Amazon Web Services (AWS) have just announced that the new version of the AWS Certified SysOps Administrator Associate certification, the SOA-C02 version of the exam, will include exam labs. This is the first time AWS has implemented a hands-on aspect to their testing in addition to multiple-choice questions.
- AWS Exam Labs will be included in the SOA-C02 version of the AWS Certified SysOps Administrator Associate exam.
- AWS Exam Labs will NOT be added to the current SOA-C01 version of the exam.
- The beta for SOA-C02 starts in early 2021.
- During the beta phase both the SOA-C01 and SOA-C02 versions will be available (you get to choose if you want to participate in the beta).
- It could be several months before the SOA-C01 is retired and you are forced to take the SOA-C02.
- The questions in the current exam (SOA-C01) are UNCHANGED and you can keep on studying with our videos and practice tests (here at Digital Cloud Training, we’ll make updates well before the cutover)
Click the image above to watch Neal’s video on the latest SOA-C02 updates from our youtube channel
So what are AWS exam labs?
AWS Exam Labs are simply a series of tasks that you must complete in the AWS management console or by using the AWS Command Line Interface (CLI) as part of your exam. In the AWS Certified SysOps Administrator Associate sample exam questions document, AWS list the following example exam lab scenario:
Question: A company is deploying a new web application. Configure a highly available MySQL 8.0 database with the following:
- Create a custom DB parameter group and set the event_scheduler parameter to true and use this parameter during DB instance creation.
- Create a custom AWS Key Management Service (AWS KMS) key and use this key during DB instance creation.
- Create a VPC security group that allows TCP port 3306 from the CIDR block 192.168.1.0/24. Use this security group during DB instance creation.
- Launch the Amazon RDS DB instance.
- After launch, take a manual RDS DB snapshot.
- Lastly, you must supply the ARN of the snapshot.
In the SOA-C02 exam guide, AWS state that with exam labs you must complete the required tasks for a given scenario in the AWS Management Console or AWS CLI in the provided AWS account.
They also state the following: “When you begin your exam, you will be notified of the number of questions in the multiple-choice and multiple response section, and the number of exam labs in the exam lab section. You will also see the percentage of your score that will be determined by your work in the exam labs. Plan to leave 20 minutes to complete each exam lab.”
This adds another element of difficulty to the exam and is an even stronger reason why solid hands-on practice or experience is required to pass this challenging certification. If you don’t have industry experience with AWS – make sure you’re studying courses that give you this hands-on practice!
What else is changing in the AWS Certified SysOps Administrator Associate SOA-C02?
There are now 6 domains in the SOA-C02 exam rather than 7 domains and the respective weightings are also slightly modified. You can see the old vs new exam in the table below
For the first time in any exam guide, for the domain objectives, AWS are listing the specific services and features they are going to be testing. This gives a good degree of granularity about what will be on the exam. I’ll provide the full details below (and they can also be found in the AWS exam guide), but in short, here are some of the most notable changes / additions to the objectives:
- Amazon FSx
- AWS Control Tower
- AWS Compute Optimizer
- RDS Proxy
- AWS Fargate
- AWS Resource Access Manager
Outside of the above services/features most of what is going to be tested on the new exam appears to be fairly well aligned to the current exam with some minor tweaks here and there. The full list of exam objectives broken out by exam domain are listed below:
SOA-C02 Exam Objectives
Domain 1: Monitoring, Logging, and Remediation
1.1 Implement metrics, alarms, and filters by using AWS monitoring and logging services
- Identify, collect, analyze, and export logs (for example, Amazon CloudWatch Logs, CloudWatch Logs Insights, AWS CloudTrail logs)
- Collect metrics and logs using the CloudWatch agent
- Create CloudWatch alarms
- Create metric filters
- Create CloudWatch dashboards
- Configure notifications (for example, Amazon Simple Notification Service [Amazon SNS], Service Quotas, CloudWatch alarms, AWS Health events)
1.2 Remediate issues based on monitoring and availability metrics
- Troubleshoot or take corrective actions based on notifications and alarms
- Configure Amazon EventBridge rules to trigger actions
- Use AWS Systems Manager Automation documents to take action based on AWS Config rules
Domain 2: Reliability and Business Continuity
2.1 Implement scalability and elasticity
- Create and maintain AWS Auto Scaling plans
- Implement caching
- Implement Amazon RDS replicas and Amazon Aurora Replicas
- Implement loosely coupled architectures
- Differentiate between horizontal scaling and vertical scaling
2.2 Implement high availability and resilient environments
- Configure Elastic Load Balancer and Amazon Route 53 health checks
- Differentiate between the use of a single Availability Zone and Multi-AZ deployments (for example, Amazon EC2 Auto Scaling groups, Elastic Load Balancing, Amazon FSx, Amazon RDS)
- Implement fault-tolerant workloads (for example, Amazon Elastic File System [Amazon EFS], Elastic IP addresses)
- Implement Route 53 routing policies (for example, failover, weighted, latency based)
2.3 Implement backup and restore strategies
- Automate snapshots and backups based on use cases (for example, RDS snapshots, AWS Backup, RTO and RPO, Amazon Data Lifecycle Manager, retention policy)
