Certifications / Security

Security+ Exam SY0-501 vs 601: What’s New?

Security+ Exam SY0-501 vs 601: What’s New? picture: A
Follow us
Published on May 12, 2021

We've said it before: "Cybersecurity is one of the most sought-after competencies for enterprises of all sizes." Employers use security certifications as one way to evaluate the expertise of current and prospective security staff. Faced with the pervasive threat of "bad actors" breaking in, disrupting operations, and stealing valuable information, they need staff at many levels with security expertise.

Organizations need expert architects, engineers, and analysts, as well as qualified administrators to handle the day-to-day security activities to protect enterprise systems, networks, and information. That's where CompTIA's Security+ certification comes into play. As the leading vendor-neutral certification, it is widely acknowledged as an ideal way to validate baseline security skills.

CompTIA updates its certifications every three years because of the ever-changing cybersecurity landscape — the morphing of threats and the evolution of technology. The current CompTIA Security+ certification exam (SY0-501) will be retired on July 31, 2021, at which point the Security+ SY0-601 exam will replace it.

Any time there is a change in a certification process, it raises questions for those who are already certified, those who are on the current certification track, and those who are yet to start. This post will discuss the changes between SY0-501 and SY0-601 and help answer the following questions:

  • I am SY0-501-certified already! What does SY0-601 mean to me?

  • I am ready to take the SY0-501 exam! Should I go ahead or go for the new exam?

  • I want to get security-certified! Should I go for the CompTIA Security+ cert?

Then, we'll discuss how to prepare for the exam. But first, let's review the changes and what you should expect on the CompTIA Security+ SY0-601 exam.

CompTIA Security+ SY0-601: What's Changed from SY0-501?

Since the introduction of the CompTIA Security+ SY0-501 curriculum and exam, there has been a realization that increased emphasis needs to be placed on the core facets of cybersecurity, including security controls, incident response, and forensics.

The trend toward hybrid environments with cloud, mobile, and IoT operations has placed a premium on sysadmins and network admins proficient in all aspects of day-to-day security management.

Security administrators must be able to determine and implement the appropriate security solutions for the organization's hybrid environment and then monitor those solutions, identifying and responding to security events and incidents. In addition, certified security professionals must understand and operate within the applicable principles of risk, compliance, and governance.

To this end, the new CompTIA Security+ SY0-601 is more focused but goes deeper than its predecessor. The new exam has five domains — one fewer than SY0-501—and fewer objectives (35) but 25% more examples than the previous exam. In its SY0-601 certification exam objectives document, CompTIA states that the new Security+ cert is equivalent to two years of hands-on experience working in a security/systems administrator job role.

The new exam features the following domains:

  • Attacks, Threats, and Vulnerabilities (24%)

  • Architecture and Design (21%)

  • Implementation (25%)

  • Operations and Incident Response (16%)

  • Governance, Risk, and Compliance (14%)

Let's examine the Threats, Attacks, and Vulnerabilities domain to give you an example of the depth covered by the exam.

Here, you'll be expected to be able to identify and explain over 20 different social engineering attack techniques, as well as different threat actors, vectors, intelligence sources, and the security concerns associated with various types of vulnerabilities. In addition, you'll be required to analyze given scenarios to identify over 30 types of attacks on systems, networks, and apps, such as malware, cloud-based and on-premises attacks, adversarial AI, API attacks, Secure Sockets Layer (SSL) stripping, distributed denial-of-service (DDoS), etc., etc.

Although the content and focus of the SY0-601 exam have changed, its structure has not. The exam still features up to 90 multiple-choice and performance-based questions. The exam is 90 minutes long, and you must score at least 750 on a scale of 100-900 to earn your Security+ certification.

You can take the CompTIA Security+ SY0-601  exam online or at a Pearson VUE testing center. In the United States, an exam voucher costs $370.

Who Should Take the Security+ SY0-601 Exam?

Of course, since the SY0-501 certification exam is set to retire in July 2021, anyone considering getting or renewing their Security+ should take the new exam. Here are some additional scenarios where it makes sense to take the new exam:

You’re Already Security+ Certified

If you have already passed the SY0-501 exam, your Security+ cert is valid for three years from your certification date. At that time, you will need to take the then-current exam to renew your certificate. Employers typically look at the Security+ certification itself rather than the specific exam. So, unless your job demands explicitly SY0-601 certification, there is nothing you need to do.

You’re Ready to Take the SY0-501 Exam

Perhaps you have already begun studying for the SY0-501 exam? You have until the end of July 2021 to take it, after which you must take the new exam. Should you take the SY0-501 exam or go straight for the new one? Unless your job, or the one for which you are aiming, requires explicitly the SY0-601 exam, it's really up to you. Check out the exam objectives documents and practice questions for each exam. Decide which exam you feel better prepared for — and make your choice!

If you take and pass the SY0-501 exam, you will be Security+ certified for the next three years before renewing.

Looking to Get Security-Certified?

Are you a junior-level IT administrator, helpdesk technician, or cloud engineer looking to move into cybersecurity? Perhaps you are a DevOps engineer, a developer, or an IT auditor wanting to add security skills to your resume?

You should consider the CompTIA Security+ certification as your first step in any of these cases. If you aspire to work in IT for the US Federal Government, then Security+ is one of the security certifications approved under Department of Defense (DoD 8570.01) guidelines.

For you, the SY0-501 versus SY0-601 debate is a no-brainer! Start studying immediately for the new CompTIA Security+ (SY0-601) certification exam.

Preparing for the Security+ SY0-601 Exam

Before you embark on your Security+ SY0-601 certification journey, take note of CompTIA's recommended candidate experiences. They suggest that candidates who attempt the exam should have at least two years of work experience in IT sysadmin, with a focus on security and hands-on technical infosec experience.

Don't worry if you don't have that experience. Share your cybersecurity goal with your manager and ask for assignments to help you build expertise.

Your next step should be to see what your course of study must cover. CompTIA provides a detailed drill-down into the topics covered in each SY0-601 certification exam section. In preparation for taking the SY0-601 CompTIA Security+ certification exam, check out our CBT Nuggets' CompTIA Security+ video training, which includes videos, in-video quizzes, and a complete Kaplan IT SY0-601 practice test.

Final Thoughts

CompTIA Security+ was already recognized as a foundational infosec certification, and the new SY0-601 certification exam will further strengthen its perceived value. Earning the certification will help develop the baseline skills needed for a successful career in cybersecurity. Start learning today with CBT Nuggets!


Download

By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.


Don't miss out!Get great content
delivered to your inbox.

By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.

Recommended Articles

Get CBT Nuggets IT training news and resources

I have read and understood the privacy policy and am able to consent to it.

© 2024 CBT Nuggets. All rights reserved.Terms | Privacy Policy | Accessibility | Sitemap | 2850 Crescent Avenue, Eugene, OR 97408 | 541-284-5522