AWS Certified SysOps Administrator – Associate (SOA-C01) Exam Learning Path

AWS Certified SysOps Administrator – Associate (SOA-C01) exam is the latest AWS exam and has already replaced the old SysOps Administrator – Associate exam from 24th Sept 2018. It basically validates

Deploy, manage, and operate scalable, highly available, and fault tolerant systems on AWS
Implement and control the flow of data to and from AWS

Select the appropriate AWS service based on compute, data, or security requirements
Identify appropriate use of AWS operational best practices
Estimate AWS usage costs and identify operational cost control mechanisms

Migrate on-premises workloads to AWS

Refer AWS Certified SysOps – Associate Exam Guide Sep 18

AWS Certified SysOps Administrator - Associate Content Outline

AWS Certified SysOps Administrator – Associate (SOA-C01) Exam Summary

AWS Certified SysOps Administrator – Associate exam is quite different from the previous one with more focus on the error handling, deployment, monitoring.

AWS Certified SysOps Administrator – Associate exam covers a lot of latest AWS services like ALB, Lambda, AWS Config, AWS Inspector, AWS Shield while focusing majorly on other services like CloudWatch, Metrics from various services, CloudTrail.
Be sure to cover the following topics
- Monitoring & Management Tools
  - Understand CloudWatch monitoring to provide operational transparency
    - Know which EC2 metrics it can track (disk, network, CPU, status checks) and which would need custom metrics (memory, disk swap, disk storage etc.)
    - Know ELB monitoring
      - Classic Load Balancer metrics SurgeQueueLength and SpilloverCount
      - Reasons for 4XX and 5XX errors
  - Understand CloudTrail for audit and governance
  - Understand AWS Config and its use cases
  - Understand AWS Systems Manager and its various services like parameter store, patch manager
  - Understand AWS Trusted Advisor and what it provides
  - Very important to understand AWS CloudWatch vs AWS CloudTrail vs AWS Config
  - Very important to understand Trust Advisor vs Systems manager vs Inspector
  - Know Personal Health Dashboard & Service Health Dashboard
  - Deployment tools
    - Know AWS OpsWorks and its ability to support chef & puppet
    - Know Elastic Beanstalk and its advantages
    - Understand AWS CloudFormation
      - Know stacks, templates, nested stacks
      - Know how to wait for resources setup to be completed before proceeding esp. cfn-signal
      - Know how to retain resources (RDS, S3), prevent rollback in case of a failure
- Networking & Content Delivery
  - Understand VPC in depth
    - Understand the difference between
      - Bastion host – allow access to instances in private subnet
      - NAT – route traffic from private subnets to internet
      - NAT instance vs NAT Gateway
      - Internet Gateway – Access to internet
      - Virtual Private Gateway – Connectivity between on-premises and VPC
      - Egress-Only Internet Gateway – relevant to IPv6 only to allow egress traffic from private subnet to internet, without allowing ingress traffic
    - Understand
      - Private Subnet vs Public Subnet
      - how to configure Route Tables
      - Security Groups vs NACLs
    - Understand how VPC Peering works and limitations
    - Understand VPC Endpoints and supported services
    - Ability to debug networking issues like EC2 not accessible, EC2 instances not reachable, Instances in subnets not able to communicate with others or Internet.
  - Understand Route 53 and Routing Policies and their use cases
    - Focus on Weighted, Latency routing policies
  - Understand VPN and Direct Connect and their use cases
  - Understand CloudFront and use cases
  - Understand ELB, ALB and NLB and what features they provide like
    - ALB provides content and path routing
    - NLB provides ability to give static IPs to load balancer.
- Compute
  - Understand EC2 in depth
    - Understand EC2 instance types
    - Understand EC2 purchase options esp. spot instances and improved reserved instances options.
    - Understand how IO Credits work and T2 burstable performance and T2 unlimited
    - Understand EC2 Metadata & Userdata. Whats the use of each? How to look up instance data after it is launched.
    - Understand EC2 Security.
      - How IAM Role work with EC2 instances
      - IAM Role can now be attached to stopped and runnings instances
    - Understand AMIs and remember they are regional and how can they be shared with others.
    - Troubleshoot issues with launching EC2 esp. RequestLimitExceeded, InstanceLimitExceeded etc.
    - Troubleshoot connectivity, lost ssh keys issues
  - Understand Auto Scaling
  - Understand Lambda and its use cases
  - Understand Lambda with API Gateway
- Storage
  - Understand S3 and all its topics
    - Understand S3 features like
      - storage classes with lifecycle policies,
      - S3 data protection
      - multi-part handling esp. how do you handle completions and aborts.
      - static website hosting, CORS
      - Versioning
      - Pre-Signed URLs for both upload and download
  - Understand Glacier as archival storage
  - Understand EBS storage option
    - EBS vs Instance store volumes
    - EBS volume types and their use cases, limitations esp. IOPS
    - RAID 0 and RAID 1 configurations and their use cases
  - Understand Storage Gateway and their use cases
    - Know uses cases for VTL
  - Know EFS as shared file system.
  - Know Snowball for data migration
    - Know Snowball vs Snowball Edge
- Databases
  - Understand RDS
    - Understand RDS Multi-AZ vs Read Replicas and use cases
  - Understand DynamoDB
  - Understand Aurora
  - Know ElastiCache use cases, mainly for caching performance
    - Understand ElastiCache Redis vs Memcached
- Security
  - Understand IAM as a whole
    - Focus on IAM role and its use case especially with EC2 instance
    - Know how to test and validate IAM policies
    - Understand IAM identity providers and federation and use cases
    - Understand MFA and How would implement two factor authentication for your application
    - Focus on S3 with SSE, SSE-C, SSE-KMS. How they work and differ?
  - Understand KMS for key management and envelope encryption
  - Understand CloudHSM and KMS vs CloudHSM esp. support for symmetric and asymmetric keys
  - Know AWS Inspector and its use cases
  - Know AWS GuardDuty as managed threat detection service. Will help eliminate as the option
  - Know AWS Shield esp. the Shield Advanced option and the features it provides
  - Know WAF as Web Traffic Firewall
  - Know AWS Artifact as on-demand access to compliance reports
- Integration Tools
  - Understand SQS as message queuing service and SNS as pub/sub notification service
    - Focus on SQS as a decoupling service
    - Understand SQS FIFO, make sure you know the differences between standard and FIFO
  - Understand CloudWatch integration with SNS for notification
- Cost management
  - Know AWS Organizations and Consolidated billing
  - Understand how to setup Billing Alerts using CloudWatch

AWS Certified SysOps Administrator – Associate (SOA-C01) Exam Resources

Online Courses
- Udemy AWS Certified Solutions Architect Associate Exam Mastery 2018 – can be a good start to other services
- Stephane Maarek – Ultimate AWS Certified SysOps Administrator Associate 2019 – Highest Rated
- A Cloud Guru – AWS Certified SysOps Administrator – Associate 2019
- Linux Academy – AWS Certified SysOps Administrator – Associate (2018)
Practice tests
- Braincert AWS Certified SysOps Administrator – Associate SOA-C01 Practice Exams, which provide extensive scenario based questions and are inline with the actual exams
- Stephave Maarek – Practice Exams: AWS Certified SysOps Administrator Associate
Signed up with AWS for the Free Tier account which provides a lot of the Services to be tried for free with certain limits which are more then enough to get things going. Be sure to decommission anything, if you using any thing beyond the free limits, preventing any surprises 🙂

Also, use QwikLabs for introductory courses which are free
Read the FAQs atleast for the important topics, as they cover important points and are good for quick review