Hello Readers! I hope you all are doing well. This is the right time to enhance your career and knowledge towards Cloud Technologies. AWS is booming into the market as a leading Public Cloud provider, and it is a market leader in Infrastructure as a Service (IaaS). IaaS covers services like Compute, Database, Network and Storage.
AWS is a leading Cloud Provider. It also provides various role-based certifications for techies to work efficiently on the AWS platform and enhance their knowledge on the specific domain of AWS. As you came to this blog, you must be preparing for the AWS SysOps Administrator Associate Certification. I will not take your more time and continue to certification details and preparation guide. I hope this blog helps you to your certification journey and moving up in your career.
SysOps Administrator-Associate exam Details
Exam Duration: 130 Minutes
Number of Questions: 65 approx.
Exam format: Multiple choice and Multiple Answer
Passing Criteria: 720/1000
Exam Registration: https://www.aws.training/certification?src=sysops-assoc
Help you to pass the AWS SysOps Administrator Associate Certification exam. Give the high-level idea of Exam topics and scenarios.
This is quite a tricky certificate compared to other Associate certificates provided by AWS. This certificate needs more detailed knowledge and hands-on experience with AWS services.
Here are the key services which you should more focus on.
EC2, VPC, RDS, CloudWatch, IAM, S3, Route53, CloudFormation, AWS Security services (WAF, Inspector, Shield), KMS, AWS Organizations, and Service Control Policies. This Certificate is divided into seven domains, and I will try to list services in each domain and essential topics that you should not miss.
Domain 1: Monitoring and Reporting 22%
Domain 2: High Availability 8%
Domain 3: Deployment and Provisioning 14%
Domain 4: Storage and Data Management 12%
Domain 5: Security and Compliance 18%
Domain 6: Networking 14%
Domain 7: Automation and Optimization 12%
Let’s explore each domain in detail.
Domain 1: Monitoring and Reporting
Monitoring and Reporting is a must if we talk about Infrastructure as a Service in any Cloud platform. AWS has multiple services to monitor all your resources and get alert on the configured threshold. Considering the exam, you should have a good understanding of the AWS CloudWatch service.
CloudWatch provides monitoring and logging for infrastructure hosted in AWS. There are main features of CloudWatch which are essentials for the exam.
- CloudWatch Metrics, Custom Metrics for EC2
- CloudWatch Alarms
- CloudWatch logs and event
- CloudWatch Dashboard
AWS CloudTrail service gives Audit logs for the AWS account; it logs all API calls, Management console modification, and all other tasks performed in the account. AWS CloudTrail helps to gather data for Compliance, Governance and Risk Auditing. Hint: You can get questions on securing CloudTrail logs so no one from the organization can alter that as it contains sensitive audit data.
AWS provides health Dashboard; it is divided into two parts. One is Personal Health Dashboard and the second is Service Health Dashboard. Please refer AWS document for more details on these services.
Domain 2: High Availability
You should have a good understanding of the 3-tier application model to achieve high availability. In this domain, you can expect questions on AWS Autoscaling and Load balancers.
Autoscaling policies are like target tracking policy, step scaling policy. Launch configuration or lifecycle hook. These are the main features where you will get questions.
AWS provides various types of load balancer based on the requirement you can choose the ideal type of LB. You should be aware of all three types of LB, target groups, health checks, listeners’ priorities, Host-based routing, and path-based routing.
Domain 3: Deployment and Provisioning
AWS Elastic Beanstalk, AWS SSM, ECS, and AWS OpsWorks are the primary services focused under this domain.
Please refer to these topics under Elastic Beanstalk; Languages supported, deployment options, and when to use Elastic Beanstalk.
ECS: Elastic Container Services
Docker concepts, Docker file, Container Registry, Task definition, Service, Cluster, and Fargate are main topics under ECS. Hint: you will get one or two questions related to ECS.
You need to cover complete service to face questions related to SSM because SSM is divided into multiple services, which helps to automate various things in AWS. More focused topics are System manager automation, System Manager Inventory, Patch Manager, Run Command, and Parameter store.
Domain 4: Storage and Data Management
This domain contains S3, EBS, EFS, Fx, AWS Storage Gateway, AWS Snowball, and RDS.
S3 Storage Classes with data availability and durability, pricing criteria, and select proper storage class based on the scenario, S3 cross-region replication for disaster recovery and backup.
S3 Bucket policy and ACLs are the most important topics from S3. It also comes under the security section; if you are referring S3 Document, then also cover Bucket policies and ACLs.
You should read more about replication, like how to enable cross-region replication? If you enable replication, what will all be replicated automatically? Replication configuration.
Go through AWS Snowball, AWS Snow Mobile and Snowball Edge. These services are used to migrate data in large amount from on-prem to S3.
EBS and EFS:
EBS storage types and performance, EBS limitations, snapshots, CloudWatch metrics for EBS, RAID, mount EBS volume to EC2, and extend the storage, Encryption of EBS.
EFS benefits over EBS, CloudWatch metrics for EFS, storage classes, and life cycle management.
