This is the continuation of my earlier post My road to AWS Certified Solution Architect, AWS Certified Security - Specialty Certification and now AWS SysOps exam.
YAY I cleared the exam! 🙂
WARNING: Some House Keeping task, before reading this blog
1: As everyone needs to sign NDA with AWS, I can’t tell you the exact question asked during the exam neither I have GB of memory, but I can give you the pointers what to expect in the exam.
2: As we all know AWS infrastructure updates everyday, so some of the stuff might not be relevant after a few days/weeks/months.
3: Please don’t ask for any exam dumps or question, that defeats the whole purpose of the exam.
- I highly recommend acloudguru course to everyone, this is specific to the exam and cover most of the topics
- My second recommendation is Linux Academy, Linux Academy covers goes into the depath of each topics.
- AWS Re: Invent Videos: I highly recommend going through these videos, as they will give you enough in-depth knowledge about each service.
- AWS Documentation: Best documentation ever provided by any service provider. Don’t miss the FAQ regarding each service (especially for CloudWatch, CloudFormation and Route53 ).
- My own blog 🙂
Once you are done with the above preparation, it’s a good time to gauge your knowledge, check the AWS provided sample question
Now coming back to the exam, the entire exam is divided into seven main topics.
Based on my experience, you must need to know these three services to clear this exam.
Surprise Package: Not much question related to RDS
Domain 1: Monitoring and Reporting
- Which metrics cloudwatch monitors by default
- Atleast have rough idea about CloudWatch monitoring dashboard, the way I memorize it(CDNS –> Content Delivery Network Status)
* C --> CPU * D --> Disk * N --> Network * S --> Status Check
- Learn this by heart memory and disk utilization is a custom metric(Don’t confuse with the above disk read and write, here AWS is asking about how much disk space consumed by VM) and how to configure it using cloudwatch agent to push custom metrics memory and disk utilziation to cloudwatch.
- How to create a billing alarm using CloudWatch
- Make sure you understand the difference between CloudTrail(API call) vs CloudWatch(Metrics) vs AWS Config(Audit).
- CloudTrail Log Validation, please check this and make sure you know how to enable it. You probably see a bunch of questions related to this topic
- AWS Organization (You will expect 2-3 question related to this topic)
Domain 2: High Availability
- How to encrypt existing RDS instance(make sure you understand there is no way you can encrypt existing DB eg:MySql , you need to take a snapshot and then create a copy and that copy you can be encrypted)
- Understand which services AWS take care of maintenance vs which service you need to take care of maintainence(eg: EC2)
* RDS * ElasticCache * RedShift * DynamoDB DAX * Neptune * Amazon DocumentDB
- How to troubleshoot AutoScaling Issues
- How to improve CloudFront Cache hit ratio
Domain 3: Deployment and Provisioning
- Understand different EC2 pricing model(in which case you use Spot vs Reserved vs On Demand)
- Understand the difference between stop/start(boots up in different hypervisor) the instance vs reboot(same hypervisor)
- ELB Error message(I got confused between multiple choices)
- Various use case of aws system manager especially for patching(I always refer this video to check the system manager concepts)
Domain 4: Storage and Data Management
- How S3 lifecycle policies works
- S3 Mfa delete
- S3 delete marker
- S3 Resource Policy
- Understand how KMS work just in basic sense
- Use of snowball(Whenever question asked about Terabyte/Petabyte of data to move to AWS and you have 100-150MB link, snowball is your best bet)
- Different type of storage gateways(file vs volume vs tape and in what is the use case of everyone)
Domain 5: Security and Compliance
- Under the AWS Shared Responsibility Model
- Understand how AWS WAF works
- Difference between AWS Shield vs GuardDuty
- Usage of Trusted Advisor
- Various AWS limits
- How AWS Inspector works
Domain 6: Networking
- AWS VPC(make sure you know this by heart, not for this exam but for all associate exam)
- Difference between Security Group and NACL
- Usage of NAT gateway and in which cases Black Hole is created
If you delete a NAT gateway, the NAT gateway routes remain in a blackhole status until you delete or update the routes
- Usgae of VPC flowlogs and how it works
- Some use cases of Route53(eg: How to use it with CloudFront and Load Balancer hint is Alias record)
Domain 7: Automation and Optimization
- This is one Domain which I lagged because I am not using much of the tool needed for this domain eg: CloudFormation, OpsWork and Elastic Bean Stalk
- CloudFormation Delete Stack
- One question related to OpsWork
- One question related to ElasticBean Stalk
- The key take away from this exam is, you can easily clear this exam if you know CloudWatch, CloudFormation and Load Balancer
- The last exam I wrote was the AWS Security Specialist Exam where a question was scenario-based and some of them are almost one page long, here most of the questions are too the point.
- So keep calm and write this exam and let me know in case if you have any questions.
Please join me with my journey by following any of the below links
- Website: http://100daysofdevops.com/
- Twitter: @100daysofdevops OR @lakhera2015
- Facebook: https://www.facebook.com/groups/795382630808645/
- Medium: https://medium.com/@devopslearning
- GitHub: https://github.com/100daysofdevops/100daysofdevops
- Slack: https://join.slack.com/t/100daysofdevops/shared_invite/enQtODQ4OTUxMTYxMzc5LTYxZjBkNGE3ZjE0OTE3OGFjMDUxZTBjNDZlMDVhNmIyZWNiZDhjMTM1YmI4MTkxZTQwNzcyMDE0YmYxYjMyMDM
- YouTube Channel: https://www.youtube.com/user/laprashant