Introduction

The AWS Certified SysOps Administrator – Associate (SOA-C02) exam is intended for system administrators in a cloud operations role. The exam validates a candidate’s ability to deploy, manage, and operate workloads on AWS.

The exam also validates a candidate’s ability to complete the following tasks:
 Support and maintain AWS workloads according to the AWS Well-Architected Framework
 Perform operations by using the AWS Management Console and the AWS CLI
 Implement security controls to meet compliance requirements
 Monitor, log, and troubleshoot systems
 Apply networking concepts (for example, DNS, TCP/IP, firewalls)
 Implement architectural requirements (for example, high availability, performance, capacity)
 Perform business continuity and disaster recovery procedures
 Identify, classify, and remediate incidents

Target candidate description
The target candidate should have 1 year of experience with deployment, management, networking, and security on AWS.

Recommended general IT knowledge
The target candidate should have the following knowledge:
 1–2 years of experience as a systems administrator in an operations role
 Experience in monitoring, logging, and troubleshooting
 Knowledge of networking concepts (for example, DNS, TCP/IP, firewalls)
 Ability to implement architectural requirements (for example, high availability, performance, capacity)

Recommended AWS knowledge
The target candidate should have the following knowledge:
 Minimum of 1 year of hands-on experience with AWS technology
 Experience in deploying, managing, and operating workloads on AWS
 Understanding of the AWS Well-Architected Framework
 Hands-on experience with the AWS Management Console and the AWS CLI
 Understanding of AWS networking and security services
 Hands-on experience in implementing security controls and compliance requirements

What is considered out of scope for the target candidate?
The following is a non-exhaustive list of related job tasks that the target candidate is not expected to be able to perform. These items are considered out of scope for the exam:
 Design distributed architectures
 Design continuous integration and continuous delivery (CI/CD) pipelines
 Design hybrid and multi-VPC networking
 Develop software
 Define security, compliance, and governance requirements

Exam content
Response types
There are three types of questions on the exam:
 Multiple choice: Has one correct response and three incorrect responses
 Multiple response: Has two or more correct responses out of five or more response options

- Multiple choice and multiple response: Select one or more responses that best complete the statement or answer the question.

Distractors, or incorrect answers, are response options that a candidate with incomplete knowledge or skill might choose. Distractors are generally plausible responses that match the content area.

All multiple-choice and multiple-response questions will appear at the start of the exam in one section. The end of this section will include a review screen, where you can return to any of the multiple-choice and multiple-response questions. This will be the last opportunity to answer the questions or change any answer selections.

Unscored content
The exam includes 15 unscored questions that do not affect your score. AWS collects information about candidate performance on these unscored questions to evaluate these questions for future use as scored questions. These unscored questions are not identified on the exam.

Exam results
The AWS Certified SysOps Administrator – Associate (SOA-C02) exam is a pass or fail exam. The exam is scored against a minimum standard established by AWS professionals who follow certification industry best practices and guidelines.

Your results for the exam are reported as a scaled score of 100–1,000.

The minimum passing score is 720.
Your score shows how you performed on the exam as a whole and whether or not you passed.
Scaled scoring models help equate scores across multiple exam forms that might have slightly different difficulty levels. Your score report may contain a table of classifications of your performance at each section level.

This information is intended to provide general feedback about your exam performance.
The exam uses a compensatory scoring model, which means that you do not need to achieve a passing score in each section. You need to pass only the overall exam. Each section of the exam has a specific weighting, so some sections have more questions than other sections have. The table contains general information that highlights your strengths and weaknesses. Use caution when interpreting section-level feedback.

Content outline
This exam guide includes weightings, test domains, and objectives for the exam. It is not a comprehensive listing of the content on the exam. However, additional context for each of the objectives is available to help guide your preparation for the exam. The following table lists the main content domains and their weightings. The table precedes the complete exam content outline, which includes the additional context. The percentage in each domain represents only scored content.

Domain 1: Monitoring, Logging, and Remediation
1.1 Implement metrics, alarms, and filters by using AWS monitoring and logging services
 Identify, collect, analyze, and export logs (for example, Amazon CloudWatch Logs, CloudWatch Logs Insights, AWS CloudTrail logs)
 Collect metrics and logs using the CloudWatch agent
 Create CloudWatch alarms
 Create metric filters
 Create CloudWatch dashboards
 Configure notifications (for example, Amazon Simple Notification Service [Amazon SNS], Service Quotas, CloudWatch alarms, AWS Health events)

1.2 Remediate issues based on monitoring and availability metrics
 Troubleshoot or take corrective actions based on notifications and alarms
 Configure Amazon EventBridge rules to trigger actions
 Use AWS Systems Manager Automation documents to take action based on AWS Config rules

Domain 2: Reliability and Business Continuity
2.1 Implement scalability and elasticity
 Create and maintain AWS Auto Scaling plans
 Implement caching
 Implement Amazon RDS replicas and Amazon Aurora Replicas
 Implement loosely coupled architectures
 Differentiate between horizontal scaling and vertical scaling

