AWS Certified SysOps Administrator – Associate (SOA-C01) Exam Learning Path
AWS Certified SysOps Administrator – Associate (SOA-C01) exam is the latest AWS exam and has already replaced the old SysOps Administrator – Associate exam from 24th Sept 2018. It basically validates
- Deploy, manage, and operate scalable, highly available, and fault tolerant systems on AWS
- Implement and control the flow of data to and from AWS
- Select the appropriate AWS service based on compute, data, or security requirements
- Identify appropriate use of AWS operational best practices
- Estimate AWS usage costs and identify operational cost control mechanisms
- Migrate on-premises workloads to AWS
Refer AWS Certified SysOps – Associate Exam Guide Sep 18
AWS Certified SysOps Administrator – Associate (SOA-C01) Exam Summary
- AWS Certified SysOps Administrator – Associate exam is quite different from the previous one with more focus on the error handling, deployment, monitoring.
- AWS Certified SysOps Administrator – Associate exam covers a lot of latest AWS services like ALB, Lambda, AWS Config, AWS Inspector, AWS Shield while focusing majorly on other services like CloudWatch, Metrics from various services, CloudTrail.
- Be sure to cover the following topics
- Monitoring & Management Tools
- Understand CloudWatch monitoring to provide operational transparency
- Know which EC2 metrics it can track (disk, network, CPU, status checks) and which would need custom metrics (memory, disk swap, disk storage etc.)
- Know ELB monitoring
- Classic Load Balancer metrics SurgeQueueLength and SpilloverCount
- Reasons for 4XX and 5XX errors
- Understand CloudTrail for audit and governance
- Understand AWS Config and its use cases
- Understand AWS Systems Manager and its various services like parameter store, patch manager
- Understand AWS Trusted Advisor and what it provides
- Very important to understand AWS CloudWatch vs AWS CloudTrail vs AWS Config
- Very important to understand Trust Advisor vs Systems manager vs Inspector
- Know Personal Health Dashboard & Service Health Dashboard
- Deployment tools
- Know AWS OpsWorks and its ability to support chef & puppet
- Know Elastic Beanstalk and its advantages
- Understand AWS CloudFormation
- Know stacks, templates, nested stacks
- Know how to wait for resources setup to be completed before proceeding esp. cfn-signal
- Know how to retain resources (RDS, S3), prevent rollback in case of a failure
- Understand CloudWatch monitoring to provide operational transparency
- Networking & Content Delivery
- Understand VPC in depth
- Understand the difference between
- Bastion host – allow access to instances in private subnet
- NAT – route traffic from private subnets to internet
- NAT instance vs NAT Gateway
- Internet Gateway – Access to internet
- Virtual Private Gateway – Connectivity between on-premises and VPC
- Egress-Only Internet Gateway – relevant to IPv6 only to allow egress traffic from private subnet to internet, without allowing ingress traffic
- Understand
- Private Subnet vs Public Subnet
- how to configure Route Tables
- Security Groups vs NACLs
- Understand how VPC Peering works and limitations
- Understand VPC Endpoints and supported services
- Ability to debug networking issues like EC2 not accessible, EC2 instances not reachable, Instances in subnets not able to communicate with others or Internet.
- Understand the difference between
- Understand Route 53 and Routing Policies and their use cases
- Focus on Weighted, Latency routing policies
- Understand VPN and Direct Connect and their use cases
- Understand CloudFront and use cases
- Understand ELB, ALB and NLB and what features they provide like
- ALB provides content and path routing
- NLB provides ability to give static IPs to load balancer.
- Understand VPC in depth
- Compute
- Understand EC2 in depth
- Understand EC2 instance types
- Understand EC2 purchase options esp. spot instances and improved reserved instances options.
- Understand how IO Credits work and T2 burstable performance and T2 unlimited
- Understand EC2 Metadata & Userdata. Whats the use of each? How to look up instance data after it is launched.
- Understand EC2 Security.
- How IAM Role work with EC2 instances
- IAM Role can now be attached to stopped and runnings instances
- Understand AMIs and remember they are regional and how can they be shared with others.
- Troubleshoot issues with launching EC2 esp. RequestLimitExceeded, InstanceLimitExceeded etc.
- Troubleshoot connectivity, lost ssh keys issues
- Understand Auto Scaling
- Understand Lambda and its use cases
- Understand Lambda with API Gateway
- Understand EC2 in depth
- Storage
- Understand S3 and all its topics
- Understand S3 features like
- storage classes with lifecycle policies,
- S3 data protection
- multi-part handling esp. how do you handle completions and aborts.
