JON BONSO AND LERVIN JOHN OBANDO

AWS CERTIFIED
SYSOPS
ADMINISTRATOR
ASSOCIATE
VERSION 2.0

Tutorials Dojo
Study Guide and Cheat Sheets
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

TABLE OF CONTENTS

INTRODUCTION 7

AWS CERTIFIED SYSOPS ADMINISTRATOR ASSOCIATE EXAM OVERVIEW 8

AWS CERTIFIED SYSOPS ADMINISTRATOR ASSOCIATE EXAM - STUDY GUIDE AND TIPS 12
Study Materials 12
AWS Services to Focus On 14
Exam Labs 16
Common Exam Scenarios 16
Validate Your Knowledge 21
Sample Practice Test Questions: 22
Question 1 22
Question 2 24

AWS Deep Dives 28

EC2 Placement Groups 28
Cluster Placement Group 28
Partition Placement Group 30
Spread Placement Group 32
EC2 Image Builder 34
Image Pipelines 34
Image Recipes Configuration 34
Source Images 34
Build and Test Components 36
Storage 37
Infrastructure Configuration 37
Distribution Settings 38
Amazon EC2Rescue 39
EC2Rescue for Windows Server 39
Diagnose and Rescue an Offline Instance 39
Collecting Logs from an Offline Instance 49
Restore Options for an Offline Instance 52
Checking the Current Instance 54
EC2Rescue for Windows on Systems Manager 56
EC2Rescue for Linux 57
Installing EC2Rescue for Linux 58

https://portal.tutorialsdojo.com/ 1
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

Diagnose Issues Using EC2Rescue for Linux 58

Creating Instance Backup Using EC2Rescue for Linux 59
EC2Rescue for Linux on Systems Manager 59
AWS Auto Scaling 61
Auto Scaling Group 61
Auto Scaling Templates 61
Launch Templates 61
Launch Configurations 65
Auto Scaling Group Configuration 65
AWS Compute Optimizer 72
Prerequisites 72
AWS Compute Optimizer Dashboard 73
Recommendations for EC2 Instances 74
Recommendations for Auto Scaling Group 75
Recommendations for EBS Volume Instances 76
Elastic Load Balancing 78
Load Balancer Types 79
ELB Features and Components 79
Load Balancer Scheme 79
IP Addresses Type 79
Listener 79
Target Group 80
Security Groups 80
Availability Zones 80
Health Checks 80
Sticky Sessions 81
Cross-zone Load Balancing 81
Connection Draining 81
Load Balancer Monitoring 81
Delete Protection 81
Choosing the Right Load Balancer 81
Application Load Balancer (ALB) 81
Network Load Balancer (NLB) 82
Gateway Load Balancer (GWLB) 82
S3 Presigned URL 83
Sharing S3 objects using Presigned URL 83
Uploading S3 Objects Using Presigned URL 86

https://portal.tutorialsdojo.com/ 2
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

S3 Transfer Acceleration 87
Amazon CloudFront 89
Caching Process 89
CloudFront Policies 89
Cache Policy 90
Origin Request Policy 91
Amazon ElastiCache 93
ElastiCache Memcached and Redis Engine 93
Clusters 93
Sharding 93
Multithreading 94
High Availability 94
Backup and Restore 94
Key Points 95
Virtual Private Cloud 96
Network Access Control List (NACL) 96
Route Tables 98
VPC Flow logs 100
Traffic Mirroring 101
Amazon Route 53 104
Domain Registration 104
Route 53 Service Integrations 105
Hosted Zones 105
Route 53 Health Checks 106
Route 53 Records 106
Routing Policy 108
DNS Record Types 109
Route 53 Resolver 110
Resolver Endpoints 110
Resolver Rules 113
Amazon Elastic File System (EFS) 115
EFS Storage Classes 115
Creating a File System 116
File System Access Point 120
Mounting a File System 122
Mount via DNS 124
Mount via IP 124

https://portal.tutorialsdojo.com/ 3
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

Amazon FSx 124

Amazon FSx for Windows File Server 125
File System Details 125
Optional Details 127
Working with Amazon FSx for Windows File Server 127
Amazon FSx for Lustre 128
File System Details 128
Optional Details 129
Working with Amazon FSx for Lustre 129
AWS DataSync 131
Supported AWS Storage Service 131
Working with DataSync 131
AWS Backup 134
Backup Plan 134
On-demand Backup 136
Backup Vault 137
Protected Resources 138
Backup Jobs 138
Cross-account Management 139
Amazon Relational Database Service (RDS) 140
Amazon RDS Features and Components 140
Amazon RDS Database Engines 140
Choosing Suitable RDS DB Instance Classes 141
Choosing the Right RDS DB Instance Storages 141
Choosing a Region and Availability Zone for RDS Instance 143
Increasing Database Availability Using Multi-AZ Deployment 143
Improving Database Performance using Read Replica and DB Clusters 144
Adding an RDS Proxy 145
Working with RDS Backup 146
Monitoring a Database Instance 148
Deleting a Database Instance 151
AWS Config 152
AWS Config Continuous Configuration Monitoring 153
Deploying Resources with CloudFormation 156
StackSets 156
Nested Stacks 156
Deleting a Stack 157

https://portal.tutorialsdojo.com/ 4
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