2.2 Implement high availability and resilient environments
 Configure Elastic Load Balancer and Amazon Route 53 health checks
 Differentiate between the use of a single Availability Zone and Multi-AZ deployments (for example, Amazon EC2 Auto Scaling groups, Elastic Load Balancing, Amazon FSx, Amazon RDS)
 Implement fault-tolerant workloads (for example, Amazon Elastic File System [Amazon EFS], Elastic IP addresses)
 Implement Route 53 routing policies (for example, failover, weighted, latency based)

2.3 Implement backup and restore strategies
 Automate snapshots and backups based on use cases (for example, RDS snapshots, AWS Backup, RTO and RPO, Amazon Data Lifecycle Manager, retention policy)
 Restore databases (for example, point-in-time restore, promote read replica)
 Implement versioning and lifecycle rules
 Configure Amazon S3 Cross-Region Replication
 Execute disaster recovery procedures

Domain 3: Deployment, Provisioning, and Automation
3.1 Provision and maintain cloud resources
 Create and manage AMIs (for example, EC2 Image Builder)
 Create, manage, and troubleshoot AWS CloudFormation
 Provision resources across multiple AWS Regions and accounts (for example, AWS Resource Access Manager, CloudFormation StackSets, IAM cross-account roles)
 Select deployment scenarios and services (for example, blue/green, rolling, canary)
 Identify and remediate deployment issues (for example, service quotas, subnet sizing, CloudFormation and AWS OpsWorks errors, permissions)

3.2 Automate manual or repeatable processes
 Use AWS services (for example, OpsWorks, Systems Manager, CloudFormation) to automate deployment processes
 Implement automated patch management
 Schedule automated tasks by using AWS services (for example, EventBridge, AWS Config)

Domain 4: Security and Compliance
4.1 Implement and manage security and compliance policies
 Implement IAM features (for example, password policies, MFA, roles, SAML, federated identity, resource policies, policy conditions)
 Troubleshoot and audit access issues by using AWS services (for example, CloudTrail, IAM Access Analyzer, IAM policy simulator)
 Validate service control policies and permissions boundaries
 Review AWS Trusted Advisor security checks
 Validate AWS Region and service selections based on compliance requirements
 Implement secure multi-account strategies (for example, AWS Control Tower, AWS Organizations)

4.2 Implement data and infrastructure protection strategies
 Enforce a data classification scheme
 Create, manage, and protect encryption keys
 Implement encryption at rest (for example, AWS Key Management Service [AWS KMS])
 Implement encryption in transit (for example, AWS Certificate Manager, VPN)
 Securely store secrets by using AWS services (for example, AWS Secrets Manager, Systems Manager Parameter Store)
 Review reports or findings (for example, AWS Security Hub, Amazon GuardDuty, AWS Config, Amazon Inspector)

Domain 5: Networking and Content Delivery
5.1 Implement networking features and connectivity
 Configure a VPC (for example, subnets, route tables, network ACLs, security groups, NAT gateway, internet gateway)
 Configure private connectivity (for example, Systems Manager Session Manager, VPC endpoints, VPC peering, VPN)
 Configure AWS network protection services (for example, AWS WAF, AWS Shield)

5.2 Configure domains, DNS services, and content delivery
 Configure Route 53 hosted zones and records
 Implement Route 53 routing policies (for example, geolocation, geoproximity)
 Configure DNS (for example, Route 53 Resolver)
 Configure Amazon CloudFront and S3 origin access identity (OAI)
 Configure S3 static website hosting

5.3 Troubleshoot network connectivity issues
 Interpret VPC configurations (for example, subnets, route tables, network ACLs, security groups)
 Collect and interpret logs (for example, VPC Flow Logs, Elastic Load Balancer access logs, AWS WAF web ACL logs, CloudFront logs)
 Identify and remediate CloudFront caching issues
 Troubleshoot hybrid and private connectivity issues

Domain 6: Cost and Performance Optimization
6.1 Implement cost optimization strategies
 Implement cost allocation tags
 Identify and remediate underutilized or unused resources by using AWS services and tools (for example, Trusted Advisor, AWS Compute Optimizer, Cost Explorer)
 Configure AWS Budgets and billing alarms
 Assess resource usage patterns to qualify workloads for EC2 Spot Instances
 Identify opportunities to use managed services (for example, Amazon RDS, AWS Fargate, EFS)

6.2 Implement performance optimization strategies
 Recommend compute resources based on performance metrics
 Monitor Amazon EBS metrics and modify configuration to increase performance efficiency
 Implement S3 performance features (for example, S3 Transfer Acceleration, multipart uploads)
 Monitor RDS metrics and modify the configuration to increase performance efficiency (for example, Performance Insights, RDS Proxy)
 Enable enhanced EC2 capabilities (for example, enhanced network adapter, instance store, placement groups)

Disclaimers:

• Numnore Courses Practice Tests are not related to, affiliated with, endorsed or authorized by Amazon.

• Trademarks, Certification & Product names are used for reference only and belong to Amazon.