Introduction

Please go thru my post on AWS Certified SysOps Administrator – Associate learning path to understand overview of the exam. Don’t miss that

Exam Tips

Here are few exam tips from my experience. Please add in comments if you have anything more. I will include in my blog.

• Every question has multiple choices. please understand the question carefully. in some questions, they might ask ‘what are the least preferred solution‘ or ‘what are not advisable methods‘ or ‘which statements are false from given below choices’ on given scenario. so be careful you understood the question they are asking for negative answers.
• For some of the questions, all choices or more than one choice seams to be correct answer to the question. but we need to choose the best answer from given question perspective.
• While answering the question, I select best choice out of given options. But I always confirm why other choices are not answer to the question to myself before answering question.
• we have 210 minutes for 65 questions for sysops administrator -associate 2020 exam. Also, there is an option to select “flag for review“. we should have sufficient time to review flagged questions before ending the exam.

The best approach to understand the AWS concepts is start practicing it. If you have an opportunity to get hands on AWS services at your work place, still that may not be enough. because with work, we need to focus on few services and areas that are related to work. Also, some services like IAM , AWS Organization etc might already be in place with best practices. so we might not get an opportunity to explore all the services that are needed for exam. But this exam expects that user has experience in all domains listed by AWS. so everyone have to find their way to practice AWS services. Especially, this sysops admin exam expects that examine has good experience in AWS services.

How to practice AWS services

I practiced this exam by doing my own exercises. Also, I setup a new blog with wordpress (which you are currently reading) using cloudfront, Route53, VPC, subnets, NACL, security groups, VPC endpoints, S3, ASG, EC2, EFS, WAF , Kinisis data stream, KMS, IAM, Coudformation with most of its features, Cloud watch metrics, logs (VPC, ELB), cloudwatch logs, RDS multi-AZ, read replicas etc. This helped me to get smart on the concepts at the same time I exited to see that my blog is available as a result

I have gone thru some of practice tests. but I feel this exam has completely different questions and they are very tricky. Focusing the questions helped me to choose right answer. Here are the services that I remember from where I saw some tricky questions.

• Service catalog with cross account administration
• Elastic cache cluster improving the performance
• EC2 instance best cost optimization techniques
• IAM resource tagging
• Automation on AWS resources with AWS Config
• performance optimization in Cloudfront distribution
• ELB sessions, logs and healthchecks

Training courses

I’m not recommending any courses nor coupons for these courses. But I found below are the stuff which are really helpful to complete the exam with good understanding.

• Ultimate AWS Certified SysOps Administrator Associate 2020 from Udemy
• AWS Certified SysOps Administrator – Associate 2020 from Udemy
• Also go thru FAQs of each service
• I have gone thru https://aws.amazon.com/about-aws/whats-new/2020/ and https://aws.amazon.com/about-aws/whats-new/2019/ as I attempted exam in June 2020
• https://aws.amazon.com/blogs/aws/ this blog is from AWS
• AWS Certified SysOps Administrator – Associate learning path. This is blog is from my collection.
• Go thru white papers that I recommenced in AWS Certified SysOps Administrator – Associate learning path also more white papers related to domains listed in this exam. these white papers

Practice tests

For practice tests, I found following are good to get smart with exam

• Wizlabs
• Braincert
• AWS Certified Solutions Architect Associate Practice Exams from Tutorial Dojo in Udemy

You can use AWS X-Ray to trace and analyze user requests as they travel through your Amazon API Gateway APIs to the underlying services. API Gateway supports AWS X-Ray tracing for all API Gateway endpoint types: regional, edge-optimized, and private. You can use AWS X-Ray with Amazon API Gateway in all regions where X-Ray is available.

X-Ray gives you an end-to-end view of an entire request, so you can analyze latencies in your APIs and their backend services. You can use an X-Ray service map to view the latency of an entire request and that of the downstream services that are integrated with X-Ray. And you can configure sampling rules to tell X-Ray which requests to record, at what sampling rates, according to criteria that you specify. If you call an API Gateway API from a service that’s already being traced, API Gateway passes the trace through, even if X-Ray tracing is not enabled on the API.

You can enable X-Ray for an API stage by using the API Gateway management console, or by using the API Gateway API or CLI.

Before going for the exam, I have enrolled wizlabs practice tests, Udemy by Ryan Kroonenberg and also AWS practice tests by Jon Bonso.

A year back I have attempted the same exam but could not clear it. but now I found some free time for preparation and spent 20 days for preparation along with my work experience helped me to qualify the exam.