Retain 157
Snapshot 158
AWS Systems Manager Patch and Change Manager 160
AWS Systems Manager Patch Manager 160
AWS Systems Manager Change Manager 161
Encryption on AWS Storage Services 164
S3 Encryption 164
Server-Side Encryption 164
Client-Side Encryption 165
Encrypting Existing S3 Objects 165
EFS Encryption 165
Data at Rest Encryption 165
Data In Transit Encryption 166
EBS Encryption 166
Creating Encrypted EBS Volume 166
Snapshots 167
RDS Encryption 168
Encrypting RDS Database Instance with AWS KMS 168
Securing Database Connection on RDS 169
Security on AWS 170
AWS KMS Customer Master Key (CMK) Rotation 170
Secrets Manager vs Parameter Store 171
IAM Access Analyzer 173
AWS Certificate Manager 175
AWS Billing and Governance 178
AWS Organizations 178
Service Control Policies (SCP) 181
Cost Explorer 182
Cost Allocation Tags 183
AWS License Manager 184
Monitoring and Logging on AWS 187
CloudWatch Metrics for EC2 187
Creating CloudWatch Alarm 190
Working with CloudWatch Logs 196
Event-driven Architecture with Amazon EventBridge 200
Exploring Events on CloudTrail 202

COMPARISON OF AWS SERVICES 205

https://portal.tutorialsdojo.com/ 5
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

S3 vs EBS vs EFS 205

Amazon S3 vs Glacier 207
S3 Standard vs S3 Standard-IA vs S3 One Zone-IA vs S3 Intelligent Tiering 208
AWS DataSync vs Storage Gateway 209
S3 Transfer Acceleration vs Direct Connect vs VPN vs Snowball vs Snowmobile 210
Amazon EBS: SSD vs HDD 213
RDS vs DynamoDB 216
RDS vs Aurora 219
Multi-AZ deployments vs. Multi-Region deployments vs. Read Replicas 224
EC2 Container Services ECS vs Lambda 225
Security Group vs NACL 226
Application Load Balancer vs Network Load Balancer vs Gateway Load Balancer 228
EC2 Instance Health Check vs ELB Health Check vs Auto Scaling and Custom Health Check 231
ELB Health Checks vs Route 53 Health Checks For Target Health Monitoring 232
CloudTrail vs CloudWatch 233
CloudWatch Agent vs SSM Agent vs Custom Daemon Scripts 234
Latency Routing vs Geoproximity Routing vs Geolocation Routing 235
Service Control Policies vs IAM Policies 237
S3 Pre-Signed URLS vs CloudFront Signed URLS vs Origin Access Identity 238
SNI Custom SSL vs Dedicated IP Custom SSL 239
Redis (cluster mode enabled vs disabled) vs Memcached 240

FINAL REMARKS AND TIPS 241

ABOUT THE AUTHORS 242

https://portal.tutorialsdojo.com/ 6
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

INTRODUCTION
Today, we live in a world of fast-paced innovation and the invention of new technologies, where competitors
race to develop the next disruptive product in the market. Companies with on-premises environments are
quickly shifting to the cloud, such as AWS, for the many advantages that it brings. Furthermore, AWS has been
the leading cloud service provider for the past few years and is continually maturing. Millions of users and
businesses have already adopted the AWS platform for their operations, but not all can capitalize on the
benefits that AWS brings to its customers. It takes specialized individuals to operate on the AWS cloud
successfully.

AWS is built and managed by highly experienced engineers who offer their expertise to deliver the best
products and solutions. That is why you can almost always find a function or service in AWS that would fulfill
whatever need or requirement you have. A lot of the heavy-lifting is offloaded from you as the customer so that
you can dedicate your efforts and resources to your business operations. Another significant benefit of the
AWS cloud is that it is cost-effective. Resources can be quickly provisioned for a very low price and can be
decommissioned as quickly once you don’t need them anymore. The cloud is an essential piece in DevOps and
SysOps since you can quickly spin up test environments and simplify deployment processes that are usually
difficult and expensive to do in traditional data center setups.

The AWS Certified SysOps Administrator Associate is a well-recognized certificate in the IT industry and is a
major booster for career opportunities and salary increases. Having this certificate in your portfolio means that
you have the knowledge and skills in deployment, management, and operations on AWS. Once you have gained
more experience with AWS, you can also aim for higher-level certifications, such as the AWS Certified DevOps
Engineer Professional certificate. Previously, it was mandatory that you first pass the SysOps Associate exam
since the Professional level certificate is very tough and requires much hands-on experience from the exam
taker. So if you are planning to pursue a career in Cloud DevOps, passing the AWS Certified SysOps
Administrator Associate is a great way to start the journey.

Note: We took extra care to come up with these concise articles and cheat sheets, however, this is meant to be
just a supplementary resource when preparing for the exam. We highly recommend working on hands-on
sessions and practice exams to further expand your knowledge and improve your test-taking skills.

https://portal.tutorialsdojo.com/ 7
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

AWS CERTIFIED SYSOPS ADMINISTRATOR ASSOCIATE EXAM - STUDY

GUIDE AND TIPS
If you are a Systems Administrator or a DevOps Engineer, then this certification will test your knowledge on
these areas in AWS. Your experience in these fields will come in handy in passing the exam, but this should be
complemented by actual AWS SysOps knowledge. In the AWS Certified SysOps Administrator Associate Exam
(or AWS SOA for short), the questions including the exam labs will test your ability to perform the following:

● Deploy, manage, and operate scalable, highly available, and fault-tolerant systems on AWS
● Implement and control the flow of data to and from AWS
● Select the appropriate AWS service based on compute, data, or security requirements
● Identify appropriate use of AWS operational best practices
● Estimate AWS usage costs and identify operational cost control mechanisms
● Migrate on-premises workloads to AWS

Given the scope of the questions and exam labs, you should learn the concepts of the AWS architecture, the
AWS Operational Framework, as well as the AWS CLI and AWS SDK/API tools. Having prior knowledge of
fundamental networking and security will also be very valuable. This guide aims to provide you a
straightforward guide when reviewing for this exam.