- static website hosting, CORS
- Versioning
- Pre-Signed URLs for both upload and download
- Understand S3 features like
- Understand Glacier as archival storage
- Understand EBS storage option
- EBS vs Instance store volumes
- EBS volume types and their use cases, limitations esp. IOPS
- RAID 0 and RAID 1 configurations and their use cases
- Understand Storage Gateway and their use cases
- Know uses cases for VTL
- Know EFS as shared file system.
- Know Snowball for data migration
- Know Snowball vs Snowball Edge
- Understand S3 and all its topics
- Databases
- Understand RDS
- Understand RDS Multi-AZ vs Read Replicas and use cases
- Understand DynamoDB
- Understand Aurora
- Know ElastiCache use cases, mainly for caching performance
- Understand ElastiCache Redis vs Memcached
- Understand RDS
- Security
- Understand IAM as a whole
- Focus on IAM role and its use case especially with EC2 instance
- Know how to test and validate IAM policies
- Understand IAM identity providers and federation and use cases
- Understand MFA and How would implement two factor authentication for your application
- Focus on S3 with SSE, SSE-C, SSE-KMS. How they work and differ?
- Understand KMS for key management and envelope encryption
- Understand CloudHSM and KMS vs CloudHSM esp. support for symmetric and asymmetric keys
- Know AWS Inspector and its use cases
- Know AWS GuardDuty as managed threat detection service. Will help eliminate as the option
- Know AWS Shield esp. the Shield Advanced option and the features it provides
- Know WAF as Web Traffic Firewall
- Know AWS Artifact as on-demand access to compliance reports
- Understand IAM as a whole
- Integration Tools
- Understand SQS as message queuing service and SNS as pub/sub notification service
- Focus on SQS as a decoupling service
- Understand SQS FIFO, make sure you know the differences between standard and FIFO
- Understand CloudWatch integration with SNS for notification
- Understand SQS as message queuing service and SNS as pub/sub notification service
- Cost management
- Know AWS Organizations and Consolidated billing
- Understand how to setup Billing Alerts using CloudWatch
- Monitoring & Management Tools
AWS Certified SysOps Administrator – Associate (SOA-C01) Exam Resources
- Online Courses
- Udemy AWS Certified Solutions Architect Associate Exam Mastery 2018 – can be a good start to other services
- Stephane Maarek – Ultimate AWS Certified SysOps Administrator Associate 2019 – Highest Rated
- A Cloud Guru – AWS Certified SysOps Administrator – Associate 2019
- Linux Academy – AWS Certified SysOps Administrator – Associate (2018)
- Practice tests
- Braincert AWS Certified SysOps Administrator – Associate SOA-C01 Practice Exams, which provide extensive scenario based questions and are inline with the actual exams
- Stephave Maarek – Practice Exams: AWS Certified SysOps Administrator Associate
- Signed up with AWS for the Free Tier account which provides a lot of the Services to be tried for free with certain limits which are more then enough to get things going. Be sure to decommission anything, if you using any thing beyond the free limits, preventing any surprises 🙂
- Also, use QwikLabs for introductory courses which are free
- Read the FAQs atleast for the important topics, as they cover important points and are good for quick review
AWS Cloud Computing Whitepapers
- Architecting for the AWS Cloud: Best Practices
- AWS Well-Architected Framework whitepaper (This is theoretical paper, with loads of theory and is tiresome. If you cover the above topics, you can skip this one)
- AWS Security Best Practices whitepaper, August 2016
- Amazon Web Services: Overview of Security Processes
- Development and Test on AWS
- Backup and Recovery Approaches Using AWS
- Amazon Virtual Private Cloud Connectivity Options
- How AWS Pricing Works
AWS Certified SysOps Administrator – Associate (SOA-C01) Exam Contents
Domain 1: Monitoring and Reporting
- Create and maintain metrics and alarms utilizing AWS monitoring services
- Recognize and differentiate performance and availability metrics
- Perform the steps necessary to remediate based on performance and availability metrics
Domain 2: High Availability
- Implement scalability and elasticity based on use case
- Recognize and differentiate highly available and resilient environments on AWS
Domain 3: Deployment and Provisioning
- Identify and execute steps required to provision cloud resources
- Identify and remediate deployment issues
Domain 4: Storage and Data Management
- Create and manage data retention
- Identify and implement data protection, encryption, and capacity planning needs
Domain 5: Security and Compliance
- Implement and manage security policies on AWS
- Implement access controls when using AWS
- Differentiate between the roles and responsibility within the shared responsibility model
Domain 6: Networking
- Apply AWS networking features
- Implement connectivity services of AWS
- Gather and interpret relevant information for network troubleshooting
Domain 7: Automation and Optimization
- Use AWS services and features to manage and assess resource utilization
- Employ cost-optimization strategies for efficient resource utilization
- Automate manual or repeatable process to minimize management overhead
Thanks Jey
How much in deep we should know to create policies for sysops associate?