Although the above mentioned courses and practice tests will give some insight about the exam pattern, but that is not enough. when I appeared for the exam, I felt that most of the questions are almost new and never read before. but after mapping the concepts with the question I’m able to answer.

• All questions are very trickey and distractive. one need to read it carefully to understand the questions
• if there is any doubt to attemt question, one may use flag feature. one may review all the attempted questions or may directly review flagged questions. Everthing depends on time.
• There are few trickey questions that are related to AWS services integration with security best practices. for example Lambda and Dynamo DB integration, Best practices to access S3 from EC2, etc
• Designing the application to be resilient and high available
• Security best practices
• Storage solutions, EBS types, S3 classes, Storage gateway, Glacier
• Life cycle of S3, EBS
• High Availibility
• DR, RTO, RPO

Some useful Links:

1. https://www.udemy.com/course/aws-certified-solutions-architect-associate-amazon-practice-exams
2. https://www.udemy.com/course/aws-certified-solutions-architect-associate
3. https://www.braincert.com/course/12833-AWS-Solution-Architect-Associate#
4. https://www.whizlabs.com/aws-solutions-architect-associate/practice-tests/

Exam domains:

A day before going for exam:

• First be relax for exam. ensure that you will be in exam hall 30 minutes of the exam time
• Attempt practice test, I scored 92% in practice test and that gave me some confidence. but remember scoring higher percentage in practice test may not implies that one will pass in actual exam
• Don’t be stressed for the exam. Having knowledge is most important. 

Good Luck

The Above picture explains career path and Certification of each role.

In this page, I will be explaining more about AWS Certified SysOps Administrator – Associate. first few paragraphs are the same information from AWS documentation. but at the end of this blog, I have given more details of each domain and its contents. This is created for me to refer before going for the exam and to see that not missing anything. It helped me, so I think it will be helpful to other aspirants too.

Here is the recommended knowledge for SysOps admin exam

• Minimum of 1 year of hands-on experience with AWS
• Experience managing/operating systems on AWS
• Understanding of the AWS tenets – architecting for the cloud
• Hands-on experience with the AWS CLI and SDKs/API tools
• Understanding of network technologies as they relate to AWS
• Understanding of security concepts with hands-on experience in implementing security controls and compliance requirements

Domain 1: Monitoring and Reporting
1.1 Create and maintain metrics and alarms utilizing AWS monitoring services
1.2 Recognize and differentiate performance and availability metrics
1.3 Perform the steps necessary to remediate based on performance and availability metrics
Domain 2: High Availability
2.1 Implement scalability and elasticity based on use case
2.2 Recognize and differentiate highly available and resilient environments on AWS
Domain 3: Deployment and Provisioning
3.1 Identify and execute steps required to provision cloud resources
3.2 Identify and remediate deployment issues
Domain 4: Storage and Data Management
4.1 Create and manage data retention
4.2 Identify and implement data protection, encryption, and capacity planning needs
Domain 5: Security and Compliance
5.1 Implement and manage security policies on AWS
5.2 Implement access controls when using AWS
5.3 Differentiate between the roles and responsibility within the shared responsibility model
Domain 6: Networking
6.1 Apply AWS networking features
6.2 Implement connectivity services of AWS
6.3 Gather and interpret relevant information for network troubleshooting
Domain 7: Automation and Optimization
7.1 Use AWS services and features to manage and assess resource utilization
7.2 Employ cost-optimization strategies for efficient resource utilization
7.3 Automate manual or repeatable process to minimize management overhead

Click here to download Exam Guide for complete reference

Here are White papers for your reference (nice to read), Click to download

• Architecting for the Cloud: AWS Best Practices
• AWS Security Best Practices
• Amazon Web Services: Overview of Security Processes
• AWS Well-Architected Framework
• Development and Test on AWS
• Backup and Recovery Approaches Using AWS
• Amazon Virtual Private Cloud Connectivity Options
•  How AWS Pricing Works
• Overview of deployment options on aws

Download Sample questions for practice

Domain 1: Monitoring and Reporting

• AWS Cloudwatch
  • cloud metrics of all AWS services(EC2, ASG, EBS, Elastic cache, redshift,RDS, Lambda) , alarms, aggregating metrics, custom metrics, high resolution-metrics, basic & detailed metrics
  • cloudwatch log groups, Insights
  • Events and rules
• AWS Cloudfront monitoring
• AWS Cloudtrails
  • Cloudtrails, insights, logfile integrity
• AWS Config
  • config aggregations of multiple accounts
  • rules, resources
• Logs
  • understand the difference between ELB logs and VPC logs. Also, go thru the use cases
  • web ACL logs for WAF and its contents
  • Route53 logs
  • Also, understand how to stream application logs into cloudwatch
  • filtering logs for specific words and alerting
• X-ray
• EC2config, EC2resque tool for windows servers