Study Materials

The FREE AWS Exam Readiness video course, official AWS sample questions, whitepapers, AWS
Documentation, AWS cheat sheets, and AWS practice exams will be your primary study materials for this exam.
There are multiple papers that you should read and familiarize yourself with as a SysOps Administrator.

Having an AWS account you can use will help ingest the different concepts within these whitepapers. Since the
exam itself contains multiple scenario questions and exam labs, using the services and applying them in
practice yourself will allow you to determine the types of situations they are applied in.

https://portal.tutorialsdojo.com/ 12
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

Additional details regarding your AWS SOA exam can be seen in this AWS exam blueprint.

The whitepapers listed below are arranged in such a way that you will learn the concepts first, before
proceeding to application and best practices. If you need a refresh on your AWS fundamentals, go check out
our guide on the AWS Certified Cloud Practitioner Exam before proceeding below.

1. Amazon Virtual Private Cloud Connectivity Options - Study how you can connect different VPCs
together, your VPCs to your on-premises network, and vice versa.
2. Development and Test on AWS - Study how you can leverage AWS to create development and test
environments, implement pipelines and automation, and perform different validation tests for your
applications.
3. Backup and Recovery Approaches Using AWS - Learn which AWS services offer backup and restore
features. It is also important to know how these backups are stored and secured, and selecting the
correct storage options for them.
4. How AWS Pricing Works - Study the fundamental drivers of cost in AWS, the pricing models of
commonly used services in compute, storage, and database, and how to optimize your costs.

https://portal.tutorialsdojo.com/ 13
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

5. Amazon Web Services: Overview of Security Processes - You should study the different security
features in AWS - including infrastructure, account, network, application, and data security. Determine
which aspects of security are your responsibilities, and which are AWS’.
6. AWS Security Best Practices - This whitepaper complements the previous. Understand the security best
practices and their purpose in your environment. Some services offer more than one form of security
feature, such as multiple key management schemes for encryption. It is important that you can
determine which form is most suitable to the given scenarios in your exam.
7. Architecting for the Cloud: AWS Best Practices - Be sure to understand the best practices in AWS since
exam questions will focus their scenarios around these best practices. The whitepaper contains a
number of design principles with examples for each.
8. AWS Well-Architected Framework - This whitepaper is one of the most important papers that you
should study for the SOA-C02 exam. It discusses the different pillars that make up a well-architected
cloud environment.

Optional whitepapers:

1. Overview of Deployment Options on AWS - This is an optional whitepaper that you can read to be aware
of your deployment options in AWS. There is a chance that this might come up in the exam.
2. AWS Disaster Recovery Plans - As a SysOps Administrator, you should be familiar with your DR options
when outages occur. Having knowledge of DR will determine how fast you can recover your
infrastructure.

AWS Services to Focus On

AWS offers extensive documentation and well-written FAQs for all of their services. These two will be your
primary source of information when studying. Furthermore, as an AWS SysOps Administrator, you need to be
well-versed in a number of AWS products and services since you will almost always be using them in your
work. I recommend checking out Tutorials Dojo’s AWS Cheat Sheets which provides a summarized but highly
informative set of notes and tips for your review on these services.

Core services to study:

1. EC2 - As the most fundamental compute service offered by AWS, you should know about EC2 inside
out.
2. Elastic Load Balancer - Load balancing is very important for a highly available system. Study the
different types of ELBs, and the features each of them supports.
3. Auto Scaling - Study what services in AWS can be auto-scaled, what triggers scaling, and how auto
scaling increases/decreases the number of instances.
4. Elastic Block Store - As the primary storage solution of EC2, study the types of EBS volumes available.
Also study how to secure, backup, and restore EBS volumes.

https://portal.tutorialsdojo.com/ 14
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

5. S3 / Glacier - Study the S3 storage types are and what differs between them. Also review the
capabilities of S3 such as hosting a static website, securing access to objects using policies, lifecycle
policies, etc. Learn as much about S3 as you can.
6. VPC - Study every service that is used to create a VPC (subnets, route tables, internet gateways, nat
gateways, VPN gateways, etc). Also, review the differences between network access control lists and
security groups, and during which situations they are applied.
7. Route 53 - Study the different types of records in Route 53. Study also the different routing policies.
Know what hosted zones and domains are.
8. RDS - Know how each RDS database differs from one another, and how they are different from Aurora.
Determine what makes Aurora unique, and when it should be preferred from other databases (in terms
of function, speed, cost, etc). Learn about parameter groups, option groups, and subnet groups.
9. DynamoDB - Consider how DynamoDB compares to RDS, Elasticache, and Redshift. This service is also
commonly used for serverless applications along with Lambda.
10. Elasticache - Familiarize yourself with Elasticache redis and its functions. Determine the areas/services
where you can place a caching mechanism to improve data throughput, such as managing the session
state of an ELB, optimizing RDS instances, etc.
11. SQS - Gather info on why SQS is helpful in decoupling systems. Study how messages in the queues are
being managed (standard queues, FIFO queues, dead letter queues). Know the differences between
SQS, SNS, SES, and Amazon MQ.
12. SNS - Study the function of SNS and what services can be integrated with it. Also, be familiar with the
supported recipients of SNS notifications.
13. IAM - Services such as IAM Users, Groups, Policies, and Roles are the most important to learn. Study
how IAM integrates with other services and how it secures your application through different policies.
Also, read on the best practices when using IAM.
14. CloudWatch - Study how monitoring is done in AWS and what types of metrics are sent to CloudWatch.
Also read upon CloudWatch Logs, CloudWatch Alarms, and the custom metrics made available with
CloudWatch Agent.
15. CloudTrail - Familiarize yourself with how CloudTrail works, and what kinds of logs it stores as
compared to CloudWatch Logs.
16. Config - Be familiar with the situations where AWS Config is useful.
17. CloudFormation - Study how CloudFormation is used to automate infrastructure deployment. Learn the
basic makeup of a CloudFormation template, stack, and stack set.
18. KMS – Familiarize how KMS integrates with other services in storing encryption keys.
19. Secrets Manager – Understand how Secrets Manager stores secrets and how you can use them with
other AWS services.
20. Parameter Store – Know when to use Parameter store and how compute services like EC2, ECS, and
Lambda utilize it.
21. DataSync – Familiarize which AWS services can be used to migrate data from an on-premises data
center.

