The Expected difference between CompTIA Security+ SY0-501 and SY0-601
Every three years CompTIA releases a new and updated version of its exams. Update: We are now expecting it in November 2020. Although CompTIA is not telling when the new Security+ SY0-601 Exam will be released, we hear that November should be the month. Below we will take a look at what we believe the difference between CompTIA Security+ SY0-501 and SY0-601 maybe. UPDATE! The release date is November 12, 2020
The current Security+ SY0-501 was released on October 4, 2017, and will be retired in the spring of 2021, probably in April- there is a 6 month “grace period” where these two versions will overlap and you will actually be able to choose which exam you prefer to sit for (see bottom of this post for more on that).
How much of the content will change?
Between the new Security+ SY0-601 and the current SY0-501 we should expect about a 25% overall change in content with the rest being carried forward. The new exam will likely focus more on:
- Cybersecurity threats
- Risk management techniques
- IoT threats – Alexa said that this isn’t a problem…
- …and hands-on skills using technologies and tools
The main exam objectives will be re-organized to better reflect the changing emphasis of industry cybersecurity trends as well as instructional design enhancements.
Click here for free Security+ SY0-601 practice questions
So, what kind of new content can you expect to see in the Security+ SY0-601?
Understanding that the Security+ exam is about a mile wide and an inch deep, we need a really broad brush. Essentially, the new material in CompTIA’s Certification Exam Objectives for Security+ SY0-601 will cover technologies that were not yet widely adopted at the time the Security+ SY0-501 was released.
These newer technologies include the following (some or all of which would end up on the new exam objectives):
– Cloud support to likely be enhanced as is and cloud security
– Growth of Virtualization platforms and how to secure them
– Common mobile device security breaches
– Securing online payment systems and cart technology
– More on monitoring tools, their metrics, and the analysis of their data
– Emphasis on network access control models
– Manufacturer-specific issues regarding mobile device security
Like previous CompTIA Security+ updates, the SYO-601 will also most probably increase the emphasis on practical knowledge through Performance Based Questions (PBQs). The sub-objectives affected by that would start with a phrase like “Given a scenario…”
Analysis of the Job Task
The first step in any CompTIA exam update is to perform a Job Task Analysis (JTA), in which CompTIA consults subject matter experts drawn from administrators of large networks, device manufacturers and industry leaders. These experts tell CompTIA exactly what changes are occurring in the profession and what developing trends to anticipate. CompTIA then updates its exam questions accordingly.
What is NOT changing: The job roles
The Security+ SY0-601 exam remains grounded in the same job roles as the SY0-501: security administrator and information assurance specialist.
Typical SY0-601 role titles include:
- Cyber Security Specialist
- Cyber Security Administrator
- Cyber Security Consultant
- Systems Administrator
- Network Administrator
- Junior IT Security Auditor
- Junior Penetration Tester
Nature of changes to the exam content
There are several new themes for the new Security+ 601 exam. Here are the main changes:
- Risk mitigation with increased device configuration
- Best practices for cybersecurity and organizational security
- Deeper penetration test and vulnerability scan
This is the result of seeing more Distribute Denial of Service (DDoS), cryptographic ransomware, phishing, and business email attacks. These and other attacks have over the last few years become more varied, sophisticated and therefore more successful, it is more important than ever for security professionals to accurately identify these threats and act decisively. The resolution of a threat or attack depends on quick identification of the threat type and the rapid deployment of the most effective solution.
There is also an increased emphasis on policy-based decisions, as well as understanding frameworks. Increasingly, security procedures have become a policy-based. The exam includes an emphasis on SS0, multifactor authentication techniques, and tools.
Cyber Security for what?
It is important to set these very long lists of exam objectives in a meaningful context. Therefore, the Security+ exam now includes an emphasis on how security techniques, policies, and best practices all are the foundation for privacy. For the security administrator (one of the job roles defined by the Security+ JTA) this must remain a crucial focus. The surveys in preparation for the SY0-601 update will probably show a prerequisite for any organization id that it must first have its security practices in order before it can address privacy in a meaningful way.
Should I take the Security+ SY0-501 now or wait for the new SY0-601 exam?
Logic would indicate that you should take the version available at the time you need to be certified. That’s simple enough. However, there are other things to consider too. One is that although the “latest and greatest” always has its appeal, chances of success at the exam matters too. When it comes to CompTIA certification your certification is valid for three years from the date you pass the exam. It doesn’t matter if that date happens to be one day before the retirement date of the exam, you are still certified for three years no matter what. The other consideration is always a tendency to prefer “the devil you know”. There is predictability in committing to Security+ SY0-501 that the SY0-601 objectives can’t offer just yet as it is known that CompTIA adjusts and recalibrates an exam for the first six months to a year after the release date.
31 thoughts on “The Expected difference between Security+ SY0-501 and SY0-601”
So is 601 out now
No, not yet. It is slated to come out in October. The current Security+ SY0-501 will still be in the testing centers for about another year i.e. till October plus the 6 mo. “grace period” during which CompTIA allows both tests to be available at the same time. Whichever test you choose, you will be certified for three years from your exam date. Here is some more info on retirement dates: https://www.certblaster.com/comptia-big-3-exam-retirement-dates/
I have been studying for awhile (since last year) and I am about to take the SY0-501 before it expires. Does the exam add or update questions within the 3 years that it is active?
For example, if I purchased a book to study from last year for SY0-501 content, do I require a more updated one that was published this year, 2020 in case there were new questions added to the SY0-501 exam? Or does the content stay the same for all 3 years.
Hi John, any addition or update of questions done during the three-year cycle of any CompTIA version, are done against that version’s exam objectives. This means that the book you bought for SY0-501 is still a good study source for the SY0-501 exam. On another note, although the Security+ SY0-501 is soon being replaced by the Security+ SY0-601 you are not in too much of a hurry as the Security+ SY0-501 will benefit from a 6-months “grace period” past the release date of Security+ SY0-601.