Domain 2: High Availability

• AWS Route 53
  • Record types, mainly A-record, C-NAME. different use cases of CNAME and A records
  • enabling logs, log format, fields of logs.
  • health checks
  • various routing policies (Simple routing policy, Failover routing policy, Geolocation routing policy, Geoproximity routing policy, Latency routing policy, Weighted routing policy and Multivalue answer routing policy)
    • difference between latency routing and geolocation routing.
    • Failover configuration for DR, weighted routing policy to divert traffic.
• AWS Cloudfront
  • origin of Cloudfront
  • difference between sessionid and signed URL
  • Behaviours, Invalidations
  • versioning and cache settings
  • Geo restrictions
  • Alarms, monitoring
• AWS ELB (Load balancer Application LB, Network LB and Classic LB)
  • ELB cookies, application maintained cookies
  • ELB health checks, integrating ELB hatchecks with ASG and Route53
  • ELB pre-warmup requests
  • ELB metrics especially Latency, SpilloverCount, SurgeQueueLength
• ASG
  • groups and launch configurations
  • setting alarms based on different use cases (EC2 metrics, SQS metrics)
  • scaling policies (simple and step scaling)
  • schedule scaling
  • Life cycle hooks
  • ASG monitoring ( metrics)
• VPC and on-premisis connections (Hybrid environments)
  • VPC (default and custom)
  • VPC peering
  • VPC endpoints (gateway and interface)
  • subnets, security groups, NACL, Elastic IP, NAT instance & NAT gateway
  • site-to-site VPN, AWS Direct connect (choosing either of them as per use case)
• RDS replications in multi-AZ, availability in multiple regions
  • Maintenance of multi-AZ, encriptions
  • creating read replica in same or different availability zone. encryption scenario when replicas enabled in different region
  • 
• when to use read replica and Elastic cache
• Elastic cache
  • Improving the performance of Elastic cache (increasing the size and adding nodes)
  • Elasticache evictions
  • choosing between memcache and redis
  • shards

Domain 3: Deployment and Provisioning

• AWS Elastic Beanstalk
  • Deployment policies
  • advantages of Elastic Beanstalk over other deployment services like Cloudformation services
• AWS OpsWork
  • stack, puppet and chef
  • trouble shooting Opswork is commonly asked in sysops admin certification exam
  • 
• AWS Cloudformation
  • cloudformation policies, helper scripts
  • nested stacks, stacksets
  • update stack sets, drifting
• AWS Service catalog
  • Product and Portfolios (be sure to go thru the service catalog FAQs before going for the exam)

Domain 4: Storage and Data Management

• EBS Volumes
  • snapshots, lifecyle, encryption, sharing snapshots across regions and AZ
• Instance stores
  • Instance store life cycle, use cases
• EBS Snapshots
• EFS
  • EFS performance modes, EFS monitoring metrics
• S3
  • S3 is one of the old services of AWS and expect lots of complex questions from this service
  • S3 tiers

• S3 classes, ACL, policies (get smart on all soft of policies definitions )
  • Encryptions
  • static site hosting
  • blocking access at bucket level and account level
  • MFA delete, versioning
  • life cycles
• Glacier
  • Glacier tiers
  • Vault lock policies, Vault access policies
  • Archive retrial options
• Snowball and Snowball edge services
  • understand when to use snowball and snowball edge services

Domain 5: Security and Compliance

• IAM
  • There will lot of different questions comes from IAM for Sysops exam. so be well prepared with IAM. go thru FAQ and AWS documentation.
  • roles, groups, policies
  • STS, MFA, Cross account access
  • Identity federation, SAML
• KMS
• CloudHSM
• AWS Inspector
  • trouble shooting
• AWS GuardDuty
• Trusted Advisor
  • features it support for different AWS support plans (e.g.: enabling alerts)
• AWS Cognito

Domain 6: Networking

• Route53
  • public and private hosted zones, registering the domains, domains registered outside AWS
• VPC
  • public and private subnets
  • Security group and NACL
  • NAT gateway, NAT instance
  • Internet gateways
  • IP4 and also IP6 support
  • VPC end points
  • VPC peering , Transtive peering
  • DHCP option sets
• Cloudfront

Domain 7: Automation and Optimization

• Cloudformation
• optimizing the costs with reserve instances, spot instances
• optimizing the resource utilization with ASG, ELB