https://portal.tutorialsdojo.com/ 15
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

Some additional services we recommend to review:

1. Trusted Advisor
2. Systems Manager
3. CodeDeploy
4. CodePipeline
5. CloudFront
6. Cost and Billing Management Console
7. OpsWorks
8. Direct Connect

For the exam version (SOA-C02), you should also know the following services:

1. Amazon FSx for Windows File Server and Amazon FSx for Lustre
2. AWS Backup
3. EC2 Image Builder
4. S3 Transfer Acceleration
5. AWS Global Accelerator
6. RDS Proxy
7. IAM Access Analyzer

Exam Labs

The SOA-CO2 includes an exam labs section where you have to perform SysOps related tasks on the AWS
Management Console. To prepare for this, make sure to play around with the different AWS services covered in
the exam. You don't need to memorize all the configurations for each service. But you have to be really good at
navigating the AWS Management console to understand where you can configure the requirements in each
exam lab. Focus on preparing for exam labs on setting up a VPC, CloudWatch, Load Balancer, Auto Scaling,
CloudFormation, and S3.

View our sample exam lab here.

Common Exam Scenarios

Scenario Solution

Monitoring, Reporting, and Remediation

You need to set up an alert that notifies the IT Use Amazon CloudWatch Events to detect and
manager about EC2 instances service limits. react to changes in the status of Trusted Advisor
checks

https://portal.tutorialsdojo.com/ 16
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

You need to track the deletion and rotation of Use AWS CloudTrail to log AWS KMS API calls
CMKs.

You need to investigate if the traffic is reaching the Use VPC flow logs
EC2 instance.

You need to ensure that the SSH protocol is always Use AWS Config Rules
disabled on private servers.

You need to retrieve the instance metadata of an http://169.254.169.254/latest/

EC2 instance.

You have to monitor the CPU usage of a single Use the CloudWatch Agent procstat plugin to
process in your EC2 instance. monitor system utilization.

You need to generate a report on the replication Use S3 Inventory

and encryption status of all of the objects stored in
the S3 bucket.

Metric to use to alarm when all instances behind an AWS/ApplicationELB HealthyHostCount

ALB becomes unhealthy <= 0

Monitor restricted CIDR changes on a security Use AWS Config to evaluate the security group
group and remove them automatically. and AWS Systems Manager Automation document
to remove the unwanted CIDR range.

Monitor CreateUser API call via email Utilize Amazon EventBridge, declare CloudTrail as
a source, and CreateUser as an event pattern.
Create an SNS topic and set it as an event target
on Amazon EventBridge.

Reliability and Business Continuity

When the incoming message traffic increases, the Create an Auto Scaling group that can scale out
EC2 instances fall behind and it takes too long to based on the number of messages in the queue.
process the messages.

You need to log the client's IP address, latencies, Enable access logging in ALB and store the logs on
request paths, and server responses that go an S3 bucket.
through your Application Load Balancer.

You need to determine which cipher is used for the Enable Server Order Preference
SSL connection in your ELB.

You need to monitor the total number of requests or Monitor the SurgeQueueLength metric
connections in your load balancer.

https://portal.tutorialsdojo.com/ 17
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

You need to ensure that the backups of an Amazon Configure the Amazon Redshift cluster to
Redshift cluster are always available. automatically copy snapshots of a cluster to
another region.

Highly available File Server that supports SMB and Multi-AZ Amazon FSx for Windows File Server
manages file permissions using Windows Access
Control List (A.

Slow load time when uploading objects to S3 S3 Transfer Acceleration

PercentIOLimit metric hits 100% on EFS Create a new Max I/O performance mode EFS file
system and migrate data to the new file system
using AWS DataSync.

Must ensure data integrity when performing EBS Build a Lambda function that uses CreateImage
backups API to generate AMI of the EC2 instance and
include a reboot parameter. Create an Amazon
EventBridge rule to execute the Lambda function
daily.

Deployment, Provisioning, and Automation

You must remotely execute shell scripts and Use Systems Manager Run Command
securely manage the configuration of EC2
instances.

You need to identify the configuration changes in Use drift detection

the CloudFormation resources.

Requires a CloudFormation template that can be Use Nested Stacks

reused for multiple environments. If the template
has been updated, all the stack that is referencing it
will automatically use the updated configuration.

You need to automate the process of updating the Use CloudFormation with Systems Manager
CloudFormation templates to map to the latest AMI Parameter Store
IDs.

The eviction count in Amazon ElastiCache for Scale the cluster by increasing the number of
Memcached has exceeded its threshold. nodes.

