The CompTIA Security+ certification is recognized globally as the standard for fundamental cybersecurity knowledge.
It is recommended as an essential first step for IT security professionals and mandatory for many employees and contractors of the US Department of Defense.
The Security+ exam covers a wide array of topics, including the most foundational security concepts and practices in cybersecurity.
Every third year, the Security+ certification undergoes updates to keep pace with the ever-changing world of cybersecurity.
CompTIA modifies the exam domains and percentages with each new version.
We’ll compare the CompTIA Security+ SY0-601 with its new iteration, the SY0-701, examining what to expect from both certifications, their similarities, and what sets them apart.
Similarities Between the SY0-601 and SY0-701 Exams
The SY0-701 version represents a fresh challenge in the CompTIA Security+ certification. It is expected to be an overall evaluation of a candidate’s cybersecurity practical skills with performance-based questions.
While there have been updates to the exams, there are still some elements that remain unchanged.
For instance, in both exams, there’s a maximum of 90 questions featuring multiple-choice and performance-based question types. All are to be completed in 90 minutes.
The passing score for both exams is 750 on a scale of 100–900. Once passed, your certification is valid for three years, and you’ll need to obtain other advanced CompTIA certifications like the CySA+ to renew it or complete the Continuing Education Units (CEUs).
SY0-701 and SY0-601 Domains Compared
IT professionals looking to take the SY0-701 should expect it to be more challenging than the SY0-601. In addition, CompTIA now recommends candidates obtain the Network+ certification before taking the SY0-701.
These changes suggest an increased complexity in the new exam version as the Network+ symbolizes the fundamentals of networking, ports, protocols, and device technologies.
Here’s a tabular comparison of the domains of both the SY0-601 and SY0-701 exam and their percentage of examination:
Main Domain Differences
Let’s examine the changes in the exam objectives across each domain.
Domain 1
For SY0-701, the first domain, General Security Concepts, is a new addition. It features some new concepts, but most were previously spread throughout the SY0-601 objectives.
The first domain in SY0-601, Attacks, Threats, and Vulnerabilities, was modified into Threats, Vulnerabilities, and Mitigations in Domain 2 of the SY0-701.
Domain 2
The second domain in SY0-601, Architecture, and Design, now features architecture model security, securing enterprise infrastructure and protecting data under Security Architecture in domain 3 of SY0-701.
Domain 3
The third domain in SY0-601, Implementation, features heavily in domain 4 of SY0-701, and some of its concepts are split across other objectives.
Domain 4
Both the SY0-701 and SY0-601 have differently worded but similar concepts in domain 4. The SY0-701 is titled Security Operations, while the SY0-601 goes by Operations and Incident Response.
Domain 5
Similarly, objectives in the fifth domains of SY0-601 and SY0-701 are similar but worded differently. Domain 5 of the SY0-701 is Security Program Management
and Oversight, and for the SY0-601, it is Governance, Risk, and Compliance.
Changes in Domain Percentage Representation
Moving in tune with the rapidly evolving cybersecurity world, the SY0-701 exam prioritizes Security Operations as the highest-rated domain with 28%. This shows a significant increase from its equal Operations and Incident Response in the SY0-601 with 16%.
The shift in focus is the least surprising as cybersecurity operations and program management are becoming increasingly critical.
The highest-rated domain in the previous SY0-601 exam used to be Implementation with 25%, but now that has been spread across different objectives in the SY0-701.
Attacks, Threats, and Vulnerabilities, the second highest weight percentage at 24% in the SY0-601, is also the second highest in the SY0-701 with 22%. However, it has been renamed Threats, Vulnerabilities, and Mitigations in the SY0-701.
Security Architecture, previously Architecture and Design, sees a reduction in focus from 21% in SY0-601 to 18% in SY0-701.
The new version of Governance, Risk, and Compliance from SY0-601 is Security Program Management and Oversight in SY0-701, and it has seen an increase from 14% to 20%.
One of the newly introduced concepts in the SY0-701, General Security Concepts, accounts for 12% of the exam, the lowest rating.
What should you expect in the SY0-701?
CompTIA does well in integrating the exam objectives in the SY0-701. The new concepts are streamlined and appropriately introduced before diving into other areas.
Also, there’s better organization with the objectives, making the newer concepts more straightforward to learn.
The SY0-701 uses a conceptual and analytical lens to help IT professionals understand security topics. It covers emerging attack vectors, risk management strategies, and general security concepts not previously covered in the SY0-601.
There’s an elevated focus on operational technology and securing hybrid environments, including mobile, cloud, and IoT.
CompTIA aims for any professional taking the Security+ SY0-701 to understand security concepts more comprehensively. The idea is to strike a delicate balance between analytical and practical skills.
Final Thoughts
For anyone looking to establish themselves in the cybersecurity field, the CompTIA Security+ certification is a fundamental starting point.
Now, with the SY0-701 version, it’s more important than ever to be updated on what the exam entails.
The main differences between the SY0-701 and SY0-601 are already analyzed above in detail. Understanding it will help you decide which exam to take based on your study resources and timeline.
We expect the SY0-701 exam to be more challenging, but scaling through lies in your ability to adequately prepare.
