AWS SysOps Administrator - Associate
The course is part of this learning path
This brief course introduces the AWS SysOps Administrator - Associate learning path, which covers the following domains:
- Domain 1: Monitoring, Logging, and Remediation
- Domain 2: Reliability and Business Continuity
- Domain 3: Deployment, Provisioning, and Automation
- Domain 4: Security and Compliance
- Domain 5: Networking and Content Delivery
- Domain 6: Cost and Performance Optimization
You will learn what to expect from the exam and how to prepare for it to enhance your chances of passing!
Hello and welcome to this learning path, which has been designed to help you prepare and pass the AWS Certified SysOps Administrator - Associate exam (SOA-C02).
Throughout this learning path, you will be guided via our courses, hands-on labs including some lab challenges and a preparation exam, all of which are focused on areas that will be assessed within the exam.
As defined in the exam blueprint, which can be found here, the exam has been designed for system administrators in a cloud operations role who have at least 1 year of hands-on experience with deployment, management, networking, and security on AWS.
During the exam you will be presented with different question types, these being:
- Multiple choice
- Multiple response
- Exam Labs
Multiple-choice questions require you to select a single correct answer, whereas multiple response questions require you to select more than one correct answer, and the question will stipulate how many you need to select.
The Exam labs are slightly different, they will require you to demonstrate your abilities as a sysops administrator to configure, resolve or perform specific tasks from within the AWS Management Console or the AWS CLI. As a result, having hands-on experience of AWS is crucial to passing this exam. With this in mind, we have curated our learning path to have a heavy emphasis on labs, allowing you to gain that much-needed experience, and enhancing your confidence when it comes to the exam lab tasks in the exam.
When you begin your exam you will be told how many of each type of question you will get, and so pay attention to the number of exam labs as you should be prepared to spend at least 20 minutes on each lab. You will also be notified at the start of your exam the percentage weighting that the exam labs carries.
When working on your exam labs, be sure to complete all the work you can on each lab before continuing to the next lab as you CAN’T go back to it afterwards. If you complete all tasks in the lab correctly, you will get full credit. If you only achieve some of the tasks then you can achieve partial credit for those exams, but these details are not disclosed in any way.
The scoring is based out of 1000, with a minimum passing score of 720 (72%).
The exam is split into 6 different domains that you will be assessed against, each carrying a different percentage weighting, these are identified as:
- Domain 1: Monitoring, Logging, and Remediation 20%
- Domain 2: Reliability and Business Continuity 16%
- Domain 3: Deployment, Provisioning, and Automation 18%
- Domain 4: Security and Compliance 16%
- Domain 5: Networking and Content Delivery 18%
- Domain 6: Cost and Performance Optimization 12%
Let’s look at the requirement for each of these a bit deeper and as defined in the blueprint.
Domain 1 - Monitoring, Logging, and Remediation. This domain contains 2 sub-domains, the first being 1.1 Implement metrics, alarms, and filters by using AWS monitoring and logging services.
This will require you to understand how to identify, collect and analyze logs, specifically those surrounding Amazon CloudWatch and CloudTrail Logs. You will need to understand the different components of CloudWatch, including the CloudWatch logging agent, Dashboards, metrics, alarms and more. You will be assessed upon your understanding of the Simple Notification Service and Amazon EventBridge to see how it can be used to trigger notifications allowing you to take corrective actions.
The 2nd sub-domain reads:
1.2 Remediate issues based on monitoring and availability metrics.
This will assess your ability to be able to troubleshoot issues received from alarms and how to take the appropriate action, for example those received from Amazon EventBridge or AWS Config rules that are identified as non-compliant.
Next, we have Domain 2: Reliability and Business Continuity.
This domain is broken down into 3 sub-domains.
2.1. Implement scalability and Elasticity. This is pretty clear in what you’ll be assessed upon, as you might expect, you need to have good knowledge of AWS auto scaling plans, in addition to understanding the difference between vertical and horizontal scaling. You will also be assessed upon the services that are available for caching, such as Elasticache and when and why you might use RDS and Aurora replicas.
The 2nd sub-domain looks at 2.2 Implement high availability and resilient architectures. So to cover the points in this area you will need to demonstrate knowledge of how to configure Elastic Load balancers. You should also understand when and why you would implement Route 53 health checks and the different routing policies available.
An essential concept to understand in this area is the distinction between a single AZ and multi-AZ deployment, how this helps with high availability and resiliency for different AWS services. Fault tolerance is another focus of this sub-domain, so you’ll need to understand how services such as the Elastic File System handles this, and how networking features such as Elastic IP Addresses help you develop fault-tolerant systems.
The last sub-domain 2.3 - Implement backup and restore strategies will heavily test your understanding on how to use different services and their features to provide robust backup and disaster recovery infrastructure in the event of a failure. You’ll be assessed on the backup offerings available from AWS database services, such as RDS and the different restore features available, and how to best recover from a failure. It’s also likely Amazon S3 will play a part here too, validating your knowledge against features such as versioning, lifecycle rules, and cross-region replication.