You need to provide each department a new AWS Set up AWS Control Tower
account with governance guardrails and a defined
baseline in place.

https://portal.tutorialsdojo.com/ 18
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

An S3 bucket must be configured to move the Set up a lifecycle policy

objects older than 60 days to the Infrequent Access
storage class.

You need to monitor all the COPY and UNLOAD Enable Enhanced VPC routing on the Redshift
traffic in the Redshift cluster. cluster.

A total of 500 TB of data needs to be transferred to Use multiple AWS Snowball devices
Amazon S3 in the fastest way.

TLS certificate should be renewed automatically Request a public certificate via AWS Certificate
Manager (ACM)

Get cost expenses of each AWS user account Enable the createdBy tag in the Billing and
Management console

Provisioning instances on ASG takes time because EC2 Image Builder

of software dependencies installed via the UserData
script.

Get cost expenses of each AWS user account Enable the createdBy tag in the Billing and
Management console

Security and Compliance

You have to rotate an existing CMK with imported Create a new CMK with imported key material and
key material every 6 months update the key ID to point to the new CMK

A company needs to restrict access to the data in Use S3 ACL and bucket policy
an S3 bucket.

Mitigate malicious attacks such as SQL injection Use AWS WAF and Shield
and DDoS attacks from unknown origins.

You need to define an IAM policy to enable the user Define iam:PassRole in the IAM policy
to pass a role to an AWS service.

You need to create a solution that allows multiple Configure a VPC endpoint
EC2 instances in a private subnet to use AWS KMS
and the traffic must not pass through the public
Internet.

You need to encrypt all the objects at rest in your Use SS3-S3, SSE-KMS or SSE-C
S3 bucket

https://portal.tutorialsdojo.com/ 19
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

Enable authentication to AWS services using Active Amazon Cognito user pool
Directory Federation Services.

Create a bucket policy to only allow AWS accounts Set principal to (*) and create a condition for
in the organization to access an S3 bucket. PrincipalOrgId

Read, update, delete messages from SQS queues Create a policy with sqs:SendMessage,
from an instance. sqs:ReceiveMessage, sqs:DeleteMessage, and
attach the policy to a new role that can perform
API calls to AWS. Associate the new role to the
instance.

RDS credentials should not be hardcoded on Use Secrets Manager to store credentials
Lambda functions

Networking and Content Delivery

You need to allow the EC2 instances in your VPC Set up an egress-only Internet gateway
that support IPv6 to connect to the Internet but
block any incoming connection.

You have to establish a dedicated connection Set up a Direct Connect connection

between their on-premises network and their
Amazon VPC.

You need to increase the cache hit ratio for a Add a Cache-Control max-age and increase
CloudFront web distribution. the TTL by specifying the longest value for
max-age

You need to ensure that users are consistently Set up a Route 53 Geoproximity routing policy
directed to the AWS region nearest to them.

A company plans to implement a hybrid cloud Assign an Internet Gateway to the VPC
architecture. You need to allow your resources on Create a Virtual Private Gateway
AWS the connectivity to external networks.

Users being served desktop version on mobile Add a User-Agent header to the list of origin
phones custom header on CloudFront.

DNS record at the apex domain ALIAS record

Cost and Performance Optimization

You have to automate the process of patching Use AWS Systems Manager Patch Manager
managed instances with security-related updates.

https://portal.tutorialsdojo.com/ 20
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

You need to analyze the data hosted in Amazon S3 Use Amazon Athena
using standard SQL.

Improving the site speed of a static S3 web hosting Create a CloudFront web distribution and set
with customers around the globe Amazon S3 as the origin.

You need to implement a solution to enforce the Use AWS Service Catalog TagOption library
tagging of all instances that will be launched in the
VPC.

You need to get billing alerts once it reaches a Enable billing alerts in Account Preferences of the
certain limit. AWS Console.

Resize an Amazon Elasticache for Redis cluster. Use online resizing for Amazon Elasticache Redis
cluster

No sharing of Reserved Instance (RI) discounts Disable RI discount sharing via management
between AWS accounts in the Organization account and provision instances using individual
AWS accounts.

Validate Your Knowledge

Once you have finished your review and you are more than confident of your knowledge, test yourself with
some practice exams available online. AWS offers a practice exam that you can try out at their aws.training
portal. Tutorials Dojo also offers a top-notch set of AWS Certified SysOps Administrator Associate practice
tests. Each test contains unique questions that will surely help verify if you have missed out on anything
important that might appear on your exam. You can pair our practice exams with this study guide eBook to
further help in your exam preparations.

https://portal.tutorialsdojo.com/ 21
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

Sample Practice Test Questions:

Question 1

A company is heavily using AWS CloudFormation templates to automate the deployment of their cloud
resources. The SysOps Administrator needs to write a template that will automatically copy objects from an
existing S3 bucket into the new one.

Which of the following is the most suitable configuration for this scenario?

1. Set up an AWS Lambda function and configure it to perform the copy operation. Integrate the Lambda
function to the CloudFormation template as a custom resource.
2. Configure the CloudFormation template to modify the existing S3 bucket to allow cross-origin requests.
3. Set up the CloudFormation template to use the AWS Data Pipeline CopyActivity object to copy the files
from the existing S3 bucket to the new S3 bucket.
4. Configure the CloudFormation template to enable cross-region replication on the existing S3 bucket and
select the new S3 bucket as the destination.

Correct Answer: 1

https://portal.tutorialsdojo.com/ 22
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

AWS CloudFormation gives you an easy way to model a collection of related AWS and third-party resources,
provision them quickly and consistently, and manage them throughout their lifecycles, by treating infrastructure
as code. A CloudFormation template describes your desired resources and their dependencies so you can
launch and configure them together as a stack. You can use a template to create, update, and delete an entire
stack as a single unit, as often as you need to, instead of managing resources individually. You can manage
and provision stacks across multiple AWS accounts and AWS Regions.

