Today I sat the brand new AWS SysOps Administrator Associate exam (SOA-C02). I think I had the first time slot available in the world - 10am on Tuesday morning (Australia Time). I’m creating a brand new course which is specifically designed to pass this exam at https://learn.cantrill.io so I wanted to do a little recon and make sure that the topics I’m covering are aligned with the exam.
You can find my detailed thoughts below, but at a high level
- It’s a great exam
- It has some good labs, which test real skills, it’s going to be harder to fake pass from now on
- The presentation of labs needs real work, I had functional problems which I’ve detailed below
(Full disclosure, I create AWS courses at https://learn.cantrill.io which are focussed on teaching real in-depth theory and practical skills, rather than solely concentrating on exams)
My course based on what I saw is spot on, there are a few topics I might add for completion, but otherwise I think students are going to be running a 100% pass rate with it as is. I think anyone can take and pass this exam with what’s in my course right now.
Testing Vendor Experience
I sat the exam with Pearson Vue, and it was set to start at 10am with a check-in time of 9.30am. I’d already ran the system checks a few days before, and was sitting the exam on a Macbook Pro (Intel), in a small separate room I had cleared especially.
I first had to checkin and perform the system check again. Initially it failed because it couldn’t ‘hear’ any sound from my internal microphone. It felt a bit silly saying
test test 1 2 3 4 while the check was running ….but nobody will ever know how stupid I sounded.
Next I had to use my mobile phone to scan my ID.
Logically, I’d switched my phone off and put it out of arms reach, so after a minute or so I was good to go, IDs and things scanned.
Then, i had to take four pictures :-
- Direct at my desk - from the front
- Back of my desk - it’s against a wall so… eek
- Pointing right - from the left of my room
- Pointing left - from the right of my room
Once done, the person observing me wanted me to pan my laptop camera around the room for a last minute check and unplug my external screen.
A few times during the test I was touching my face and received a chat message requesting i stop. But honestly, that was fair enough.
Overall from a vendor perspective … 8/10 - no major issues.
Exam Structure - PART1
The exam itself was
55 questions long, and the question quality was good. There was one which I felt was lacking the correct information to decide on the right answer. Given the job I do, I can normally spot these a mile away and I still think it’s a QA issue. It’s a BETA though, so the odd question can be forgiven.
After the 55 questions, i was prompted to review the questions. Anything I flagged were highlighted and once happy I could move on to the next part… warning here, you can’t return back to the questions section of the exam once you move on.
Exam Structure - PART2
The second part of the exam was the labs, and I had been looking forward to this a LOT. I had a total of three labs, and the exam recommended 20 minutes for each. I think the remaining time allocated was for all of the labs, they weren’t individually timed, but obviously you have to keep track of them.
The process for each lab was simple enough. You are greeted with a sub area of the testing screen, which was a windows desktop. Click to log in, and the AWS console loads. On the right hand side, you are given a scenario .. create X Y Z, or implement 1 2 and 3. Use these names, make sure it works in this way.
You have to follow instructions, implement the task and then click next and you move on. Once you’ve moved on thats it for LAB1. You do the same process for LAB2 and LAB3.
The topics were actually really good:-
- Use AWS config to ensure something is set to on.
- Setup a scalable application - VPC, LT, ASG, ALB, Security, Networking etc….
- Configure some data buckets with logging - as per a set of requirements.
Overall, i think each can be done in 15-20 minutes, assuming 1) everything works and 2) you want to be careful and double check your work.
BUT .. I had issues.
Issue 1 - The UI
When working with the AWS console, I couldn’t see the
FINISH buttons. They were off the bottom of the window (which was maximised). I tried scrolling down, it didn’t work. I tried changing zoom it didn’t work. Imagine that the testing software is full screen on your laptop, the windows session is a subset of that (say 75%), but the desktop of that windows session is larger than the size in the test software. You have scrollbars on the windows session, and scroll bars in the apps on windows.
The way i had to fix this:-
- change the browser window away from maximised
- Then it went full white.
- Then I extended the width
- Then i could scroll up and down and click buttons.
3/10 for this .. it was horrible, distracting and since I didn’t know in advance the initial lab took ages.
Issue 2 - COPY and PASTE…. or not.
Copy and paste didn’t work from the exam software into the windows desktop. Out of 10 times, maybe 1 worked. There was a notice saying if copy and paste didn’t work, check a file on the desktop. This file had the same instructions inside, obviously to copy and paste from - but that didn’t work either. I had to manually type some REALLY long strings
- Security Group Names
- ARNs of things
- Bucket names (randomised)
- Role names, Rule names etc
1/10 for this, a really, really, really bad experience. Anyone who knows me knows I’m pretty OCD about detail. I was triple checking everything, but it was really bad.