- Restore databases (for example, point-in-time restore, promote read replica)
- Implement versioning and lifecycle rules
- Configure Amazon S3 Cross-Region Replication
- Execute disaster recovery procedures
Domain 3: Deployment, Provisioning, and Automation
3.1 Provision and maintain cloud resources
- Create and manage AMIs (for example, EC2 Image Builder)
- Create, manage, and troubleshoot AWS CloudFormation
- Provision resources across multiple AWS Regions and accounts (for example, AWS Resource Access Manager, CloudFormation StackSets, IAM cross-account roles)
- Select deployment scenarios and services (for example, blue/green, rolling, canary)
- Identify and remediate deployment issues (for example, service quotas, subnet sizing,
- CloudFormation and AWS OpsWorks errors, permissions)
3.2 Automate manual or repeatable processes
- Use AWS services (for example, OpsWorks, Systems Manager, CloudFormation) to automate deployment processes
- Implement automated patch management
- Schedule automated tasks by using AWS services (for example, EventBridge, AWS Config)
Domain 4: Security and Compliance
4.1 Implement and manage security and compliance policies
- Implement IAM features (for example, password policies, MFA, roles, SAML, federated identity, resource policies, policy conditions)
- Troubleshoot and audit access issues by using AWS services (for example, CloudTrail, IAM Access Analyzer, IAM policy simulator)
- Validate service control policies and permission boundaries
- Review AWS Trusted Advisor security checks
- Validate AWS Region and service selections based on compliance requirements
- Implement secure multi-account strategies (for example, AWS Control Tower, AWS Organizations)
4.2 Implement data and infrastructure protection strategies
- Enforce a data classification scheme
- Create, manage, and protect encryption keys
- Implement encryption at rest (for example, AWS Key Management Service [AWS KMS])
- Implement encryption in transit (for example, AWS Certificate Manager, VPN)
- Securely store secrets by using AWS services (for example, AWS Secrets Manager, Systems Manager Parameter Store)
- Review reports or findings (for example, AWS Security Hub, Amazon GuardDuty, AWS Config, Amazon Inspector)
Domain 5: Networking and Content Delivery
5.1 Implement networking features and connectivity
- Configure a VPC (for example, subnets, route tables, network ACLs, security groups, NAT gateway, internet gateway)
- Configure private connectivity (for example, Systems Manager Session Manager, VPC endpoints, VPC peering, VPN)
- Configure AWS network protection services (for example, AWS WAF, AWS Shield)
5.2 Configure domains, DNS services, and content delivery
- Configure Route 53 hosted zones and records
- Implement Route 53 routing policies (for example, geolocation, geoproximity)
- Configure DNS (for example, Route 53 Resolver)
- Configure Amazon CloudFront and S3 origin access identity (OAI)
- Configure S3 static website hosting
5.3 Troubleshoot network connectivity issues
- Interpret VPC configurations (for example, subnets, route tables, network ACLs, security groups)
- Collect and interpret logs (for example, VPC Flow Logs, Elastic Load Balancer access logs, AWS WAF web ACL logs, CloudFront logs)
- Identify and remediate CloudFront caching issues
- Troubleshoot hybrid and private connectivity issues
Domain 6: Cost and Performance Optimization
6.1 Implement cost optimization strategies
- Implement cost allocation tags
- Identify and remediate underutilized or unused resources by using AWS services and tools (for example, Trusted Advisor, AWS Compute Optimizer, Cost Explorer)
- Configure AWS Budgets and billing alarms
- Assess resource usage patterns to qualify workloads for EC2 Spot Instances
- Identify opportunities to use managed services (for example, Amazon RDS, AWS Fargate, EFS)
6.2 Implement performance optimization strategies
- Recommend compute resources based on performance metrics
- Monitor Amazon EBS metrics and modify configuration to increase performance efficiency
- Implement S3 performance features (for example, S3 Transfer Acceleration, multipart uploads)
- Monitor RDS metrics and modify the configuration to increase performance efficiency (for example, performance insights, RDS Proxy)
- Enable enhanced EC2 capabilities (for example, enhanced network adapter, instance store, placement groups)
Preparing for AWS Exam Labs and SOA-C01 and SOA-C02
So, what’s the best way to prepare for the SOA-C01 and SOA-C02 exams? For now, you don’t need to worry too much about the SOA-C02 as the beta is not yet released and when it is (early 2021) it will likely be at least a couple to a few months from that point before the SOA-C01 exam is actually retired. For now, you can just get on with studying using the same resources. We very recently released our hands-on video course and practice test course for the SOA-C01 so it’s the most up-to-date course available.
We’ll be adding to the courses once we know exactly what types of questions will be coming up in the new exam.
What about the AWS Exam Labs?
Only the SOA-C02 exam has exam labs, they will not appear on the SOA-C01 exam. This does show a direction from AWS to incorporate real-world practical scenarios into their testing. This is a good thing as AWS want to ensure students aren’t memorizing answers from dumps or just gaining theoretical knowledge that they can’t apply in the real world. It’s really important to get hands-on practice with AWS if you’re going to work in the industry and also to get certified.
Whatever resources you use to study – make sure that they include lots of guided hands-on lab exercises. And rest assured, once we have a good idea of the type of exam lab scenarios that are coming up, we’ll be releasing new videos to teach you the exact procedures you need to know!!
Get in touch with us here