Share Backup Copy

" Page 1

Section: "File Share Backup Copy". The guide states

"To create a copy of your file share backups

you can use file share copy jobs. A file share copy job allows you to copy a file share backup from one backup repository to another."

2. Veeam Backup & Replication V12 User Guide for VMware vSphere

"Retention Policy for File Share Copy

" Page 1

Section: "Retention Policy for File Share Copy". This section details how to configure a separate retention policy for the copied files

stating

"For each file share copy job

you can define a separate retention policy."

3. Veeam Backup & Replication V12 User Guide for VMware vSphere

"File to Tape Jobs

" Page 1

Section: "File to Tape Jobs". This confirms that the purpose of this job is to "archive files from file shares to tape."

4. Veeam Backup & Replication V12 User Guide for VMware vSphere

"Backup Copy

" Page 1

Section: "Backup Copy". This section clarifies that Backup Copy jobs are for image-level backups (VMs

physical machines)

not file shares.

The core requirement is to create a secondary copy of backups in a single session, once per day, to manage bandwidth and compute resources. A Backup Copy job configured in Periodic Copy (Pruning) mode is the only option that meets this requirement. This mode operates on its own independent schedule. By scheduling the job to run once daily, it will gather all new restore points created by the source backup jobs over the preceding 24-hour period and transfer them in one operation. The type of target repository (Hardened Linux) is a valid choice but secondary to the job's copy mode and schedule, which directly solve the stated problem.

B: The Capacity Tier's "copy" mode immediately offloads backups as soon as the source job creates them. Since the source job runs every 6 hours, this would trigger four copy operations per day.

C: A Backup Copy job in "Immediate Copy (Mirroring)" mode continuously watches the source and copies new restore points as they appear, which would result in a copy operation every 6 hours.

D: Similar to option B, using a Scale-Out Backup Repository with the Capacity Tier in "copy mode" triggers the copy operation immediately after each source backup job completes, violating the "once a day" constraint.

1. Veeam Backup & Replication V12 User Guide for VMware vSphere

"Backup Copy Modes" section: This section details the two modes. It states

"In the periodic copy mode

the backup copy job runs on a schedule and copies the latest restore points... from the source backup repository." This confirms that Periodic mode allows for a schedule independent of the source job

fulfilling the "once a day" requirement.

2. Veeam Backup & Replication V12 User Guide for VMware vSphere

"Immediate Copy (Mirroring)" section: This section explains

"Veeam Backup & Replication continuously copies new restore points to the target backup repository as soon as they appear in the source backup repository." This confirms why option C is incorrect.

3. Veeam Backup & Replication V12 User Guide for VMware vSphere

"Capacity Tier" section: This document clarifies the copy policy: "If you enable the copy policy

Veeam Backup & Replication will copy all new backup files created by the jobs linked to the scale-out backup repository as soon as they are created." This directly contradicts the "once a day" requirement

making options B and D incorrect.

4. Veeam VMCE v12 Student Guide

Module 5: Backup Copy Jobs

page 5-4: This courseware explicitly contrasts the two modes: "Immediate copy... copies new restore points as soon as they are available

" versus "Periodic copy... runs on a schedule and copies the latest restore points." This reinforces that only Periodic mode can be scheduled for a once-daily operation.

The Veeam proxy is configured to use the "Direct storage access" transport mode, also known as Direct SAN. This mode has a specific limitation during restore operations. The vSphere APIs used for Direct SAN access do not support writing to thin-provisioned disks in a way that preserves their thin format. Consequently, when Veeam attempts to restore a thin-provisioned virtual disk using this transport mode, the operation will fail. Veeam can only restore disks as thick-provisioned when using Direct SAN access.

A. CBT is enabled on the virtual disk.

Changed Block Tracking (CBT) is a VMware feature used to accelerate incremental backups, not restores. Its status does not affect the restore transport mode.

B. CBT is disabled on the virtual disk.

Similar to the reason above, the status of Changed Block Tracking (CBT) is irrelevant to the success or failure of a restore operation.

D. The virtual disk is thick-provisioned.

Direct Storage Access mode fully supports restoring thick-provisioned disks. This configuration would result in a successful restore, not a failure.