In an AWS CloudFormation template, you can specify a Lambda function as the target of a custom resource.
Use custom resources to process parameters, retrieve configuration values, or call other AWS services during
stack lifecycle events. When you associate a Lambda function with a custom resource, the function is invoked
whenever the custom resource is created, updated, or deleted. AWS CloudFormation calls a Lambda API to
invoke the function and to pass all the request data (such as the request type and resource properties) to the
function. The power and customizability of Lambda functions in combination with AWS CloudFormation enable
a wide range of scenarios, such as dynamically looking up AMI IDs during stack creation, or implementing and
using utility functions, such as string reversal functions.

The requirement for this scenario is to copy all the objects from an existing S3 bucket to a new S3 bucket
created by the CloudFormation template. To accomplish this requirement, you need to create a custom
Lambda function that can copy the objects from the source bucket to the new S3 bucket. You can also define
the options you want Amazon S3 to apply during replication, such as server-side encryption, replica ownership,
and transitioning replicas to another storage class.

https://portal.tutorialsdojo.com/ 23
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

Hence, the correct answer is: Set up an AWS Lambda function and configure it to perform the copy operation.
Integrate the Lambda function to the Cloudformation template as a custom resource.

The option that says: Configure the Cloudformation template to enable cross-region replication on the
existing S3 bucket and select the new S3 bucket as the destination is incorrect because this option won't be
able to copy the existing objects to the new S3 bucket. For this configuration, you need to invoke Lambda first
to copy the objects in the S3 bucket.

The option that says: Set up the CloudFormation template to CopyActivity object to copy the files from the
existing S3 bucket to the new S3 bucket is incorrect because CopyActivity does not support copying multipart
Amazon S3 files. The most suitable configuration to copy the objects from an existing bucket to a new S3
bucket is to use a custom Lambda resource in CloudFormation.

The option that says: Configure the CloudFormation template to modify the S3 bucket to allow cross-origin
requests is incorrect because the scenario did not state anything about allowing cross-origin access to your
Amazon S3 resources. Also, this option does not have the capability to copy all the objects from an existing S3
bucket to a new S3 bucket.

References:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources-lambda.ht
ml
https://aws.amazon.com/blogs/infrastructure-and-automation/deploying-aws-lambda-functions-using-aws-clo
udformation-the-portable-way/
https://aws.amazon.com/blogs/devops/use-aws-cloudformation-to-automate-the-creation-of-an-s3-bucket-wit
h-cross-region-replication-enabled/

Check out this AWS CloudFormation Cheat Sheet:

https://tutorialsdojo.com/aws-cloudformation/

Question 2

A company plans to expand its use of AWS services across its product portfolios. To ensure separation of
business processes for billing, security, and compliance, the SysOps Administrator must provide each
department with new AWS accounts having governance guardrails and a defined baseline in place. An efficient
and scalable provisioning process is required to optimize the workflow and save time.

Which of the following options can satisfy the given requirement?

1. Use AWS Batch and AWS Organizations to automatically provision new resources and accounts.
2. Use AWS Control Tower to generate templates in the Account Factory and to provision new accounts in
AWS Service Catalog.

https://portal.tutorialsdojo.com/ 24
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

3. Use AWS OpsWorks for Chef Automate and bootstrapping scripts to handle the configuration
management and provisioning tasks.
4. Use AWS Service Catalog and AWS Config to automate account creation and configuration.

Correct Answer: 2

AWS Control Tower provides a single location to easily set up your new well-architected multi-account
environment and govern your AWS workloads with rules for security, operations, and internal compliance. You
can automate the setup of your AWS environment with best-practices blueprints for multi-account structure,
identity, access management, and account provisioning workflow. For ongoing governance, you can select and
apply pre-packaged policies enterprise-wide or to specific groups of accounts.

AWS Control Tower provides three methods for creating member accounts:

- Through the Account Factory console that is part of AWS Service Catalog.

https://portal.tutorialsdojo.com/ 25
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

- Through the Enroll account feature within AWS Control Tower.

- From your AWS Control Tower landing zone's management account, using Lambda code and appropriate IAM
roles.

AWS Control Tower offers "guardrails" for ongoing governance of your AWS environment. Guardrails provide
governance controls by preventing deployment of resources that don’t conform to selected policies or
detecting non-conformance of provisioned resources. AWS Control Tower automatically implements guardrails
using multiple building blocks such as AWS CloudFormation to establish a baseline, AWS Organizations
service control policies (SCPs) to prevent configuration changes, and AWS Config rules to continuously detect
non-conformance.

In this scenario, the requirement is to provide each department with AWS accounts that have governance
guardrails and defined baseline in place. To save time and resources, you can use AWS Control Tower to
automate the account creation. With the appropriate user group permissions, you can specify standardized
baselines and network configurations for all accounts in the organization.

Hence, the correct answer is: Use AWS Control Tower to generate templates in the Account Factory and to
provision new accounts in AWS Service Catalog.

The option that says: Use AWS Service Catalog and AWS Config to automate account creation and
configuration is incorrect. Although you can use AWS Service Catalog to create and manage catalogs of your
IT services, it still does not offer "guardrails" for ongoing governance of your AWS environment. Moreover, AWS
Config is mainly used to evaluate the configuration of various AWS services in an AWS environment and not to
provision new accounts.

The option that says: Use AWS Batch and AWS Organizations to automatically provision new resources and
accounts is incorrect because AWS Batch can only provision compute resources. Furthermore, AWS
Organizations do not fully provide governance guardrails unlike AWS Control Tower.

