The AWS Certified SysOps Administrator Associate (SOA-C02) is the operations-focused exam in the AWS associate tier. Where the SAA-C03 tests architectural design and the DVA-C02 tests development patterns, the SOA-C02 tests your ability to keep AWS environments running: monitoring, patching, backup, recovery, scaling, cost optimisation, and compliance. It's the right certification if you manage AWS infrastructure rather than build applications on top of it.
This guide covers the exam structure, the services that matter most, and a realistic study plan to pass on your first attempt.
Exam Overview
| Detail | Value |
|---|---|
| Exam code | SOA-C02 |
| Questions | 65 (50 scored, 15 unscored) |
| Time | 130 minutes |
| Passing score | 720 / 1000 |
| Format | Multiple choice, multiple response, and exam labs |
| Cost | $150 USD |
The SOA-C02 includes optional exam labs: hands-on tasks in a live AWS environment. These are integrated into the same exam session and are performance-based. Candidates who've spent time in the AWS console have a real advantage on these tasks.
Exam Domains
| Domain | Weight |
|---|---|
| Monitoring, Logging, and Remediation | 20% |
| Reliability and Business Continuity | 16% |
| Deployment, Provisioning, and Automation | 18% |
| Security and Compliance | 16% |
| Networking and Content Delivery | 18% |
| Cost and Performance Optimization | 12% |
Monitoring (20%), Deployment and Automation (18%), and Networking (18%) are the three largest domains. Together they're 56% of the exam. If your operations experience skews toward security or cost management, you'll need to invest extra time in monitoring and automation.
Core Services to Master
CloudWatch
CloudWatch is the most heavily tested service on SOA-C02. You need to understand it deeply:
- Metrics: standard metrics (CPU, network, disk I/O for EC2), custom metrics (push your own data via the PutMetricData API), and metric math for derived calculations
- Alarms: threshold-based alerting; states are OK, ALARM, and INSUFFICIENT_DATA; actions can trigger SNS, Auto Scaling, or EC2 instance actions
- Logs: CloudWatch Log Groups and Log Streams; Log Insights for querying logs with a purpose-built query language; Metric Filters to extract metrics from log data
- Dashboards: visualisation for operational health monitoring
- Contributor Insights: identifies top contributors to high-volume log data
Know the difference between CloudWatch (monitoring, metrics, logs) and CloudTrail (API activity audit log). They show up together in many questions and are frequently confused.
AWS Systems Manager
Systems Manager is the central operations service for SOA-C02. It covers a wide range of operational tasks:
- Patch Manager: automate OS and application patching across EC2 and on-premises instances; patch baselines define which patches are approved
- Run Command: execute commands remotely on instances without SSH or RDP; completely agentless from the user's perspective
- Session Manager: browser-based shell and port forwarding to instances without opening port 22 or 443; logs sessions to S3 or CloudWatch
- Parameter Store: secure storage for configuration data and secrets; integrates with IAM for fine-grained access control; tiered as Standard (free) or Advanced
- State Manager: maintain desired configuration state on instances; associations define the configuration and the schedule
- Automation: run automated runbooks for common operational tasks; pre-built runbooks for stopping instances, creating AMIs, patching
The SSM agent must be installed on instances for most Systems Manager features. Amazon Linux 2 and many Windows AMIs have it pre-installed.
Auto Scaling
Auto Scaling covers both EC2 Auto Scaling groups and scaling for other services via Application Auto Scaling:
- Launch templates: define instance configuration (AMI, instance type, security groups, user data) for Auto Scaling groups; prefer launch templates over older launch configurations
- Scaling policies: Target Tracking (maintain a metric at a target value), Step Scaling (scale by set amounts at different thresholds), Simple Scaling (scale by a fixed amount when an alarm triggers)
- Scheduled scaling: pre-emptive scaling for predictable load changes
- Warm pools: pre-initialised instances ready to serve traffic faster than cold launches; reduces warm-up latency during scale-out events
- Lifecycle hooks: pause instance launch or termination to perform custom actions (run configuration scripts, register with load balancers)
Elastic Load Balancing
The exam tests differences between load balancer types and their appropriate use cases:
| Type | Layer | Use Case |
|---|---|---|
| Application Load Balancer | 7 (HTTP/HTTPS) | Path-based routing, host-based routing, WebSockets, HTTP/2 |
| Network Load Balancer | 4 (TCP/UDP) | Ultra-low latency, static IP per AZ, non-HTTP protocols |
| Gateway Load Balancer | 3 (Network) | Third-party virtual appliances (firewalls, IDS) |
| Classic Load Balancer | 4 and 7 | Legacy; avoid in new designs |
Connection draining (now called Deregistration Delay) allows in-flight requests to complete before an instance is removed. Know how it works and when to adjust the timeout.