1. Veeam Backup & Replication V12 User Guide for VMware vSphere

"Direct Storage Access

" section "Restore."

Reference Text: "When you restore a VM disk

Veeam Backup & Replication inflates the disk to the thick format. You cannot restore disks in the thin format in the Direct SAN access mode." This statement directly confirms that attempting to restore a thin-provisioned disk is not supported and is a valid cause for failure.

This guide is the primary official vendor documentation for Veeam Backup & Replication V12.

Instant VM Recovery is the fastest method for migrating a physical server to a virtual environment. This technology allows the server to be started as a virtual machine directly from the backup file stored in the Veeam repository. The VM is registered on the ESXi host and powered on in minutes, drastically minimizing downtime. The actual disk data is then migrated to the production datastore in the background using either VMware Storage vMotion or Veeam's Quick Migration technology while the server is already running and accessible.

A. Create an empty VM and perform bare metal recovery inside the VM.

This method requires a full restore of all data from the backup to the new VM's disks before it can be powered on, which is significantly slower than Instant Recovery.

C. Perform Instant Disk Recovery for each volume.

This feature is designed to restore individual disks, not an entire system. It would be a complex, multi-step process and not the quickest way to migrate a complete server.

D. Export all disks, create an empty VM and attach the disks.

Exporting disks from the backup file is a time-consuming process that must be completed before the VM can be created and started, making it slower than Instant Recovery.

1. Veeam Backup & Replication V12 User Guide for VMware vSphere

"Restore from Veeam Agent Backup"

"Restore to VMware vSphere".

Reference: "When you restore a Veeam Agent backup to a VMware vSphere VM

Veeam Backup & Replication uses the Instant Recovery technology. Veeam Backup & Replication publishes the content of the backup file as VMDK files on an ESXi host

creates a new VM with the required configuration and powers it on." This confirms that restoring a physical agent backup to vSphere uses the Instant Recovery mechanism

which is the fastest option.

2. Veeam Backup & Replication V12 User Guide for VMware vSphere

"Veeam Agent Management"

"Veeam Agent Backup and Restore".

Reference: "You can restore data from Veeam Agent backups to the original location or to a new location. For example

you can restore a backed-up physical machine to a VMware vSphere virtual machine." This section outlines the P2V (Physical-to-Virtual) capability.

3. Veeam Backup & Replication V12 User Guide for VMware vSphere

"Instant VM Recovery"

"How Instant VM Recovery Works".

Reference: "During Instant VM Recovery

Veeam Backup & Replication uses the Veeam vPower technology to mount a backup file to an ESXi host and publish a VM from this backup. A published VM has a minimum downtime and users can access its disks as if they were regular VMDK files." This explains the underlying technology that makes option B the quickest.

Instant VM Recovery is the quickest method to migrate the server. This technology runs the physical server as a virtual machine directly from the backup file on the repository, which is presented to the ESXi host via the vPower NFS service. The server can be powered on and become operational within minutes, irrespective of the large volume sizes (1TB and 4TB). The full migration of the virtual machine's disks to the production datastore can then be finalized in the background using VMware Storage vMotion or Veeam Quick Migration while the server is running, thus minimizing downtime.

A. Bare metal recovery requires restoring all 5TB+ of data to the new empty VM before it can be powered on, making it a very slow process.

B. Instant Disk Recovery is a granular process for individual disks and is not the most efficient, integrated method for migrating an entire server system.

C. Exporting disks involves a full data read from the backup and write to the destination, converting the data to VMDK files, which is time-consuming before the VM can even be created.

---

1. Veeam Backup & Replication 12.1 User Guide for VMware vSphere

"Instant Recovery"

p. 638.

"Instant Recovery allows you to quickly recover a VM

physical machine

or cloud VM into your virtualization environment. When you perform Instant Recovery

Veeam Backup & Replication uses the Veeam vPower technology to run a recovered machine directly from a compressed and deduplicated backup file. Since there is no need to extract the machine from the backup file and copy it to the production storage

you can recover a machine of any size in minutes."

2. Veeam Backup & Replication 12.1 User Guide for VMware vSphere

"How Instant VM Recovery Works"

p. 639.

"Veeam Backup & Replication creates a vPower NFS datastore on the Veeam backup server and mounts the machine disks from the backup file to the ESXi host as a regular datastore... The machine is started directly from the backup file."