RDS Data Autoscaling, Read Replicas, Multi-AZ instances
AWS Storage Gateway is used to connect local data center software applications to AWS Cloud-based storage such as S3. It is used for hybrid Cloud solutions or data backups for On-prem data centers. There are three types of storage gateways File Gateway, Volume Gateway and Tape Gateway.
In this section, you will get more questions about Data Durability and Data Security. The questions will be scenario-based referring to the above topics.
Domain 5: Security and Compliance
You can read AWS security best practices white paper for a deep understanding of Security in AWS. This exam contains high-level fundamentals about AWS Security Services. You should be aware of the Shared Responsibility Model to know the security topics.
AWS IAM is key service to manage access control to your AWS account. These are the main topics in IAM which you need to cover.
IAM User, IAM Role, IAM policy, Groups, and IAM MFA multi-factor authentication, read out best practices for IAM user and IAM policy by providing minimal access to resources or users. How to handle the root users and best practices for AWS root users. Hint: you could get 3 to 4 questions in the exam related to IAM.
S3 Bucket policy and Data Integrity:
S3 bucket policies are essential features to secure data stored in the S3 bucket. S3 bucket policy provides to set allow or deny permission to the bucket. Policies are written in JSON format. You should have a proper understanding of S3 bucket policies and ACLs, Hint: you could get 2 to 3 questions related to Bucket Policy and S3 Data Security.
S3 data integrity consists of Versioning, Data replication, and Multifactor Authentication Delete. These services will help to gain surety on data availability, and it prevents Data deletion.
Amazon VPC: security group and NACL:
Security group and NACL are firewalls to EC2 and other resources which are deployed under VPC. It restricts or allows access to selected Port Number from allowed IP Addresses . You can not deny any actions in the security group, but you can forcefully deny IP at NACL.
NACL is stateless in behaviours and Security groups are Stateful. Security groups are used at the instance level, but you can configure NACL at the Subnet level.
AWS Security Services:
Please read AWS Documentation for a better understanding of these services as it frequently gets updates in features and configuration steps.
AWS Inspector can analyse the behaviour of AWS resources, Test network accessibility and security state
AWS KMS is used to encrypt the data with managed encryption keys. KMS can be used with multiple AWS services to encrypt sensitive data. Hint: you could get various questions to use KMS with multiple AWS services and steps to encrypt data with KMS.
AWS Certificate Manager can use to integrate with ELB, Route53, CloudFront, Elastic Beanstalk, and API Gateway to handle the secure requests.
AWS WAF and Shield rules work based on condition and it helps to prevent cyber-attacks like cross-site scripting, SQL injections, DDoS attack, HTTP headers.
AWS Trusted Advisor gives reports on Cost optimization, performance, security, Fault tolerance, and service limits. This service is by default enabled for all customers.
Also, read about AWS Artifact service, it gives all compliance-related reports concerning AWS. You can get one question on this.
Domain 6: Networking
AWS VPC and AWS CloudFront are the primary services that provide network service to the user. You should have proper knowledge of VPC configurations and services, and you need to read full document for VPC. I can provide some service names which you should focus more while reading.
VPC flow log is the topic where you could get a question for sure as this is an administrator certificate. Make sure you understand the flow logs.
Public Subnets and private Subnet configuration, route tables, and CIDR reservations. VPC Peering to establish a private connection between two or more VPCs.
Ensure that you know about AWS VPN service, which helps to connect on-prem data centers to AWS VPC. Read all the subtopics under VPN. AWS Direct Connect is also an important topic when we talk about networking.
From EC2 services, you should cover Elastic Load Balancer, SSL offloading, Elastic IPs and Elastic Network Interface.
CloudFront is a CDN service provided by AWS; refer to CloudFront components, process and how to manage the content on CloudFront.
Domain 7: Automation and Optimization
AWS CloudFormation and AWS OpsWorks are the tool for automation and optimize AWS resources.
AWS CloudFormation allows users to create infrastructure as a code. The template can be deployed multiple times to create resources with just minimal updates. CFTs are written into JSON and YAML syntax with main 5 blocks under the template. Read about Stack Set, nested stack and simple stack.
AWS OpsWorks allows you to create, deploy, monitor, and maintain deployments. It provides a flexible way to create and manage resources for our application. It uses Chef, an open-source automation tool for infrastructure automation.
AWS Lambda supports serverless computing architecture, and it is stateless in behaviour. AWS Lambda supports almost all popular languages to run your code without maintaining any infrastructure headache.
Each of the topics covers the same weightage in the exam. You could get 1 to 2 questions from each service.
This was the brief about all the domains covered under the SysOps exam. I took two months to prepare for this exam after clearing AWS Solution Architect: Associate certificate. You will get enough time just take care that you do not get stuck in complex questions. This exam was tough compare to the Solution Architect Associate exam. I have cleared the exam with 820 out of 1000.
For more preparation, you can enroll to live trainings by CloudThat Technologies. Here is the link for SYSOPS certification training. CloudThat also provides a practice test for the SysOps certificate. You can purchase the Test from CloudThat and start practicing.
I hope this blog helps you to prepare for the certificate, this is my first blog, so please drop your feedback and suggestions under comments. 😊