You should understand, how the policy is structured and what the elements mean. Expect couple of of questions.
I am going through your articles and practice questions. You really did good job. I still feel it’s never ending and hard to cover everything 🙂 People suggested who passed recently SysOps exam that course from Udemy (AWS Certified SysOps Administrator – Associate 2019) and test questions from Whizlabs , that should be enough to crack this exam. Just wanted to know your thoughts/suggestions on this.
I usually recommend Udemy and Braincert exams. Be sure to cover all the topics mentioned and you should be good to crack the exams.
Pass the SOA-C01 with score 898, your blog is really helpful.
Congrats John …
Hi John,
Can you please list down the topics around which the questions were phased as that would help us to gain confidence about our preparation?
Hi Jay,
I’ve gone through udemy course of a cloud guru. Also gave all practice tests of Braincert for this new AWS Sysops SOA C01 exams and scored good marks.. Should I buy whizlabs practice test as well?. Please guide me further what to do. Thanks!
Hi Jay,
I am about to appear for AWS SysOps exam. I’ve cmmpleted udemy course of A Cloud Guru and given all practice test from Braincert and scored good marks. What should I do further in order to clear exam. Should I buy Whizlab’s mock test as well? Please guide me further. Thank You
it should be good enough, i feel. Be sure to know the concepts covered by the course and practice exams and you should clear the exam with ease.
Hi Ahtesham, please share your experience If you have given exam.
HI Ahtesham,
Would you mind to share your experience and tips for the exam if you have already given.
Thanks
Ashish
I’ve not given the exam yet..I’ll be giving this saturday…I will share my experience and tips after that…
Hi Ashish,
I’ve cleared my exam last Saturday and scored 775 marks. I’ve taken A Cloud Guru SysOps associate 2019 udemy course and gone through that course multiple times. Before going in exam I’ve revised all the section summary videos.
Braincert’s practice exams are very helpful. If you can’t go through all of the FAQs or documentation of AWS then make sure to read Jay’s blog. The exam was pretty tough, each amd every questions are scenario based so be prepare.
S3, Instance type, RDS, CloudFormations etc are very important. Thats all..
Best of Luck!!
Congratulation Ahtesham!
Thank you for sharing your inputs and experience.
I agree Braincert covers almost everything with tricky way.
I am going through Briancert and whizlabs both.
I am not touching Aws faq and whitepapers But I am going through Jayendra’s blogs.
I am just revising summary points of udemy videos.
Well I will try my best. No matter what it’s all about learnings.
Thanks
Ashish
Braincert is good
HI Jay ,
Please suggest best answer for this:
2. You are hosting a 3-tier application that is experiencing bottlenecks. How can you discover the issue?
a. Setup CloudWatch monitoring on EC2 and RDS
b. Use a Lamba function to scan each tier
c. Use CloudTrail to see how much time each API call is taking
d. Use Inspector on your EC2 instances
Hi Jay ,
Please suggest best answer for this: You are hosting a 3-tier application that is experiencing bottlenecks. How can you discover the issue? a. Setup CloudWatch monitoring on EC2 and RDS b. Use a Lamba function to scan each tier c. Use CloudTrail to see how much time each API call is taking d. Use Inspector on your EC2 instances My answer: A as bottlenack realted to slowness but may be its D as Review the findings that Amazon Inspector produces by analyzing the real activity and configuration data of your AWS resources.
Should be A and you can check for bottlenecks with different CloudWatch metrics.
Thank you. Cloud metrics is related to peformance analysis so that makes sense.
Hi Jay ,
Instances behind an ALB have many OS and software dependencies, developers just want instances up as quickly as possible : Answers: User scripts, OPworks reboots and applies then rejoins to ALB, Gold AMIs with blue green deployment, Lambda install software ?
gold or pre-baked amis usually work better and faster.
Thank you !
Hi Jay,
I’ve passed AWS SysOps SOA C01 exam last saturday by scoring 775 marks. I would like to thank you as your articles and suggestions helped me alot. Thank You!
Thats great Ahtesham Ansari, congrats 🙂
Hi Jay,
Please suggest
. You need to copy data from an Instance-Backed EC2 instance. Which S3 functions should you use? (Choose 3)
a. S3::createBucket
b. S3::putObject
c. S3::restoreObject
d. S3::getObject
e. S3::deleteObject
f. S3::deleteBucket
-My ans: A, B, D
Seems fine. Question however seems too naive. Copy data, so why getObject? Instance-backed EC2 instance is irrelevant here.