The option that says: Use AWS OpsWorks for Chef Automate and bootstrapping scripts to handle the
configuration management and provisioning tasks is incorrect because AWS OpsWorks is not a suitable
service to be used in provisioning new AWS accounts. The common use case for AWS OpsWorks for Chef
Automate is to automate operational tasks on Amazon EC2 instances and on-premises servers.

References:
https://docs.aws.amazon.com/controltower/latest/userguide/account-factory.html
https://aws.amazon.com/blogs/mt/how-to-automate-the-creation-of-multiple-accounts-in-aws-control-tower/
https://aws.amazon.com/blogs/aws/aws-control-tower-set-up-govern-a-multi-account-aws-environment/

Check out these AWS Cheat Sheets:

https://tutorialsdojo.com/aws-cheat-sheets/

https://portal.tutorialsdojo.com/ 26
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

Click here for more AWS Certified SysOps Administrator Associate practice exam questions.

It is best to get some rest before the day of your exam, and review any notes that you have written down. If you
have done well in the practice tests, go over the questions where you made a mistake and understand why so.
If you are not feeling so confident after trying the practice tests, you can just reschedule your exam and take
your time preparing. The AWS SOA certification is one of the most sought after certifications in the SysOps
Administration field. The exam will not be easy to pass, but it’ll be worth it when you do.

https://portal.tutorialsdojo.com/ 27
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

AWS Deep Dives

EC2 Placement Groups

Placement Groups is a logical grouping of your interdependent instances in AWS. This logical grouping affects
how your instances are placed on the underlying hardware. Having the instances in a placement group has
particular benefits in terms of network latency, throughput, and minimizing correlated hardware failure. By
default, AWS automatically spreads out your instances across underlying hardware to reduce this correlated
hardware failure.

AWS offers different placement strategies which can suit the placement requirements of your application
hosted in Amazon EC2.

Cluster Placement Group

A cluster placement group is a logical group of instances within a single Availability Zone and instances from
peered VPC in the same region. Through VPC Peering, you can still add instances from different Availability
Zones to your cluster placement group.

https://portal.tutorialsdojo.com/ 28
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

Instances on the same cluster group have a low network latency and high throughput. A cluster placement
group is beneficial to applications with a high volume of network traffic between their instances. To further
maximize these network performance benefits, you can choose instance types with enhanced networking for
your cluster placement group.

AWS recommends launching the instances for the cluster placement group through a single launch request.
They also recommend using the same instance type for all the instances in the placement group to minimize
the chance of getting an insufficient capacity error. This error comes out when there is not enough hardware
capacity to launch an instance. For example, when adding more instances to an existing placement group or
adding instances with a different instance type. The capacity error can also be encountered when you stop and
then start an instance again in a placement group.

https://portal.tutorialsdojo.com/ 29
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

However, if you need to launch an instance to an existing placement group with running instances and
encounter an insufficient capacity error, try to stop and start all of the running instances inside the placement
group, then relaunch the instance. Doing so may force the instances to boot into new hardware capable of
accommodating all the instance requests for the placement group.

Cluster placement groups are commonly used for High-Performance Computing (HPC) applications, like
genomics, computational chemistry, financial risk modeling, machine learning, deep learning, etc.

Partition Placement Group

A partition placement group spreads all instances into logical segments called partitions. Each partition has a
dedicated rack with its network and power source. This placement strategy ensures that all partitions are
isolated from each other, reducing the risk of correlated hardware failures.

Also, partition placement groups can have partitions from different Availability Zones in the same Region with
a limit of seven partitions per AZ. The account limit determines the maximum number of instances. However, a
maximum of two partitions is allowed for the partition placement group with Dedicated Instance.

https://portal.tutorialsdojo.com/ 30
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

When launching instances to the partition placement group, you can either let Amazon EC2 handle the
distribution or specify the specific partition.

To achieve high availability for the application, we often go to multi-AZ deployment, but some applications are
dependent on internode latency, thus making it unavailable for multi-AZ deployment. With a partition
placement group, you can deploy this kind of application in a single Availability Zone but with improved
performance and less chance for correlated hardware faults.

Applications like HDFS, HBase, and Cassandra are benefiting from this kind of placement strategy. Because
they are topology-aware applications, they can use the topology information to make intelligent data storage
decisions.

https://portal.tutorialsdojo.com/ 31
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

Spread Placement Group

A Spread placement group is a placement strategy that strictly hosts instances separately on a distinct rack
that has an individual network and power source. Since all instances are hosted on distinct racks, you can
freely have multiple instance types or add instances over time on your spread placement group.

Since instances on the spread placement group are isolated from each other, the chance of having hardware
faults is reduced when compared to instances sharing the same rack.

Like partition placement groups, spread placement groups can also span on different Availability Zones with a
maximum of seven running instances per AZ.

https://portal.tutorialsdojo.com/ 32
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

For the Partition and Spread placement group, there are times when a unique hardware is unavailable to
accommodate all instance requests. When this happens, try to request again later as more hardware becomes
available over time.

Reference:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html

https://portal.tutorialsdojo.com/ 33
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

EC2 Image Builder

EC2 Image Builder is an AWS service that automates the process of creating, managing, and deploying
machine and docker images both for your AWS environment and on-premises. You can keep your images
updated through the image builder, automate image customization, validate image integrity and functionality
through testing, and deploy images on different AWS regions. The image builder is pretty straightforward; it lets
you create an Image Pipeline, configure an Image recipe, define the infrastructure, and set the image
distribution.