3. Veeam Agent Management Guide 12.1

"Recovery from Backups of Physical Machines"

p. 211.

"You can use backups of physical machines created with Veeam Agent for Microsoft Windows... to perform the following recovery operations in Veeam Backup & Replication: Instant Recovery to a VMware vSphere VM." This confirms the compatibility of the source backup type with the chosen recovery method.

Failback is the specific Veeam function designed to return operations from a replica virtual machine (VM) back to the original source VM after a disaster recovery event. During this process, Veeam Backup & Replication synchronizes the data from the active replica VM back to the original VM. This ensures that any changes, such as new transactions or user data modifications that occurred while the replica was running, are copied to the source VM before it resumes its production role.

B. Permanent failover: This action commits the failover, making the replica VM the new permanent production VM. It does not copy changes back to the original source VM.

C. Undo failover: This action discards all changes made on the replica VM during the failover period and powers off the replica, reverting the environment to its pre-failover state.

D. Undo fallback: This is an action to revert a committed failback, returning operations to the replica VM. It is not the initial process of copying changes to the original VM.

1. Veeam Backup & Replication v12 User Guide for VMware vSphere: In the "Failback" section

it states

"Failback is the process of returning from a VM replica to the original VM. When you perform failback

you synchronize the state of the original VM with the current state of the VM replica and revert to the original VM." (Page: "Failback"

Section: "How Failback Works").

2. Veeam VMCE v12 Student Guide: Module 6

"Replication

" details the failover finalization options. It explicitly describes Failback as the process to synchronize the replica with the original VM and then switch back

preserving data changes made on the replica.

3. Veeam Help Center (V12): The article "Finalizing Failover" clearly distinguishes the three options: "Failback — to retrieve data from the replica and resume operation of the source VM

" "Permanent Failover — to permanently switch to the replica

" and "Undo Failover — to switch back to the source VM and discard all changes made to the replica." (Document: Veeam Backup & Replication User Guide for VMware vSphere

Section: "Finalizing Failover").

The new regulatory requirements mandate that the most recent 31 days of backups are immutable. To meet this, immutability must be configured for both the on-premises and off-site backup copies.

1. On-premises copy: A standard NAS repository using SMB or NFS protocols does not support Veeam's immutability feature. The correct procedure is to migrate the on-premises backups to a repository type that does, such as a Linux Hardened Repository. This repository type leverages single-use credentials and the immutability file attribute to protect data.

2. Off-site copy: The Amazon S3 repository can be made immutable by enabling S3 Object Lock on the bucket and configuring the immutability setting within the Veeam repository properties.

Therefore, moving the on-premises backups to a Linux Hardened Repository (D) and enabling immutability on the Amazon S3 repository (E) are the two necessary actions.

A. A standard NAS repository (typically SMB/NFS) does not support the immutability feature in Veeam Backup & Replication. This action is not technically feasible.

B. The requirement for 24 monthly restore points is already met by the existing backup copy job. Adding this to the primary backup job is redundant.

C. Configuring a Scale-Out Backup Repository is a prerequisite for using S3 with immutability, but it is not the action that enables it. The specific action is enabling immutability itself.

1. Veeam Backup & Replication v12 User Guide for VMware vSphere

"Hardened Repository" section: This section details the requirements and functionality of the Linux Hardened Repository

stating

"To protect your backups from loss as a result of ransomware or other malicious attacks

you can prohibit deletion of data from the hardened repository by making it temporarily immutable." This supports option D as the correct method for on-premises immutability.

2. Veeam Backup & Replication v12 User Guide for VMware vSphere

"Immutability" (under Amazon S3 Object Storage): This section explains

"For Amazon S3 object storage repositories

Veeam Backup & Replication supports immutability... This feature helps to protect your data from being modified or deleted by malware or other attacks." This directly supports option E.

3. Veeam VMCE v12 Student Guide

Module 4: Backup Repositories: This guide explicitly lists the repository types that support immutability: Linux Hardened Repositories

specific deduplication appliances

and object storage with Object Lock/versioning. It clarifies that standard Windows or NAS (SMB/NFS) repositories do not have this capability

making option A incorrect.