AWS Certified SysOps Administrator Associate Exam Study Path

If you are a Systems Administrator or a DevOps Engineer, then this certification will test your knowledge on these areas in AWS. Your experience in these fields will come in handy in passing the exam, but this should be complemented by actual AWS SysOps knowledge. In the AWS Certified SysOps Administrator Associate Exam (or AWS SOA for short), questions will test your ability to perform the following:

  • Deploy, manage, and operate scalable, highly available, and fault tolerant systems on AWS 
  • Implement and control the flow of data to and from AWS 
  • Select the appropriate AWS service based on compute, data, or security requirements 
  • Identify appropriate use of AWS operational best practices 
  • Estimate AWS usage costs and identify operational cost control mechanisms 
  • Migrate on-premises workloads to AWS 

Given the scope of the questions above, you should learn the concepts of the AWS architecture, the AWS Operational Framework, as well as the AWS CLI and AWS SDK/API tools. Having prior knowledge on fundamental networking and security will also be very valuable. This guide aims to provide you a straightforward guide when reviewing for this exam.

Study Materials

The FREE AWS Exam Readiness video course, official AWS sample questions, whitepapers, AWS Documentation, AWS cheat sheets, and AWS practice exams will be your primary study materials for this exam. There are multiple papers that you should read and familiarize yourself with as a SysOps Administrator.

Having an AWS account you can use will help ingest the different concepts within these whitepapers. Since the exam itself contains multiple scenario questions, using the services and applying them in practice yourself will allow you to determine the types of situations they are applied in. 

Exam Readiness AWS Certified SysOps Administrator Associate

Additional details regarding your AWS SOA exam can be seen in this AWS exam blueprint.

The whitepapers listed below are arranged in such a way that you will learn the concepts first, before proceeding to application and best practices. If you need a refresh on your AWS fundamentals, go check out our guide on the AWS Certified Cloud Practitioner Exam before proceeding below.

  1. Amazon Virtual Private Cloud Connectivity OptionsStudy how you can connect different VPCs together, your VPCs to your on-premises network, and vice versa.
  2. Development and Test on AWS – Study how you can leverage AWS to create development and test environments, implement pipelines and automation, and perform different validation tests for your applications.
  3. Backup and Recovery Approaches Using AWS – One of your responsibilities as a SysOps Admin is to make sure your infrastructure and data are recoverable after a disaster. Learn which AWS services offer backup and restore features. It is also important to know how these backups are stored and secured, and selecting the correct storage options for them.
  4. How AWS Pricing Works – Study on the fundamental drivers of cost in AWS, the pricing models of commonly used services in compute, storage, and database, and how to optimize your costs. You should also be familiar with the different AWS tools that help you calculate and compare the cost between services, between hosting environments (cloud vs local), and between pricing models (on-demand, reserved, spot).
  5. Amazon Web Services: Overview of Security Processes You should study the different security features in AWS – including infrastructure, account, network, application and data security. Determine which aspects of security are your responsibilities, and which are AWS’.
  6. IT Certification Category (English)728x90
  7. AWS Security Best Practices – This whitepaper complements the previous. Understand the security best practices and their purpose in your environment. Some services offer more than one form of security feature, such as multiple key management schemes for encryption. It is important that you can determine which form is most suitable to the given scenarios in your exam.
  8. Architecting for the Cloud: AWS Best Practices – Be sure to understand the best practices in AWS since exam questions will focus their scenarios around these best practices. The whitepaper contains a number of design principles with examples for each. These will help you realize which services are most suitable for which kinds of situations.
  9. AWS Well-Architected FrameworkThis whitepaper is one of the most important papers that you should study for the SOA exam. It discusses the different pillars that make up a well-architected cloud environment. Expect the scenarios in your exam to be heavily based upon these pillars. Each pillar will have a corresponding whitepaper of its own, that discusses the respective pillar in more detail.

Optional whitepapers:

  1. Overview of Deployment Options on AWS – This is an optional whitepaper that you can read to be aware of your deployment options in AWS. There is a chance that this might come up in the exam.
  2. AWS Disaster Recovery Plans – This optional but highly important whitepaper complements backup and restore. As a SysOps Administrator, you should be familiar with your DR options when outages occur. Having knowledge of DR will determine how fast you can recover your infrastructure.

