CompTIA Security+ is a renowned and one of the most sought-out certification exams validating the baseline security skills of the professionals to secure a network from external threats. The Security+ certification is compliant with ISO 17024 standards and approved by the Department of Defense (DoD) of the US to meet directive 8140/8570.01-M requirements. Employers widely use this certification to make their hiring decisions.
CompTIA updates the exam version every three years. The ongoing exam version (SY0-501) is going to expire in the spring of 2021. Consequently, the CompTIA is launching the new Security+ SY0-601 Exam in November 2020.
This article gives an insight into the changes we may look forward to in the new CompTIA Security+ SY0-601.
What’s in the current Security+ SY0-501 exam?
The CompTIA Security+ SY0-501 enables participants to identify various threats & vulnerabilities, learn security technologies, risk management, and implement security architecture. The Security+ SY0-501 validates the skills to:
What’s new in the CompTIA Security+ SY0-601?
The new Security+ certification includes trends and technologies that the industry had not adopted back in 2017 when SY0-501 was launched. Keeping the rising sophisticated attacks and ever-increasing dependency on cloud and IoT into consideration, the objectives of the updated exam may include the following topics:
Comparison of domains covered by Security+ SY0-501 & SY0-601 exam
The current CompTIA Security+ SY0-501 exam covers six domains, whereas the new SY0-601 exam covers only five domains as some of the domains and objectives are renamed and reordered.
The following table showcases the respective domains of both the versions with their percentage weightage in the examination.
|Domains covered by CompTIA Security+ SY0-501||Exam domains covered by CompTIA Security+ SY0-601|
|1. Threats, Attacks, and Vulnerabilities (21%)
|1. Attacks, Threats, and Vulnerabilities (24%)
|2. Technologies and Tools (22%)
|2. Architecture and Design (21%)
|3. Architecture and Design (15%)
|3. Implementation (25%)
|4. Identity and access management (16%)||4. Operations and Incident Response (16%)
|5. Risk management (14%)
|5. Governance, Risk, and compliance (14%)
|6. Cryptography and PKI (12%)|
Changes in the exam domains
CompTIA has made several changes to the exam domains and added the latest technologies to keep up with the ever-evolving cyber landscape. The following are the significant changes in the exam domains.
In the updated version, the ‘Threats, attacks, and vulnerability’ domain has 8 exam objectives. The domain extensively covers the latest social engineering techniques, different types of attacks (including the adversarial artificial intelligence attacks, physical attacks). It explains different types of threat actors, vectors, and intelligence sources that are not introduced in the SY0-501. It also includes a security assessment and pen testing techniques. The exam weightage of the domains in the updated version has increased to 24%.
The ‘Technology and tools’ domain is broken apart and added in the domains where it is applied. For example, the SIEM tool is introduced in the ‘Operations and incidence response’ domain.
The Cryptography & PKI and Identity & Access management domains are the fourth and sixth domains of the Security+ SY0-501 exam. These two domains are merged into the ‘Architecture & Design’ and ‘Implementation’ domains of the new Security+ SY0-601 exam. The public key infrastructure (PKI), Wireless security settings, Identity & access management topics are merged in the ‘Implementation’ domain.
In the present time, an IT professional must have the ability to respond to security-related incidents. The incidence response was introduced as an objective in the Risk management domain in SY0-501. The new Security+ SY0-601 has created a separate domain for Operations and incidence response. It covers procedures of incidence response, attack frameworks, and key aspects of digital forensic.
The SY0-501 exam emphasized on the risk management and created a separate domain for it. In the updated version (SY0-601), the ‘Risk management’ domain is merged in the ‘Governance, Risk, and compliance’ domain. The updated version covers risk management processes, regulations, and policies necessary for the organization’s Security.
Comparison of exam objectives of SY0-501 & SY0-601
An overview of domains of Security+ SY0-601 exam
The new CompTIA Security+ SY0-601 exam covers five major domains focusing on the skill sets required for the current industry roles.
The domain includes more sophisticated DDOS and social engineering attacks and the threats, attacks & vulnerabilities related to the IoT devices. It helps candidates in identifying vulnerabilities and prevent the possibility of cyber-attack.
The domain covers the enterprise environment and dependence on the cloud as organizations are shifting towards the hybrid environment (on-premises and cloud). It helps in understanding the concept of secure automation of applications and virtual platforms.
The implementation domain emphasizes Identity and access management, cryptography, PKI, wireless, and end to end security.
IT professionals must be able to implement security measures and protocols for cloud design, wireless, and mobile solutions.
The domain includes the security assessment and incident response, such as detection, risk mitigation, and the basics of forensics. IT professionals must know the methods of mitigation and security controls to protect the valuable information systems of the organizations.
The domain focuses on risk management, teamwork to stay compliant to the regulations such as HIPAA, GDPR, NIST, DSS. IT professionals should be aware of the policies & regulations and how these regulations can be implemented to strengthen the security posture of organizations.
Skills validated by the Security+ SY0-601 exam:
The Security+ SY0-601 exam validates the following skills of the certification holder:
The certification approves that:
Get certified with Infosec Train
Whether you go for the Security+ SY0-501 or SY0-601 certification, Infosec Train is delighted to help you get through both the examinations. Our certified and qualified instructors are well-versed in the respective domains. They follow comprehensive teaching methodology and focus more on practical knowledge to transform individuals into highly skilled professionals.
Key features of our CompTIA Security+ Training program
Join us today to earn the CompTIA Security+ certification in the first attempt and forge a promising career in the cybersecurity domain.