Best of luck on exam day!
November 12th I heard
That is correct Jean! Here is more detail: https://www.certblaster.com/comptia-big-3-exam-retirement-dates/
So if I want to take the Security+ SY0-501 in December 2020 I can because of the 6 months grace period?
Yes, Ayana, that is exactly right! And best of luck to you from the entire CertBlaster Team!
Hi, my exam voucher for security+ 501 will expire next year May 2021, can I take the exam on May 2021? or will my exam voucher will be void because March 2021 is the end for security+ 501?
The announced release date for Security+ SY0-601 is still “November 2020” so you may want to double-check with CompTIA how long your voucher is good for because if the release was to be on Nov. 1 and adding 6 months (the usual “grace period”) then that should indicate the Security+ SY0-501 should be retired in April 2021. However, if it says May 2021 then the assumption would be that they will honor that.
So if I purchase the book for the SYO-501 do I still need to purchase for the SYO-601 if I have to write the exam?
Yes, the course materials are (and have to be) version-specific as they need to reflect the exam objectives. There are enough differences between the Security+ SY0-501 and Security+ SY0-601 exam objectives that you will not be able to prepare adequately for the SY0-601 exam using SY0-501 content.
Best of luck in your quest for certification!
If I have completed CEUs that pertain for objectives listed for 501 will those still be valid CEUs even though some of the 601 objectives have changed?
The answer to that should be yes. 50 CEUs within three years should qualify regardless of whether they address Security+ SY0-601 objectives or not. However, it does require that the 50 CEUs are recognized by CompTIA. Here is a good link for you to verify that: https://www.comptia.org/continuing-education/learn/earn-continuing-education-units
Best of luck in your quest for certification!
Which would be easier to pass, 501 or 601? taking it spring 2021?
for someone who is somewhat of a newbie
They are about the same level of difficulty. Neither of these exams is all that deep but they are very wide so it does require a fair amount of knowledge spread over a lot of technical security issues. If you are a bit of a newbie and want to take the exam in the spring, then we recommend you pursue the Security+ SY0-601. Because the Security+ SY0-501 will be retired in the spring, studying for the 601 will avoid hitting up against a hard deadline (in case you don’t clinch it on the first try) after having invested a lot of time in 501 studies.
I took and passed the new SY0-601 exam yesterday.
The questions are definitely more wordy and it would be a good idea to learn how to set up SSH in Linux!
CONGRATULATIONS Martin! And thanks for letting us know and also for the feedback!
Congrats! If you used a book as a study guide, can I ask which book you found helpful? I am planning to start studying for the SYo-601 soon.
I plan on taking the exam by the end of November 2020.Should I reschedule and just wait for the 601 to prepare for it or I should go ahead and take it considering that I am a newbie
Hi Asia, It depends if you have studied a lot for Security+ SY0-501. If you did, then it makes sense to try and go up for the exam. If you haven’t invested any studying time on the SY0-501 exam yet and you are a bit of a newbie, then we recommend you pursue the Security+ SY0-601 because you will have a lot of more time to re-study would you not succeed on the first try.
Hi, I’m planning on getting my Security+ next year. When will the SY0-601 – study material, test prep, actual exam, be available? It might make sense for me to just wait until those come out instead of purchasing study materials and exams for SY0-501.
Hi Emmanuel, yes, in your situation having not started studying yet, it makes all the sense in the world to wait for Security+ SY0-601. The exam is slated to be released by CompTIA this month. Our CertBlaster for Security+ SY0-601 is ready to be released but we can’t go live before CompTIA releases the exam to the testing centers. The day CompTIA releases the Security+ SY0-601 exam, we will be releasing our CertBlaster for Security+ SY0-601.
Hi, I actually came here to ask about taking the SYo-501 since I have been studying already and was kind of skeptical that it might not still be possible for me to go for the exams early next year. But reading from the other comments above, I am convinced that I can still take the certification exams for SYo-501 in January.
Hi Fabrice, Yes you are absolutely right, you can take the Security+ SYO-501 in January, and even up until late spring 2021 which leaves you a bit of extra time would you need a retake. Since you have been studying for that exam it makes all the sense in the world to apply that investment in time towards “the devil you know” rather than starting over with the Security+ SYO-601 exam.
Best of luck in your quest for certification.
Hi, so I found out the 601 is just coming out and I have already purchased study guides, exams, and an academic voucher for the 501. My Voucher says “must be used by 09/08/21” Will I be able to use that voucher and take the 501 exam? Thank you.
So, you are absolutely good for six months past 11/12/2020. That is the CompTIA “grace period” during which you will have a choice, at the exam center, between the Security+ SY0-501 and the Security+ SY0-601. Now if it says 09/08/21 on a CompTIA issued voucher that kind of, sort of seems to indicate that the Security+ SY0-501 would be available until the fall. Having said that, you may want to double-check with CompTIA because so far we have never seen a grace period going past six months.
Here is a question:
If I hold off writing the 501 till say March 2021, does that mean I’m Sec+ certified for 3 years and don’t have to write, till say the 701 comes out?
Hi John, yes whether you take the Security+ SY0-501 or SY0-601 you will be just as certified for three years from the exam date.
So the exam expires in 3 years, I thought you have to take some kind of class for it to not expire?
Hi Reese, yes the exam is valid for three years and then requires recertification. This can take two forms 1) re-passing the exam or 2) achieving enough Continuing Education Units – CEU to keep the certification “alive” beyond the default three-year duration. You can find out more details about that here: https://www.certblaster.com/recertification-for-comptia-a-plus-network-plus-and-security-plus/.