CompTIA or the Computing Technology Industry Association is a global non-profit association that issues professional certifications in the domain of Information Technology (IT). CompTIA is the world’s leading IT association that offers vendor-neutral certifications. What vendor-neutral means is that the CompTIA certifications aren’t constrained to one technology or vendor in particular, but the certifications deal with different technologies and tools of multiple vendors. Thanks to CompTIA, as aspirants don’t need to go to individual vendors (like IBM, Dell, Cisco, Microsoft, HP, etc.) for professional certifications and training.
CompTIA certifications are a great option for beginners in the IT field. These certifications include:
- CompTIA Fundamentals
- CompTIA Network+
- CompTIA Security+
- CompTIA Cloud+
- CompTIA Linux+
- CompTIA Server+
- CompTIA CySA+
- CompTIA SASP
- CompTIA PenTest+
- CompTIA Project+
- CompTIA CTT+
- CompTIA Cloud Essentials
In this post, we’re going to focus on the CompTIA Security+ Certification. To be more precise, we’ll compare the old Security+ (SY0-401) Exam with the new Security+ (SY0-501) Exam.
Security+: SY0-401 Exam vs. SY0-501 Exam
The CompTIA Security+ Certification evaluates the necessary security skills of a candidate through both multiple-choice and performance-based questions. The Security+ Exam is updated every few years to ensure that the certification stays industry-relevant with the changing times. The latest update was on October 4, 2017, when CompTIA released the Security+ SY0-501 exam at the Pearson VUE.
Although the earlier version of the Security+ Exam (SY0-401) is retired now, we will make a side-by-side comparison of the two exams, SY0-401 Exam vs. SY0-501 Exam, to better understand the changes in the new version.
SY0-401 Exam vs. SY0-501 Exam: Difference in Exam Objectives
The Security+ Certification exam comes with defined objectives, wherein each objective holds a specific percentage of the total.
The objectives of the SY0-401 Exam include:
|Domain Name||Percentage of Exam|
|Compliance and Operational Security||18%|
|Threats and Vulnerabilities||20%|
|Application, Data and Host Security||15%|
|Access Control and Identity Management||15%|
The objectives of the new SY0-501 Exam include:
|Domain Name||Percentage of Exam|
|Threats, Attacks and Vulnerabilities||21%|
|Technologies and Tools||22%|
|Architecture and Design||15%|
|Identity and Access Management||16%|
|Cryptography and PKI||12%|
SY0-401 Exam vs. SY0-501 Exam: Most Critical Changes
Overall, by analyzing the content and objectives of the two versions, we can say that there has been a 25% change in content. The new version focuses more on attacks, risk management and the development of hands-on skills by using different tools and technologies. The new tools include network scanners (rogue system detection, network mapping), wireless scanners, configuration compliance scanners, data sanitization tools, steganography tools, command-line tools, and exploitation frameworks. Unlike the older exam version (SY0-401) that focuses more on intermediate-level analysis, SY0-501 seeks to cover lower-level learning objectives (of Bloom’s taxonomy layer) through knowledge, comprehension and practical application.
As the table above depicts, the primary objectives have been renamed and their order has been rearranged to better fit the current trends in cybersecurity. According to the growing importance of cybersecurity across all sectors of the industry, the SY0-501 Exam is designed to improve risk management and mitigation and stresses on developing practical cybersecurity skills to better identify, address and prevent system/network vulnerabilities, cybersecurity security attacks and threats.
Since cybersecurity has gained a pivotal position in the enterprise IT infrastructure, it is essential that cybersecurity professionals are well-versed with the latest tools and technologies in the domain. In the SY0-501 Exam, older technologies have made way for next-gen technologies such as ransomware, spyware, threat identification skills and PKI.
While the SY0-401 was available in three languages – English, Japanese and Portuguese, the SY0-501 Exam is offered in four languages, namely English, Japanese, Portuguese and simplified Chinese.
SY0-401 Exam vs. SY0-501 Exam: Difference in Study Materials
Although there is a vast array of study materials available for the Security+ Certification Exam, CompTIA recommends the following books for the SY0-401 Exam:
- CompTIA Security+ All-in-One Exam Guide: Fourth Edition
- CompTIA Security+ Vorbereitung Auf
- CompTIA Security+ Study Guide: SY0-401
- Mike Meyers’ CompTIA Security+ Certification Passport: Fourth Edition
- Cert-SY0-401, by David L. Prowse
For the new SY0-501 Exam, CompTIA recommends:
- Mike Meyers’ CompTIA Security+ Certification Passport: Fifth Edition
- CompTIA Security+ Certification Practice Exams: Third Edition
Since the SY0-501 is relatively newer, there are a limited number of books available so far. However, more books and study materials will continue to emerge with time.
SY0-401 Exam vs. SY0-501 Exam: Difference in Job roles
Since the newer version (SY0-501) is an upgrade of the SY0-401 Exam, the job roles are more or less the same. Both are suitable for professionals working in network/security/system administration. However, the newer version does allow candidates to opt for other entry-level job roles like Junior IT Auditor or Penetration Tester.
SY0-401 Exam vs. SY0-501 Exam: Exam details
As for the exam pattern and details, the newer version retains the same format of the older version.
- Number of questions: 90
- Types of questions: Performance-based and multiple-choice
- Exam duration: 90 minutes
- Qualifying score: 750 out of 900
Which version should you take?
The CompTIA Security+ credential serves as a global foundation-level certification on cybersecurity knowledge and skills required for enterprise IT environments. And, while upgrades in the exam formats will continue to occur from time to time, what will not change is the training and preparation pattern for the Exam. The best way to prepare yourself for the Security+ Exam is to take up an online training course. Online training programs follow a structured and hands-on approach to learning and with their expert guidance, you can pass the exam in one go!