Also check out this article: Top 5 FREE AWS Review Materials.

AWS Services to Focus On

AWS offers extensive documentation and well-written FAQs for all of their services. These two will be your primary source of information when studying. Furthermore, as an AWS SysOps Administrator, you need to be well-versed in a number of AWS products and services since you will almost always be using them in your work. I recommend checking out Tutorials Dojo’s AWS Cheat Sheets which provides a summarized but highly informative set of notes and tips for your review on these services.

Core services to study:

  1. EC2 – As the most fundamental compute service offered by AWS, you should know about EC2 inside out.
  2. Elastic Load Balancer – Load balancing is very important for a highly available system. Study about the different types of ELBs, and the features each of them supports.
  3. Auto Scaling – Study what services in AWS can be auto scaled, what triggers scaling, and how auto scaling increases/decreases the number of instances.
  4. Elastic Block Store – As the primary storage solution of EC2, study on the types of EBS volumes available. Also study how to secure, backup and restore EBS volumes.
  5. S3 / GlacierAWS offers many types of S3 storage depending on your needs. Study what these types are and what differs between them. Also review on the capabilities of S3 such as hosting a static website, securing access to objects using policies, lifecycle policies, etc. Learn as much about S3 as you can.
  6. VPC – Study every service that is used to create a VPC (subnets, route tables, internet gateways, nat gateways, VPN gateways, etc). Also, review on the differences of network access control lists and security groups, and during which situations they are applied.
  7. Route 53 – Study the different types of records in Route 53. Study also the different routing policies. Know what hosted zones and domains are.
  8. RDS – Know how each RDS database differs from one another, and how they are different from Aurora. Determine what makes Aurora unique, and when it should be preferred from other databases (in terms of function, speed, cost, etc). Learn about parameter groups, option groups, and subnet groups.
  9. DynamoDB – Consider how DynamoDB compares to RDS, Elasticache and Redshift. This service is also commonly used for serverless applications along with Lambda.
  10. Elasticache – Familiarize yourself with Elasticache redis and its functions. Determine the areas/services where you can place a caching mechanism to improve data throughput, such as managing session state of an ELB, optimizing RDS instances, etc.
  11. SQS – Gather info on why SQS is helpful in decoupling systems. Study how messages in the queues are being managed (standard queues, FIFO queues, dead letter queues). Know the differences between SQS, SNS, SES, and Amazon MQ.
  12. SNS – Study the function of SNS and what services can be integrated with it. Also be familiar with the supported recipients of SNS notifications.
  13. IAM – Services such as IAM Users, Groups, Policies and Roles are the most important to learn. Study how IAM integrates with other services and how it secures your application through different policies. Also read on the best practices when using IAM.
  14. CloudWatch – Study how monitoring is done in AWS and what types of metrics are sent to CloudWatch. Also read upon CloudWatch Logs, CloudWatch Alarms, and the custom metrics made available with CloudWatch Agent.
  15. CloudTrail – Familiarize yourself with how CloudTrail works, and what kinds of logs it stores as compared to CloudWatch Logs.
  16. Config – Be familiar with the situations where AWS Config is useful.
  17. CloudFormation – Study how CloudFormation is used to automate infrastructure deployment. Learn the basic make up of a CloudFormation template, stack and stack set.

Some additional services we recommend to review:

  1. Trusted Advisor
  2. Systems Manager
  3. CodeDeploy
  4. CodePipeline
  5. CloudFront
  6. Cost and Billing Management Console
  7. OpsWorks
  8. Direct Connect

Validate Your Knowledge

Once you have finished your review and you are more than confident of your knowledge, test yourself with some practice exams available online. AWS offers a practice exam that you can try out at their portal. Tutorials Dojo also offers a top-notch set of AWS Certified SysOps Administrator Associate practice tests here. Together with their cheat sheets and this review guide, you can be confident that no question in the certification exam will catch you off guard.

AWS Certified SysOps Administrator Associate New

Sample Practice Test Questions:

Question 1

You are planning to host a public-facing web application in AWS which has a group of NGINX web servers and a MySQL database hosted in EC2. To secure your data and prevent security breach, you must ensure that the database server is not publicly accessible over the Internet. The NGINX web servers should be publicly accessible to handle the incoming IPv4 traffic from your clients around the globe. After setting up the architecture, you discovered that the web servers cannot access the Internet.