We then come onto Domain 3: Deployment, Provisioning, and Automation which contains 2 sub-domains.
Firstly, 3.1 Provision and maintain cloud resources. For this section, it is recommended that you know about Amazon Machine Image (AMI) management, understanding how to both create and manage them. In addition to AMIs, you will also be tested on your knowledge of AWS CloudFormation, so make sure you are familiar with this service, from provisioning to troubleshooting. AWS also highlights that you have an understanding of how IAM cross-account management works.
The 2nd sub-domain of Domain 3, 3.2 Automate manual or repeatable processes looks more at the services that help with automating deployment processes, for example CloudFormation and Systems Manager. In addition to this, knowledge of services such as EventBridge and AWS Config will also be assessed from the perspective of scheduling and automating tasks.
Next up we have Domain 4: Security and Compliance which spans 2 sub-domains but they each require you to have a solid understanding across a range of topics.
4.1 - Implement and manage security and compliance policies. This will certainly require you to have solid experience of all areas of the Identity & Access Management service, from user creation, multi-factor authentication configuration, to policy creation using conditions. Ensure you know IAM inside and out and are able to read access policies with ease. You will also be required to demonstrate your understanding of the different policy types. Knowledge of AWS Trusted Advisor, AWS Control Tower and AWS Organizations will also be required to fulfill the requirements of this sub-domain, so understanding security around multi-account infrastructure is key.
Sub-domain 4.2 - Implement data and infrastructure protection strategies is focused more on the encryption and protection of data, both and rest and in transit, so knowledge of the AWS Key Management Service and CloudHSM are required to understand how to manage encryption keys. AWS Secrets Manager and the Parameter Store should also be understood, in addition to the differences between them when it comes to maintaining your secrets and how to protect them.
Moving on to Domain 5: Networking and Content Delivery we start to focus on some of the core infrastructure of AWS, and this domain is split between 3 sub-domains, the first of which is 5.1 - Implement networking features and connectivity - This sub-domain required you to show your understanding of Virtual Private Clouds, and all things related to them, for example route tables, Network Access Control Lists, NAT Gateways, etc. You will also be required to show knowledge of what VPC endpoints are and used for, how VPN connections are configured and what VPC peering is. As we know, security is always a concern, so you need to be able to demonstrate your awareness of network protection services, such as the Web Application Firewall (WAF) service, and to protect yourself from DDoS attacks with AWS Shield.
Sub-domain 5.2 - Configure domains, DNS service, and content delivery primarily centres on all things Route 53, so you should have a good working knowledge of the service, understand hosted zones, different types of records, and again the routing policies. In addition to this, you will be evaluated on your comprehension of configuring S3 static websites and how you can use an S3 Origin access identity (OAI) with CloudFront to secure your static site.
In the last sub-domain 5.3 - Troubleshoot network connectivity issues the attention turns to demonstrating your ability to quickly and easily identify where an issue or problem may exist depending on a particular scenario. This could involve VPCs and their components, logging, and being able to interpret those logs, caching issues with CloudFront or identifying where a connectivity issue may lay when implementing a hybrid environment using VPNs or Direct Connect.
The final domain is Domain 6: Cost and Performance Optimization. This final domain has 2 sub-domains. 6.1 - Implement cost optimization strategies will look at your understanding of how to reduce and optimize your AWS costs using different services and tools. For example, being able to identify under-utilized resources, using the correct purchasing option for EC2 instances, or analyzing costs through Cost Explorer.
The 2nd sub-domain, 6.2 - Implement performance optimization strategies will assess your understanding of how to modify configurations to enhance performance, for example enhanced compute or memory power for EC2 instances, or selecting the correct throughput modes when using the Elastic File System. You should be familiar with S3 Transfer acceleration, RDS performance insights, and DAX, and not forgetting networking enhancements such as the Enhanced Network Adapter.
With all of this content needed for the exam, we have designed this learning path to cover the requirements of each of these domains. We have broken down the learning path focusing on specific AWS categories, these include:
- Automation & Optimization
- Monitoring & Reporting
- Security & Compliance
Each one of these courses will touch on assessment points from each of the domains I just discussed. Also, at the end of each of these courses, you will have the opportunity to take a knowledge check assessment, this will determine your understanding of the course content you just completed.
Between each of the courses, there are a number of hands-on labs to get through, which as I mentioned earlier is critical for this certification, having that hands-on experience will dramatically increase your chances of successfully completing the exam lab segments.
At the end of the learning path, there is a preparation exam to help you determine if you are ready to sit the real exam. This is a great way to understand your strengths and weaknesses across the different topics.
Ok, so now you have a greater understanding of what’s involved, let’s get your prepped and ready to tackle this SysOps Administrator - Associate certification! And If you have any questions throughout this learning path, please feel free to reach out to us here, by sending an email to email@example.com. OK, let's get started!
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 90+ courses relating to Cloud reaching over 140,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.