Issue 3 - Completing a LAB was hard … not implementing it, completing it.
When I finished a LAB, I received a really odd message.
**You haven’t watched all the multimedia for this content …….` **
It took me 2-3 minutes to work out that it wanted me to scroll to all extremes of the windows desktop session … U, D, L, R .. and then it would let me finish.
This one could have really screwed with people .. another 1/10.
**The labs were great technically, you can’t beat the exam anymore via memorisation, but the implementation needs work 8/10 **
Obviously I want to be really careful here re. NDA. What I will do is give a list of things I think you should know - without revealing anything about question content.
- Be really familiar with all the DNS Record types, and when and where you can use them. APEX vs NONAPEX.
- Be really familiar with all of the R53 routing types … failover, weighted, geolocation
- CloudFront Security - private, public, signed URL/Cookie, OAI, restricting direct S3 Access
- Pre-signed URLs with S3 … know them INSIDE OUT (REALLY… EVERYTHING)
- Encryption at rest options for all storage platforms within AWS
- For the above, which can be only enabled at creation and what can be adjusted afterwards.
- EFS Architecture, availability and latency
- Logging .. Know the format of VPC flow logs,Cloudtrail, S3 Logs, CloudFront and ALB Logs
- Re. the above - know what is contained in each, network, metadata, contents, Layer 7 stuff
- be able to understand flow logs, interpret them.
- Understand how having NACL and SG in place at the same time can influence what’s shown in logs.
- Diagnose why an EC2 instance isn’t reachable - IP, Routing, Security
- HA using ASG - how many AZ/Subnets and how many instances, what Desired, Max and Min values to use.
- Spot Fleets - features, architectures and how they work with on-demand instances
- VPC restricted S3 Buckets - how, what endpoints, how to secure, policies - which and where
- Restricting bucket to an endpoint
- Configuring routing for gateway endpoints
- How to restrict or allow a bucket to an entire ORG.
- Protecting buckets .. objects and buckets from deletion
- How to diagnose and fix a failed service on EC2
- Developer environments, ensuring identical environments, how to allow start by developers and how to orchestrate termination.
- CloudFormation template structure
- Cross Stack References vs Nested
- EBS Storage performance and how to improve
- EFS Storage performance and how to improve
- Be able to diagnose why EC2 storage performance is slow on instance store, EBS or EFS and how to fix
- Understand the Architecture, HA and Migration for elastic search
- Templates which work in a region are now failing, why - understand what is limited to regions in a CFN template and how to change templates to be portable.
- For any given situation with known or unknown traffic patterns, regular or random load - know which ASG and Scaling policy to use.
- What information from EC2 needs a CWAgent vs what works as standard.
- How to control state on instances with below certain CPU
- Viewing costs of various groups of users, what products and features to use
- Network Ports - well known and ephemeral. You REALLY need to understand this. On a NACL, which rules need well known and which need ephemeral and which direction.
- How service quotas impact things, what error messages, how to resolve
- S3 Bucket Features - versioning, default encryption, lifecycle policies, Storage classes - know these all REALLY REALLY well.
- Automated reaction to ALB errors and lambda errors
- RTO and RPO … on various AWS services
- For any given IAM Policy, be able to interpret and answer which of the answers is true or false.
- DDOS protection, configurable, rate limits, Shield & WAF
- Cross Account Access
- Access for people with no AWS account
- Directory Service, SSO and how to link with existing on premises platforms.
Main Product Coverage - Learn These
- Storage gateway
- Api Gateway
- AWS Orgs
- Auto Scaling
- Cloud Trail
- Directory Service
- WAF & Shield
- Cost Explorer
- Step Functions
- EventBridge (CloudWatch Events)
A few last words…
1 — I’m here to help, so if you have any questions please just ask, or join my slack community at https://techstudyslack.com or ask in comments
2 — Be really cautious of any existing courses being renamed quickly to ‘SOA-C02 Compatible’ this looks to be a major change, requiring real learning, not facts and figures, you should treat it that way.
3 — Demos, Demos, Demos — the new cert style focusses on testing real world skills. Make sure you are constantly practicing your implementation, fault-finding, performance and security skills. Trust me, a theory only course isn’t enough.
4 — I’ll be posting more info and suggestions as I learn more.
5 - If you want a course for this one, mine is almost done 90%+, but it would have passed todays exam already https://learn.cantrill.io/p/aws-certified-sysops-administrator-associate
Please follow me for updates, and share this post anywhere you think might benefit :)