Which of the following can help you rectify this issue?

  1. Check if there is an Internet Gateway attached to your VPC, including an entry in your route table which has a subnet routed to an Internet gateway.
  2. Tutorials Dojo Study Guide and Cheatsheet
  3. Ensure that a NAT Gateway is properly attached to your VPC with the correct entry in your route table.
  4. Ensure that the NGINX web servers and database servers are deployed to private and public subnets respectively.
  5. Since you have to handle an incoming IPv4 traffic, you must ensure that an egress-only Internet gateway is properly attached to your VPC with the correct entry in the main route table.

Correct Answer: 1

An Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. It therefore imposes no availability risks or bandwidth constraints on your network traffic. An Internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses. An Internet gateway supports IPv4 and IPv6 traffic.

To enable access to or from the Internet for instances in a VPC subnet, you must do the following:

  • Attach an Internet gateway to your VPC.
  • Ensure that your subnet’s route table points to the Internet gateway.
  • Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address).
  • Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance.

Ensuring that a NAT gateway is properly attached to your VPC with the correct entry in your route table is incorrect since the NAT gateway is mainly used to allow the instances deployed on private subnets to connect to the Internet while blocking any incoming traffic which was initiated from the Internet.

Ensuring that the NGINX web servers and database servers are deployed to private and public subnets respectively is incorrect because it should be the other way around. You have to ensure that the NGINX web servers and database servers are deployed to PUBLIC and PRIVATE subnets respectively.

The option that says, “Since you have to handle an incoming IPv4 traffic, you must ensure that an egress-only Internet gateway is properly attached to your VPC with the correct entry in the main route table” is incorrect because an egress-only gateway simply works just like a NAT Instance but handles IPv6 traffic.


Check out this Amazon VPC Cheat Sheet:

Question 2

You are working as an IT Consultant for a large insurance company. Their accounting system is hosted in AWS, which consists mainly of On-Demand EC2 Instances with an Application Load Balancer in front to distribute the incoming load. The IT Security department needs to conduct a vulnerability analysis on these servers to ensure that the EC2 instances comply with the latest security standards.

In this scenario, which of the following options would you implement to satisfy this requirement?

  1. AWS Inspector
  2. AWS WAF
  3. AWS Snowball
  4. Amazon CloudFront

Correct Answer: 1

Amazon Inspector enables you to analyze the behavior of your AWS resources and helps you to identify potential security issues. Using Amazon Inspector, you can define a collection of AWS resources that you want to include in an assessment target. You can then create an assessment template and launch a security assessment run of this target.

AWS WAF is incorrect because AWS WAF is a firewall service to safeguard your VPC against DDoS, SQL Injection, and many other threats.

AWS Snowball is incorrect because Snowball is mainly used to transfer data from your on-premises network to AWS.

Amazon CloudFront is incorrect because CloudFront is used as a content distribution service.


Check out this Amazon Inspector Cheat Sheet:

Click here for more AWS Certified SysOps Administrator Associate practice exam questions.

It is best to get some rest before the day of your exam, and review any notes that you have written down. If you have done well in the practice tests, go over the questions where you made a mistake and understand why so. If you are not feeling so confident after trying the practice tests, you can just reschedule your exam and take your time preparing. The AWS SOA certification is one of the most sought after certifications in the SysOps Administration field. The exam will not be easy to pass, but it’ll be worth it when you do.

Check out our other AWS practice test courses here:Tutorials Dojo AWS Practice Tests


Additional Training Materials: High Quality Video Courses on Udemy

There are a few top rated AWS Certified SysOps Administrator Associate video courses on Udemy that you can check out as well, which can complement your exam preparations especially if you are the type of person who can learn better through visual courses instead of reading long whitepapers:

  1. AWS Certified SysOps Administrator – Associate 2019 by Ryan Kroonenburg and Faye Ellis
  2. Ultimate AWS Certified SysOps Administrator Associate 2019 by Stephane Maarek

Based on the feedback of thousands of our students in our practice test course, the combination of any of these video courses plus our practice tests were enough to pass the exam and even get a good score.