Image Pipelines
To automate the creation of images, AWS allows you to create a pipeline where you can configure the
necessary components of your custom images. The image creation will run based on the defined build
schedule and frequency or can be manually run.

Image Recipes Configuration

Image recipes are where you define the customization and testing of your images. Image recipes are reusable
and have version control. It consists of the following components.

Source Images
The source image will be the baseline of your custom image. Image builder supports the customization for
Amazon Machine Image (AMI) and Docker image. For AMI, this can be AWS-managed images or a custom
AMI. Likewise, for Docker images, it can be AWS-managed images, an ECR image, or a public image from
Docker Hub.

https://portal.tutorialsdojo.com/ 34
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

You can select from different operating systems and versions; availability depends on the image type.

Image builder installs SSM Agent during the build process, but you can remove the agent after the pipeline
execution.

https://portal.tutorialsdojo.com/ 35
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

Should it be necessary to run a command on the instance launch, you can set it on the User Data. Note that
defining User data requires your source image to have the SSM Agent pre-installed or that you include SSM
Agent installation on the User Data.

Build and Test Components

A build component installs software packages to your source image. You can select from Amazon-managed
build components, share build components to your AWS account, or create a new one. See the example
Amazon-managed build components below.

https://portal.tutorialsdojo.com/ 36
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

Test Components are optional, but it’s a better option to configure this to validate the integrity and functionality
of the output image. You can also use Amazon-managed, shared, or create a new test component. See the
example Amazon-manage test components below.

Storage
Storage configuration is optional. You can configure this during the instance launch.

Infrastructure Configuration
The Infrastructure configuration is an optional configuration on the image pipeline. You can configure the
Instance Type, VPC settings, IAM role, and Tags for the output image. A notification can also be published
using SNS.

https://portal.tutorialsdojo.com/ 37
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

Besides the default IAM policies that the image builder uses, the configured IAM role should also have the
necessary permissions to execute all the build and test components defined on the image recipe.

Default IAM Policies for Image Builder:

● EC2InstanceProfileForImageBuilder
● EC2InstanceProfileForImageBuilderECRContainerBuilds
● AmazonSSMManagedInstanceCore

Distribution Settings
You can configure the image deployment on the Distribution settings. You can choose multiple AWS Regions
as image destinations. For Amazon Machine Images, you can configure the output image name, AMI sharing,
and the license and launch template configuration. For the docker images, you need to specify the Regions and
ECR repository name.

Reference:
https://docs.aws.amazon.com/imagebuilder/latest/userguide/what-is-image-builder.html

https://portal.tutorialsdojo.com/ 38
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

Amazon EC2Rescue
While AWS takes care of the underlying infrastructure for EC2, customers are responsible for configuring,
maintaining, and troubleshooting their instances.

EC2Rescue for Windows Server

EC2Rescue for Windows Server is a downloadable tool for Windows Server instances to help you diagnose and
troubleshoot issues. You can also use EC2Rescue to detect potential problems in your current instances.

Diagnose and Rescue an Offline Instance

EC2Rescue scans and diagnoses the Amazon EBS root volumes of the problematic instances. To do this,
EC2Rescue requires a host instance where it will be installed. The EBS root volume should be detached from
the problematic instance and attached to the EC2Rescue instance host.

Reminders:
● The EC2Rescue tool only runs on Windows Server 2008 R2 or later and requires .NET Framework 3.5
SPI or later.
● The EC2Rescue instance host should also be accessible using an RDP connection.
● The instance where EC2Rescue is installed and the instance to be diagnosed should reside on the
same Availability Zone.

The following instructions will guide you on how to check an instance using EC2Rescue.

1. Connect to the EC2Rescue host and download the tool here using a browser or using the PowerShell
command below.

Invoke-WebRequest https://s3.amazonaws.com/ec2rescue/windows/EC2Rescue_latest.zip -OutFile

$env:USERPROFILE\Desktop\EC2Rescue_latest.zip

2. Extract the downloaded zip file. Once extracted, run the EC2Rescue application.

https://portal.tutorialsdojo.com/ 39
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

3. Click I agree on the license agreement and click Next on the Welcome screen.

https://portal.tutorialsdojo.com/ 40
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

4. Select Offline instance and click Next.

https://portal.tutorialsdojo.com/ 41
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

5. Select the EBS volume of the problematic instance and click Next. If you are checking multiple root
volumes, note the device name when attaching the volumes to the EC2Rescue host.

https://portal.tutorialsdojo.com/ 42
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

6. Click Yes to confirm. A popup window will show once the EBS volume is successfully loaded.

7. Once the volume is loaded, the EC2Rescue tool will display system information of the instance. You will
also see different offline instance options. In this case, select Diagnose and Rescue to proceed.

https://portal.tutorialsdojo.com/ 43
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

8. The EC2Rescue tool will now start scanning and diagnosing the volume. Once the diagnostic is done, it
will summarize necessary configurations, including their status and description. Click Next to proceed.

https://portal.tutorialsdojo.com/ 44
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

9. EC2Rescue will give you a list of potential issues of the instance. From this, you can select the fixes you
find necessary for your instance. Click Next to proceed.

https://portal.tutorialsdojo.com/ 45
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

10. Once confirmed, click Rescue.

https://portal.tutorialsdojo.com/ 46
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

11. Click Next to continue applying the changes.

https://portal.tutorialsdojo.com/ 47
 Tutorials Dojo Study Guide and Cheat Sheets - AWS Certified SysOps Administrator Associate
by Jon Bonso and Lervin John Obando

12. Click Finish.

https://portal.tutorialsdojo.com/ 48