Jeff’s Note #
Unlike generic exam dumps, ADH analyzes this scenario through the lens of a Real-World Site Reliability Engineer (SRE).
For SOA-C02 candidates, the confusion often lies in understanding the relationship between the AWS Support Plan and Trusted Advisor check availability. In production environments, this means knowing exactly which checks are accessible based on your support contract and why certain security-related checks only unlock with higher support tiers. Let’s drill down.
The Certification Drill (Simulated Question) #
Scenario #
Atlas Logistics, a fast-growing shipping and distribution company, has recently integrated AWS Trusted Advisor for bolstering their cloud security and compliance posture. The SysOps team is tasked with verifying which Trusted Advisor checks they can view and use. However, they observe that the number of available checks varies depending on several factors.
The Requirement: #
Identify which factor directly affects how many AWS Trusted Advisor checks are available to Atlas Logistics’ operations team.
The Options #
- A) Having at least one running Amazon EC2 instance
- B) The AWS Support Plan level subscribed by the account
- C) Any active Service Control Policies (SCPs) configured within AWS Organizations
- D) Whether Multi-Factor Authentication (MFA) is enabled on the root user account
Google adsense #
leave a comment:
Correct Answer #
B) The AWS Support Plan level subscribed by the account.
Quick Insight: The SysOps Imperative #
The range of Trusted Advisor checks you can access depends heavily on your AWS Support subscription tier. Basic and Developer support only provide a limited subset of Trusted Advisor checks, whereas Business and Enterprise plans unlock the full checks list, especially critical security and cost optimization insights.
Content Locked: The Expert Analysis #
You’ve identified the answer. But do you know the implementation details that separate a Junior from a Senior?
The Expert’s Analysis #
Correct Answer #
Option B: The AWS Support Plan level subscribed by the account
The Winning Logic #
AWS Trusted Advisor provides a variety of best practice checks for security, fault tolerance, performance, and cost optimization. However, not all these checks are immediately available—access depends on the support plan:
- Basic and Developer support accounts get limited access to Trusted Advisor checks (mostly service limits and security groups).
- Business and Enterprise support plans unlock the full suite of Trusted Advisor checks, including crucial security audits like IAM usage and MFA on root accounts.
Therefore, the Support Plan level is the gating factor for how many checks a SysOps team can see and act upon.
The Trap (Distractor Analysis): #
-
Option A (Running EC2 instance):
Having an EC2 instance running does not affect Trusted Advisor check availability. Trusted Advisor works across your entire account, not linked to specific resource states. -
Option C (Service Control Policies):
SCPs control permissions within AWS Organizations but don’t determine which Trusted Advisor checks your account can view. -
Option D (Root MFA):
While enabling MFA on the root account improves security, it does not influence the number of Trusted Advisor checks available in your account.
The Technical Blueprint #
For SysOps, here is the CLI command to list Trusted Advisor checks and observe which are accessible:
aws support describe-trusted-advisor-checks --language en
Note: This command requires Business/Enterprise support plans to show the full list of Trusted Advisor checks.
The Comparative Analysis #
| Option | Operational Overhead | Automation Level | Impact on Trusted Advisor Access |
|---|---|---|---|
| A) Running EC2 instance | None | None | No effect |
| B) AWS Support Plan | None | Enables full CLI/API Trusted Advisor features | High - controls visibility of checks |
| C) SCPs | Moderate (policy management) | Indirect | No direct effect on Trusted Advisor checks |
| D) Root MFA | Low | Security best practice, no automation | No effect on checks count |
Real-World Application (Practitioner Insight) #
Exam Rule #
“For the exam, always associate full Trusted Advisor access with Business or Enterprise AWS Support Plans.”
Real World #
“In actual operations, you might rely on programmatic access to Trusted Advisor via SDK or CLI when you have Business support, enabling automation of remediation workflows.”
(CTA) Stop Guessing, Start Mastering #
Disclaimer
This is a study note based on simulated scenarios for the SOA-C02 exam.