October 23, 2017 | Category: Cyber Security, Training and Certification | Tags: Views: 30945

CompTIA Security+ (Plus) SY0-501 vs SY0-401

This blog post breaks down the differences between the CompTIA Security+ (Plus) SY0-501 and SY0-401 exams. Even though the SYO-401 exam has been retired, it is interesting to examine the changes in exam content that lead to the most recent version.

A Bit Of Background About The Security+ Exam

As one of the first security certifications an IT professional needs to earn, the CompTIA Security+ certification confirms the holder has the base knowledge needed for a cyber security job. The exam has been developed by IT professionals and industry-wide survey feedback. The exam is updated every few years to make sure that it stays relevant and to keep with current industry trends.

Download the Security+ SY0-401 Study Guide

The Security+ exam is the only cyber security exam that assesses basic skills using performance-based questions, as well as multiple-choice questions. These performance-based skills help the exam to highlight and test the hand-on practical skills candidates need to have in order to successfully pass the exam.

Security+ (Plus) SY0-501: Content and Instructional Design (ID)

The 2017 update to the Security+ exam included changes to the cognitive level of the exam and the content/instructional design. These changes were made after months of consultation with subject matter experts. There has been about a 25% overall change to the exam between Security+ (Plus) SY0-501 and SY0-401. The new exam SY0-501 concentrates more on risk management, attacks, and hands-on skills using technologies and tools. In order to reflect better ID organization and trends in the cyber security industry the Security+ SY0-401 domains have been rearranged and re-named.


SY0-401 Domains

  • 1.0 Network Security – 20%
  • 2.0 Compliance and Operational Security – 18%
  • 3.0 Threats and Vulnerabilities – 20%
  • 4.0 Application, Data, and Host Security – 15%
  • 5.0 Access Control and Identity Management – 15%
  • 6.0 Cryptography – 12%

SY0-501 Domains

  • 1.0 Threats, Attacks, and Vulnerabilities – 12%
  • 2.0 Technologies and Tools – 22%
  • 3.0 Architecture and Design – 15%
  • 4.0 Identity and Access Management – 16%
  • 5.0 Risk Management – 14%
  • 6.0 Cryptography and PKI – 12%

In addition to restructuring the domains, there is focus on several new themes on the Security+ SY0-501 exam. These themes focus on items such as the important of risk mitigation concepts, techniques, and best practices. With cyber security attacks becoming more common, it is important that security professionals are able to correctly identify threats and issues in order to quickly assign resources to resolve them. The exam now highlights the importance of policy-based decisions and understanding frameworks; there is also a renewed attention on multi-factor authentication techniques and tools. Additionally more significance has been placed on how security techniques and best practices are the foundation for privacy; a continuing concern for security administrators.

Security+ SY0-501 Cognitive Changes

The introduction of CompTIA’s CySA+, the intermediate-level certification between Security+ and CASP+, has been a driver in some of the cognitive changes made to the Security+ exam. With cyber security jobs becoming more specialized, the intermediate skills seen on previous exams have been moved to higher level certifications. There has also been changes to the exam objectives to highlight the need for hands-on skills. According to the industry-standard classification system used by CompTIA, Bloom’s Taxonomy, to evaluate the level of ability  learns need in order to understand concepts in Security+, the new Security+ SY0-501 exam has more questions and concepts on Level 3-4. Levels 3 and 4, Understanding/Explaining and Applying (respectively), now comprise of 90% of the concepts/questions versus the 42% previously. This left 58% of the SY0-501 exam covered under Level 5 (Analyzing). The new Security+ (Plus) SY0-501 exam truly makes the Security+ certification an entry-level cybersecurity certification.

Job Roles Under Security+ SY0-501

The job roles recommended by the SY0-501 Job Task Analysis have not changed as drastically as the cognitive changes make it seem. The new recommended job roles are:

  • Systems Administrator
  • Network Administrator
  • Security Administrator
  • Junior IT Auditor/Penetration Tester

If you’re composing a study plan for Security+, take a look at these resources for guidance:

Related Post

EC-Council Cyber Security Programs Guide

EC-Council Cyber Security Programs Guide