Hello Sir. I am appearing for my AWS Sysop Administrator – Associate exam tomorrow i.e.on 6th Feb 2019. Are there any last minute important tips which would help me in clearing the exam
Go through all the topics and whitepapers listed, make sure you covered them all. If you have got practice exams, make sure you understand the right and wrong answer concepts and you should be able to clear the exam easily.
Have anyone recently taken AWS sysops…want to check if
Braincert or udemy
Hello team , i m plainning to give sysops associate exam , Any one here have downloaded the course please share me .
any recently given exam
Hi Jay,
Need your answer on the below questions,
A SysOps Administrator has configured a CloudWatch agent to send custom metrics to Amazon CloudWatch and is now assembling a CloudWatch dashboard to display these metrics. What steps should be the Administrator take to complete this task?
A. Select the AWS Namespace, filter by metric name, then add to the dashboard.
B. Add a text widget, select the appropriate metric from the custom namespace, then add to the dashboard.
C. Select the appropriate widget and metrics from the custom namespace, then add to the dashboard.
D. Open the CloudWatch console, from the CloudWatch Events, add all custom metrics.
Should be C as you need to choose appropriate widget and metrics to display.
Option A will not work as the custom metrics is not available inn AWS Namespace.
Option B will not work as you need to choose correct widget and metrics.
Has any one give exam recently, I have exam next week and after my preparation for sysops I am using braincerts question banks …is braincert valid and upto date ? Please share ur experience
Hi All,
I have completed the SA and Devops associate and preparing for my Sysops Associate.
During my preparation of SAA i found the White papers to be crucial but during Devops I think covering Stephanne Mareek Udemy course and Acloud guru cours along with practice exams from Whizalb and Udemy was enough.
I understand the importance of whitepapers but purely from clearing the SYSOPS exam perspective
1 – Will going through Udemy and Acloud Guru Course along with practive papers be enough or should i cover all the white papers (Which in itself is another significant effort)
looking forward to your kind suggestions Sir
For SOA-C01 there are not much whitepapers. You can focus on Disaster Recovery. Rest you can rely on Courses and practice tests.
I have limited 40% OFF coupon on Udemy AWS Certified SysOps – Administrator – Associate (SOA-C01) Practice Exams.
Can you please share me the coupon code.
Thanks in advance my friend.
sorry, the coupon code has expired.
No worries , Thank you !
Hi Jayendra,
I had attempted the Sysops associate exam 2 times. But I didn’t clear the exam. I had done a practice exam from whizlabs and completed the course from Stephane(udemy).
I don’t have AWS real-time experience.
What do you suggest to clear the exam without real-time experience?
To me it’s important to clear.
You can clear Associate exams without real time experience, but you should surely do hands-on activities maybe through Free Tier and Qwiklabs. It helps a lot.
Course and Practice exams should be used to clear the concepts. Not sure for Stephane course for SysOps, but if you have it already dont go for other course.
I usually prefer Braincert exams, but then do not treat any practice exams as dumps. Make sure you understand the concepts, refer AWS documentation.
Okay. Thank you
I will go more practise this time.
I am getting a little bit confused with few topics like Security and Compliance (Inspector, Trusted Advisor, WAF, Shield Protection), Config. When to use which service.
I mostly got questions like service which is working in one region not able to launch in another region. What might be the reason?
These are my problem areas.
WAF and Shield Protection are with DDos attacks. They are the line of defense for all incoming traffic. Usually they work with Route 53, CloudFront and ELB
Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Its more for Applications deployed on AWS.
Trusted Advisor is mainly for best practices in AWS, which covers areas like Security, Compliance, Cost etc.
https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html
Hi Jayendrapatil
I took the test today and I failed, it was so hard, I used Braincert and whitzlab, Do you know another test practice resource that I can use that is more realistic?
Thank you
Richard
Hi Richard, i think one of them should be enough. You should check on the areas that you score less and focus on those. Key here is to understand the concepts and you should be able to clear the exams easily.
Hi, I wanted to ask if I need to take AWS Solutions Architect – Associate Exam before taking the SYSOPS – Associate? Is it necessary?
Hi Ketan, there is no specific order and prerequisites. You can take the Associate, Professional and Specialty in any order.
Associates have about 40-50% in terms of concepts, so if you prepare for 1 you are usually partially prepared for other.
Hi Jayendra,
Hope you are doing well!
I have booked my AWS Sysops exam on November 2020 , can you please suggest how i need to study for this as I heard that it’s toughest exam in Associate level. I have planned 1st i will refer Stephen video from Udemy and second your blog and third practice test from wizlab and then Actual test.
Pls confirm if this order is best to study and how much study i have to do in order to clear the exam.
thankyou so much fir help and guidance.
Hi Anil, your path is good, go through the online videos, go in depth using blog and aws documentation and do some practice tests.