AWS Certified SysOps Administrator – Associate – Issues / Difficulties With The Test Questions
This blog is mostly for my own benefit as a study reference, it does NOT contain actual questions that were on the test… but I do talk about test subject matter… speaking of subject matter… it stuck pretty much to the test “blue print”.
Yep, like every one says, it is harder than I thought it would be. I missed passing by one or at most two more right answers (see details below).
Lots of multiple choice – usually just select one but, there we always at least two possibilities that we either right or looked that way and one option was just more “right” than another – at least in the test authors mind.
Here what threw me. A few very simple things that I just don’t do in my day to day job and didn’t study in depth, and then a few more not so simple.
How to confirm that your S3 operation succeeded programatically API or CLI. That would be an HTTP return code of 200 for success. Messages in the 300 range are redirect messages. 400 range is client errors, 500 is server side errors.
After launching an instance – how to change that instance to dedicated. Well one option – to preserve the stack on the instance – is to stop the instance, and create a new AMI, then when you launch choose dedicated tenancy.
How do you troubleshoot impaired EC2 i.e. status shows “impaired” stop and restart? or reboot? I’m guessing the correct answer is likely stop and start – if it is a system status check error and may move the instance to another server if there are hardware issues with the current one. If it is a Instance Status check error, a reboot may be the right answer, as it makes some logs available and is less intrusive than a stop/start – not as much changes with your EC2 on a reboot vs stop/start.
Note: cloudguru says something like this: If it is a problem the “System Status Check” (physical host) stop and start the instance. Stop and start will likely bring the VM up on another physical host if AWS has recognized the hardware / System Host problem. Else if it is a problem with the “Instance Status Check” then reboot. I cannot remember if the “impaired” question referred to “System”, “Instance” or neither…
Moving a non-root ec2/ebs volume from one availability zone to another – Stop the instance – if at all possible – take a snapshot – create a new volume in the 2nd AV… there is a drop down inthe console that allows AV selection when creating a new unattached volume. Volumes can only be attached to EC2 instances in the same AV as the volume.
How to collect Windows disk IO metrics for Cloudwatch… problem is AWS just released a new unified agent… but I think the test wanted Window 2012 and the old way which uses something like the EC2ServiceManager and SSM need to understand both methods.
Hard to tell what versions what of what they wanted as things are changing fast.
Couple of fairly complex ELB questions and Route 53… where they mixed 53 and ELB choices / answers to fool you…
One thing obvious that will get you a point or two related to ELB and DNS – an Elastic Load Balancer NEVER has an IP4 address – it is always resolved with a DNS name. So there is NEVER a public IP for an ELB. There is almost certainly a question on this.
Struggled with a fairly detailed question that would require a fairly in-depth understanding of all three deployment tools ( CloudFormation, OpsWorks, Elastic Beanstalk). Going to have to know those 3 + CodePipeline (yes DevOps stuff) in more depth than I would have liked – I was hoping to just learn CloudFormation but it’s dawning on me that the hierarchy from easy to hard is:
- Elastic Beanstalk
- Code Pipeline
And that you probably could justify learning all four as they may have their distinct advantages / use cases. I noticed that at least Beanstalk is built with CloudFormation and maybe OpsWorks too. Going to have to bite the bullet and learn all three – darn… problem is once you bite the CodePipeline bullet then you gotta do all the Code… bull stack ;0
I scored low on the security section – but it was hard to tell what the security questions were because they were not simple IAM user, group, role, policy questions. If I didn’t already say it, I need to bone up on writing policies… BTW there is a policy generator and a policy simulator out there… but I get the feeling that these beasts just take a lot of experience…
Bottom line is I missed passing the test by ONE question… if I had to chalk the set back on to one thing I didn’t do – it was the exercises / labs. I relied to much on reading, youtubes, and practice tests. Again bone up on Windows EC2, and AD integration. Of course even if you do all the exercises your probably not going to see an “impaired” instance… at least I don’t want to spin so many CPU cycles trying to generate it.
Be ready for S3 policy questions – like used NotIPAddress – I didn’t really study the NOT side thoroughly enough nor did I study policy definition basics enough… I can read the basic ones but I ain’t no “Policy Writing Guru”… need to do that. Another “mybad”.
Here is a reference on policy grammer… if you don’t know that… you got’em problem Tonto.
How to do detailed billing and projections.
How to build some fairly sophisticated graphs using diverse services.
How to use AD integration with a linux without disrupting on premise – was no cake walk – as the 3 solutions you would think they would give – were NOT options…
Did not study AWS Systems Manager enough, was at least one question on it or two and I was guessing.
After Security, my 2nd lowest scoring category was Networking, which I thought I was strong on… so much for my opinion 😉
Also note: there is a question concerning what services allow / require root access – there are four to date, they are:
- Elastic Beanstalk
- Elastic MapReduce
Conspiculously missing – no vpn peering, no direct connect questions – at least on this version of the test.
One question in my mind is how many different versions of this test are there? There are only 55 questions on the test so if Amazon has a bank of 300 questions or so (and they are changing as features change I assume)… there could be an infinite # of versions of this test… I’ll find out, since I only missed by one more right answer or so I’ll probably retake it again soon. Learn a lot in the process that is certain and your bank account shrinks by $150… so… we’ll see… I’ll update later.
My Score 1st tiime around 68% average:
Topic Level Scoring:
1.0 Monitoring and Metrics: 80%
2.0 High Availability: 83%
3.0 Analysis: 71%
4.0 Deployment and Provisioning: 71%
5.0 Data Management: 83%
6.0 Security: 42%
7.0 Networking: 57%