Preparing for the AWS SysOps Exam 2019

Introduction

I had held the AWS Associate Architect Certification and wanted to continue to test my learning by pursuing the AWS SysOps Certificate. I found the SysOps exam to be the harder than the Associate Architect exam.

Overview of Exam

The exam is 130 minutes, 65 questions.

Exam Preparation

It took me roughly 6 months to prepare for the certification. A majority of this time spent was reading through the AWS Certified SysOps Administrator Official Study Guide. The book is slightly dated since it came out in 2017, but roughly ~80% of the material is still relevant. The most helpful sections in the book are the practice questions that come at the end of each chapter.

https://www.amazon.com/Certified-SysOps-Administrator-Official-Study/dp/1119377420

The exam guide on the website is helpful in understanding the overall format and weighting of each section.
https://d1.awsstatic.com/training-and-certification/docs-sysops-associate/AWS_Certified_SysOps_Associate-Exam_Guide_EN_1.4.pdf

The sample questions provided by Amazon are helpful in getting a feel for the test. Furthermore, you can pay $20 to get a mock exam that will get a good feel of the exam interface along with more sample questions. Prior to taking the mock exam, I recommend getting pencil and paper because unfortunately you are only given a final score without feedback.

I also recommend going through the free training provided. The video is only 90 minutes but covers a lot of ground and goes through some additional sample questions.
https://www.aws.training/learningobject/video?id=27486

Guidelines

Day of the exam
Make sure you get plenty of rest and remember to bring the proper ID.
Protip: You can use the keys 1, 2, 3, 4, 5 to select the appropriate answer then Tab and Enter to submit.

Topics to study for the SysOps exam

Domain 1: Monitoring and Reporting 22%
Cost explorer

AWS Budgets allows to set alerts once you approach or exceed budget

Personal Health Dashboard
Cloudwatch metrics (What are the 6 metrics?)
Cloudwatch metrics, total error rate used to troubleshoot 4xx and 5xx.

How to monitor for memory usage within an EC2 (Hint: Requires a custom metric)

Domain 2: High Availability 8%
Difference between Read Replica vs Multi-AZ in RDS

Domain 3: Deployment and Provisioning 14%
Stack Policy's - Assign a stack policy to prevent updates to stack resources.
Stack changes
Enable termination protection to prevent users from deleting the stack from the AWS CloudFormation console or AWS Command Line Interface (AWS CLI).
https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-accidental-updates/
- Set the DeletionPolicy attribute to prevent the deletion of an individual resource at the stack level.

Domain 4: Storage and Data Management 12%
AWS EBS Elastic Volumes can expand a volume

Bucket policies
Elastic File Shares, EFS can be Multi-AZ

Elastic cache 

AWS Auora
S3
- principal can be a user or role
- Origin Access Identity

Domain 5: Security and Compliance 18%
KMS events recorded by cloudtrail
AWS Config - typically used for governance
AWS WAF
AWS Identity and Access Management (IAM) policies to restrict the ability of users to delete or update a stack and its resources.

VPC Endpoints Communicating with AWS services outside VPC without going over internet. 

Domain 6: Networking 14%
Direct connect

Internet Gateways
NAT Gateway
Egress Only Internet Gateway
Customer Gateway 

Vpc route
Dual Stack mode
Customer Gateway - If behind NAT must use publically routable IP address

Domain 7: Automation and Optimization
AWS Cache Hit Ratio - Only forward required cookies, headers, queryStep up auto scale

Autoscaling
- Troubleshooting
- Scaling
- Does autoscale work across regions or only within a region?