Difference between CompTIA Security+ SY0-401 and SY0-501?
Really cool resource!
For each one of CompTIA’s Security+ SY0-501 Main Domains, we have isolated every single sub-objective that is brand new and specific to Security+ SY0-501. They are each identified by a “NEW” in red font next to it.
|Security+ SY0-501 Main Domains||Click below links for downloadable PDFs|
|1.0 Threats, Attacks and Vulnerabilities||Security+ Exam sub-objectives 1.0 New to SY0-501|
|2.0 Technologies and Tools||Security+ Exam sub-objectives 2.0 New to SY0-501|
|3.0 Architecture and Design||Security+ Exam sub-objectives 3.0 New to SY0-501|
|4.0 Identity and Access Management||Security+ Exam sub-objectives 4.0 New to SY0-501|
|5.0 Risk Management||Security+ Exam sub-objectives 5.0 New to SY0-501|
|6.0 Cryptography and PKI||Security+ Exam sub-objectives 6.0 New to SY0-501|
So how different should we expect the new Security+ SY0-501 to be compared to the current SY0-401?
The broad brush
Given that Security+ is on or about a mile wide and about an inch deep, we indeed need a very broad brush. Obviously, the new material in CompTIA’s Certification Exam Objectives for Security+ SY0-501 aims at reflecting technologies used today that were not included in the objectives 3 years ago when SY0-401 was released.
The following have either seen an enhanced focus and/or be added to the new Security+ SY0-501 exam objectives:
– Technologies that support cloud and technologies with an emphasis on cloud security
– Expansion of Virtualization and how to secure it
– Mobile device security and breach of
– Securing cart technology and payment systems
– More on monitoring tools and analysis of metrics obtained from monitoring and tracking tools
– Deepening of the understanding of network access control models
– Sideloaded applications and management of the process
– Verification and validation of sideloaded applications
– Possibly addition of Samsung, LG and/or other manufacturer specific issues
Greater emphasis will be put on practical knowledge, this has been a trend at all the latest CompTIA updated exams. These are the sub-objectives that will start with “Given a scenario…”
Step #1: The Job Task Analysis
The first step in any CompTIA exam update is to perform a Job Task Analysis (JTA). This is how CompTIA figures exactly what changes are occurring in the profession and how it identifies the most significant trends moving forward. CompTIA consulted with several hundred subject matter experts and it is the result of the JTA that informed the changes made to the Security+ SY0-501 exam objectives.
What has NOT changed: The job roles
The Security+ SY0-501 exam remains firmly rooted in the same key job roles as Security+ SY0-401 i.e. security administrator and information assurance specialist.
Typical SY0-501 Job titles:
- Security Administrator
- Systems Administrator
- Network Administrator
- Security Specialist
- Security Administrator
- Security Consultant
- Junior IT Auditor
- Junior Penetration Tester
How much of the content is changed?
Between SY0-401 and SY0-501 there is about a 25% overall change in content. The new exam focuses more on:
- Risk management
- …and hands-on skills using technologies and tools
The main exam objectives have been re-ordered and re-named to better reflect instructional design organization as well as the changing emphasis of industry cybersecurity trends.
Nature of changes to the exam content
There are several new themes for the new Security+ 501 exam. Here are the main changes:
- Importance of risk mitigation concepts
- Best practices
This is the result of seeing more Distribute Denial of Service (DDoS), ransomware, phishing, and business email attacks. These and other attacks have over the last few years become more varied, sophisticated and therefore more successful, it is more important than ever for security professionals to accurately identify these threats and understand how to rapidly deploy the most effective responses to resolve them.
There is also a new emphasis on policy-based decisions, as well as understanding frameworks. Increasingly, security procedures have become a policy-based. The exam includes a renewed emphasis on multifactor authentication techniques and tools.
What is all that security for?
It is important to set these very long lists of exam objectives in a meaningful context. Therefore, the Security+ 501 exam now includes an emphasis on how security techniques, policies, and best practices all are the foundation for privacy. For the security administrator, one of the job roles defined by the Security+ JTA, this must remain a critical focus. The surveys done in preparation for the SY0-501 update have shown that an organization must first have its security practices in order before it can address privacy properly.
Should I take the Security+ SY0-401 now or wait for the SY0-501 exam?
The short answer is of course that you should take the version available at the time you need to be certified. Doesn’t take a genius to figure that one out! However, there are other considerations too. One is that although the “latest and greatest” always has its appeal. When it comes to CompTIA certification your certification is valid for three years from the date you pass the exam. It doesn’t matter if that date happens to be one day before the retirement date of the exam, you are still certified for three years no matter what. The other consideration is always a tendency to prefer “the devil we know”. There is predictability in committing to Security+ SY0-401 that the SY0-501 objectives can’t offer just yet. It seems pretty certain that if you are planning on getting certified in 2016 and even into spring of 2017 you will have to pick the current version.
CompTIA Security+ Practice Test
CertBlaster offers practice tests for Security+ SY0-401. The product includes 500 questions including what CompTIA refers to as the Performance Based Question (PBQ). Below is a screenshot of an important Performance Based Question type that you will face at the Security+ exam. This type of question puts you in a situation where you have been hacked, you get to see the script used and from analyzing that script you will be asked to figure out what server is under attack, by what type of attack and you will be asked to enunciate the best defense against that attack.