The Expected difference between CompTIA Security+ SY0-501 and SY0-601
Every three years CompTIA releases a new and updated version of its exams. This year, on October 4, 2020, CompTIA is releasing the new Security+ SY0-601 Exam. Below we will take a look at what we believe the difference between CompTIA Security+ SY0-501 and SY0-601 may be.
The current Security+ SY0-501 was released on October 4, 2017, and will be retired in the spring of 2021, probably in March – there is a 6 month “grace period” where these two versions will overlap and you will actually be able to choose which exam you prefer to sit for (see bottom of this post for more on that).
How much of the content will change?
Between the new Security+ SY0-601 and the current SY0-501 we should expect about a 25% overall change in content with the rest being carried forward. The new exam will likely focus more on:
- Cybersecurity threats
- Risk management techniques
- IoT threats – Alexa said that this isn’t a problem…
- …and hands-on skills using technologies and tools
The main exam objectives will be re-organized to better reflect the changing emphasis of industry cybersecurity trends as well as instructional design enhancements.
So, what kind of new content can you expect to see in the Security+ SY0-601?
Understanding that the Security+ exam is about a mile wide and an inch deep, we need a really broad brush. Essentially, the new material in CompTIA’s Certification Exam Objectives for Security+ SY0-601 will cover technologies that were not yet widely adopted at the time the Security+ SY0-501 was released.
These newer technologies include the following (some or all of which would end up on the new exam objectives):
– Cloud support to likely be enhanced as is and cloud security
– Growth of Virtualization platforms and how to secure them
– Common mobile device security breaches
– Securing online payment systems and cart technology
– More on monitoring tools, their metrics and the analysis of their data
– Emphasis on network access control models
– Manufacturer-specific issues regarding mobile device security
Like previous CompTIA Security+ updates, the SYO-601 will also most probably increase the emphasis on practical knowledge through Performance Based Questions (PBQs). The sub-objectives affected by that would start with a phrase like “Given a scenario…”
Analysis of the Job Task
The first step in any CompTIA exam update is to perform a Job Task Analysis (JTA), in which CompTIA consults subject matter experts drawn from administrators of large networks, device manufacturers and industry leaders. These experts tell CompTIA exactly what changes are occurring in the profession and what developing trends to anticipate. CompTIA then updates its exam questions accordingly.
What is NOT changing: The job roles
The Security+ SY0-601 exam remains grounded in the same job roles as the SY0-501: security administrator and information assurance specialist.
Typical SY0-601 role titles include:
- Cyber Security Specialist
- Cyber Security Administrator
- Cyber Security Consultant
- Systems Administrator
- Network Administrator
- Junior IT Security Auditor
- Junior Penetration Tester
Nature of changes to the exam content
There are several new themes for the new Security+ 601 exam. Here are the main changes:
- Risk mitigation with increased device configuration
- Best practices for cybersecurity and organizational security
- Deeper penetration test and vulnerability scan
This is the result of seeing more Distribute Denial of Service (DDoS), cryptographic ransomware, phishing, and business email attacks. These and other attacks have over the last few years become more varied, sophisticated and therefore more successful, it is more important than ever for security professionals to accurately identify these threats and act decisively. Resolution of a threat or attack depends on quick identification of the threat type and the rapid deployment of the most effective solution.
There is also a increased emphasis on policy-based decisions, as well as understanding frameworks. Increasingly, security procedures have become a policy-based. The exam includes emphasis on SS0, multifactor authentication techniques and tools.
Cyber Security for what?
It is important to set these very long lists of exam objectives in a meaningful context. Therefore, the Security+ exam now includes an emphasis on how security techniques, policies, and best practices all are the foundation for privacy. For the security administrator (one of the job roles defined by the Security+ JTA) this must remain a crucial focus. The surveys in preparation for the SY0-601 update will probably show a prerequisite for any organization id that it must first have its security practices in order before it can address privacy in a meaningful way.
Should I take the Security+ SY0-501 now or wait for the new SY0-601 exam?
Logic would indicate that you should take the version available at the time you need to be certified. That’s simple enough. However, there are other things to consider too. One is that although the “latest and greatest” always has its appeal, chances of success at the exam matters too. When it comes to CompTIA certification your certification is valid for three years from the date you pass the exam. It doesn’t matter if that date happens to be one day before the retirement date of the exam, you are still certified for three years no matter what. The other consideration is always a tendency to prefer “the devil you know”. There is predictability in committing to Security+ SY0-501 that the SY0-601 objectives can’t offer just yet as it is known that CompTIA adjusts and recalibrates an exam for the first six months to a year after the release date.