AWS Certified SysOps Administrator - Associate (SOA-C03)

What you will practice:

Build an operations-first mental model of AWS responsibility boundaries, account structure, tagging, quotas, and lifecycle governance.

• Core operational mindset
• AWS Shared Responsibility Model (what AWS manages vs what the customer manages)
• Difference between design (architect) vs operate (CloudOps)
• Understanding Regions, Availability Zones, and edge locations from an ops perspective
• Service limits, quotas, and operational impact of hitting limits
• Account and environment structure
• Multi-account strategy (prod / non-prod / sandbox separation)
• Organizational units and centralized logging/security concepts
• Tagging strategy for operations:
• Environment
• Owner
• Cost center
• Application
• Resource lifecycle management (create → modify → decommission)
• Common exam scenarios
• “Who is responsible for patching X?”
• “Where should logs be centralized?”
• “How do you prevent accidental deletion or runaway spend?”

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice:

Design operational visibility using metrics, logs, events, dashboards, alarms, and health awareness for fast detection and diagnosis.

• CloudWatch fundamentals
• Metrics vs Logs vs Events (EventBridge)
• Default metrics vs custom metrics
• Log groups, log streams, retention policies
• Creating alarms on metrics (CPU, memory via agent, disk, network)
• Operational observability
• Dashboards for fleet visibility
• Composite alarms
• Metric math
• Anomaly detection
• Log management
• Centralized logging architecture
• Subscription filters and log streaming
• Retention vs archive design
• Event-driven operations
• EventBridge rules for automation
• Triggering remediation from events
• Health awareness
• AWS Personal Health Dashboard
• Service Health Dashboard
• Differentiating regional vs service-wide issues

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice:

Operate EC2 fleets with Auto Scaling, launch templates, load balancers, and safe rollout patterns such as instance refresh and blue/green.

• Amazon EC2 operations
• Instance lifecycle (pending, running, stopping, terminated)
• AMIs (golden images, versioning)
• Instance metadata and user data
• EBS root vs instance store
• Auto Scaling
• Launch templates
• Scaling policies:
• Target tracking
• Step scaling
• Scheduled scaling
• Health checks (EC2 vs ELB)
• Replacing unhealthy instances automatically
• Load balancing
• Application Load Balancer vs Network Load Balancer vs Classic (conceptual)
• Target groups
• Health checks and draining
• Operational patterns
• Blue/green replacement using Auto Scaling
• Rolling instance refresh
• Graceful shutdown handling

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice:

Run Multi-AZ and DR operations including backups, restore testing, runbooks, and RPO/RTO-driven recovery choices.

• Availability design (Ops view)
• Multi-AZ deployment patterns
• Fault isolation and blast-radius reduction
• Stateless vs stateful workload handling
• Backup strategies
• AWS Backup
• EBS snapshots
• RDS automated backups and snapshots
• File system backups
• DR models
• Backup & restore
• Pilot light
• Warm standby
• Active/active (conceptual)
• Recovery objectives
• RPO vs RTO interpretation
• Translating RPO/RTO into AWS services
• Operational DR
• Restore testing
• Runbooks
• Failover validation

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice:

Operate S3, EBS, and EFS with lifecycle controls, snapshots, replication, encryption, and performance tuning.

• Amazon S3
• Buckets, objects, prefixes
• Storage classes (Standard, IA, Glacier tiers)
• Lifecycle policies
• Versioning
• Object Lock (immutability)
• Replication (same-region / cross-region)
• Block storage
• EBS volume types
• Snapshots
• Resize operations
• Performance tuning
• File storage
• EFS access points
• Performance modes
• Data protection
• Encryption at rest and in transit
• Backup vs replication differences

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice:

Troubleshoot connectivity using VPC primitives, routing, gateways, SG/NACL behavior, DNS, and tools like Reachability Analyzer.

• VPC fundamentals
• Subnets (public vs private)
• Route tables
• Internet Gateway vs NAT Gateway
• Security Groups vs Network ACLs
• Connectivity
• VPC peering
• Site-to-Site VPN
• Client VPN
• Direct Connect (conceptual)
• Operational troubleshooting
• “Instance cannot reach internet” diagnosis:
• Route table
• IGW/NAT
• Security groups
• NACLs
• DNS resolution issues
• Reachability Analyzer usage

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice:

Automate provisioning and deployments using CloudFormation, drift detection, golden images, and Systems Manager operational tooling.

• Infrastructure as Code
• CloudFormation stacks
• Change sets
• Stack drift detection
• Deployment methods
• In-place vs immutable deployments
• Rolling updates
• Blue/green concepts
• Provisioning
• Launch templates
• Parameter Store usage
• Secrets injection at deploy time
• Automation tools
• AWS Systems Manager:
• Run Command
• Patch Manager
• Automation documents
• Session Manager
• Operational consistency
• Golden AMIs
• Configuration drift prevention

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice:

Operate IAM and security services including CloudTrail, GuardDuty, Security Hub, KMS, Config rules, and audit evidence collection.

• IAM operations
• Users, roles, policies
• Least privilege
• Instance roles vs access keys
• Temporary credentials
• Security monitoring
• CloudTrail
• GuardDuty
• Security Hub
• Inspector
• Encryption
• KMS keys
• Customer-managed vs AWS-managed keys
• Rotation strategy
• Compliance
• Config rules
• Audit logging
• Evidence collection
• Common exam scenarios
• “Which service detects anomalous API calls?”
• “How do you ensure only EC2 can access S3?”

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice:

Execute incident response from detection to post-mortem using logs, CloudTrail correlation, safe remediation, and rollback strategies.

• Incident lifecycle
• Detect
• Contain
• Eradicate
• Recover
• Post-mortem
• Root cause analysis
• Using CloudWatch + logs + CloudTrail
• Correlating metrics and events
• Operational tooling
• Systems Manager for access and remediation
• Snapshot before change
• Rollback strategies
• Typical troubleshooting topics
• High CPU / memory exhaustion
• Disk full
• Application unreachable
• Failed deployments
• Permission denied errors

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice:

Control cost and enforce governance using budgets, tagging, right-sizing, tiering, and automation for cleanup and idle detection.

• Cost visibility
• Cost Explorer
• Budgets and alerts
• Tag-based chargeback
• Optimization
• Rightsizing EC2
• Storage tiering
• Reserved Instances / Savings Plans (conceptual)
• Operational governance
• Resource cleanup
• Idle resource detection
• Scheduled shutdowns
• Best practices
• Automate cost controls
• Enforce tagging
• Monitor unused resources

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.