VPC and Networking
Networking is 18% of SOA-C02. Key areas:
- VPC Flow Logs: capture IP traffic information for network interfaces; useful for troubleshooting connectivity and security analysis; stored in CloudWatch Logs or S3
- Network ACLs vs Security Groups: NACLs are stateless and apply at the subnet level; Security Groups are stateful and apply at the instance level; both can be used together for defence in depth
- VPC Peering and Transit Gateway: VPC Peering connects two VPCs directly; Transit Gateway acts as a hub for multiple VPCs and on-premises connections
- Route 53 routing policies: Simple, Weighted, Latency-based, Failover, Geolocation, Geoproximity, Multi-value Answer
Cost Optimisation
The cost domain is 12% but requires specific knowledge of AWS cost management tools:
- Cost Explorer: visualise and analyse AWS spend; forecast future costs; identify right-sizing recommendations
- AWS Budgets: set cost or usage thresholds with email or SNS alerts when thresholds are approached or exceeded
- Trusted Advisor: five categories of recommendations including cost optimization (identifying idle resources, underutilised instances)
- Compute Optimizer: ML-based right-sizing recommendations for EC2, Lambda, ECS on Fargate, and EBS
Common Exam Traps
CloudWatch vs CloudTrail: this distinction comes up in multiple questions. CloudWatch is for operational monitoring (metrics, logs, events). CloudTrail is for governance and auditing (who called which API, when, from where). If a question mentions "who deleted the S3 bucket?", the answer is CloudTrail.
Session Manager vs SSH: questions about accessing instances without opening port 22 point to Session Manager. It uses the SSM agent and IAM permissions, not security group inbound rules. This is the current best practice for instance access.
Parameter Store vs Secrets Manager: Parameter Store is cheaper and suitable for configuration data and non-rotating secrets. Secrets Manager adds automatic rotation, cross-account access, and integration with RDS and Redshift for credential rotation. When rotation is mentioned, the answer is Secrets Manager.
Multi-AZ vs Read Replicas in RDS: Multi-AZ is for high availability and failover (synchronous replication to standby, automatic failover). Read Replicas are for read scaling (asynchronous replication, can be in other regions). These serve different purposes. Questions about DR point to Multi-AZ; questions about read performance point to Read Replicas.
Study Plan
| Week | Focus |
|---|---|
| 1–2 | CloudWatch: metrics, alarms, logs, insights; CloudTrail; Config |
| 3 | Systems Manager: Patch Manager, Session Manager, Run Command, Parameter Store |
| 4 | Auto Scaling, ELB, launch templates |
| 5 | VPC: Flow Logs, NACLs, Security Groups, routing, VPN, Direct Connect |
| 6 | RDS, backups, DR strategies, cost management tools |
| 7–8 | Practice exams, review weak areas, exam lab practice |
Hands-on time in the AWS console is important for SOA-C02, particularly for the exam lab component. Set up a CloudWatch alarm, enable Systems Manager on an EC2 instance, and run a Patch Manager operation at least once.
Recommended Resources
- AWS Certified SysOps Administrator Associate exam guide (AWS)
- AWS Systems Manager documentation
- SOA-C02 practice exams on this site
Final Thoughts
The SOA-C02 rewards candidates who've actually operated AWS environments. If you've configured CloudWatch alarms, patched instances through Systems Manager, or debugged VPC connectivity issues, the exam material will feel familiar. Candidates coming from a purely architectural or development background will need to invest time in the operational tools that the exam emphasises.
Build things while you study. Create a test EC2 instance, enable Systems Manager, set up a Patch Manager baseline, create CloudWatch alarms, and review the resulting logs and metrics. That hands-on familiarity will be the difference on the exam lab tasks.
Start with our SOA-C02 practice exams to identify which domains need the most attention before you commit to a booking date.