In keeping with continually morphing security best practices, the latest version of the CompTIA Security+ certification exam, SY0-601, is now available. Let’s take a closer look at the sixth version of the CompTIA Security+ exam.
Should I take CompTIA Security+ SY0-501 or SY0-601?
There’s no question: You should take the SY0-601 certification because it addresses three major challenges facing the world over the last few years:
- The attack surface has morphed. We now live in a cloud-first, hybrid world that supports myriad services, including AI, IoT management and data analytics. It’s important to understand how to secure each element of the attack surface, which includes the cloud, installed servers and data centers. Now that the cloud is used in every sector, skilled workers are needed who can secure it and also trace cloud-based attacks.
- Attack opportunities have changed. As the remote workforce grew, attackers changed their social engineering strategies.
- Attackers are more sophisticated. Malware, ransomware and distributed denial-of-service attacks now exist that are carefully designed to destroy traditional backup solutions. Attackers once stopped at simply encrypting files and asking for a ransom. Now, attackers compromise systems and threaten to reveal the contents of sensitive information that violates privacy principles and laws — a practice called doxing.
The 601 exam proves that workers have the sophisticated skills needed to protect today’s attack surface. Like any other IT certification created by a competent authority, the CompTIA Security+ 601 exam uses the input of literally thousands of working security professionals. It is not created to teach theoretical security; rather, the 601 exam contains the distilled wisdom of subject matter experts who have experienced the major changes of the last several years.
Let’s take a look at each of the domains and a few of the more important changes.
The CompTIA Security+ 601 domains
The following lists each of the five domains, along with the weight each domain carries in the exam.
The two most heavily weighted elements of the exam test the ability to identify and trace attacks and threats and how to implement security controls.
What is the difference between SYO-601 and SYO-501?
Let’s take a closer look into the major changes you’ll see in the SY0-601 exam.
Small and large entities alike must comply to various organizational security standards; risk management is another rapidly growing field. Therefore, the new CompTIA Security+ 601 exam now contains an entirely new domain focused on governance, risk and compliance (GRC).
Globally, organizations that use credit cards must prove compliance to PCI DSS. Organizations in Europe, and those wishing to do business with organizations in Europe, must govern themselves according to the GDPR standard. In the United States, organizations are often asked to comply to many standards, such as the NIST Cybersecurity Framework, HIPAA and many others. Other nations are creating additional standards.
Businesses worldwide need workers who can help organizations become, or remain, compliant to these standards. Doing so is no mean task. GRC requires a combination of technical knowledge, business savvy and soft skills. Compliance and governance are job roles in and of themselves. The CompTIA Security+ 601 exam recognizes the growing importance of this role even more so than its predecessor.
Incident response 2.0: The techniques and the process
The new exam focuses on the best practices of attack mitigation and response. Plus, the exam does more than simply discuss how to respond to acute attacks; it delves into procedures for creating effective incident response plans. In addition, the entire fourth domain of the exam reflects a decidedly more process-driven approach — because process is everything.
Cloud-aware security: Data feeds meet traditional packet-based inspection
The world has felt a disturbance in the force, and it’s the fact that the world has actually started using the cloud. Instance awareness, proper use of cryptography to protect data at rest and in transit, container security and the use of cloud security access broker (CASB) technology have all become standard procedure. Therefore, the subject matter experts behind the CompTIA Security+ 601 exam ensured it includes them. With CompTIA Security+ know-how, a worker now can now recommend how to configure a CASB so that it protects the users of cloud services and applications.
The CompTIA Security+ 601 exam also discusses cloud-based vs. on-premises vulnerabilities. This new exam version covers more than simple awareness of SIEM tools. It also focuses on configuring security analytics tools to monitor both cloud environments and the performance of security controls. Monitoring now means more than log aggregation and SIEM analysis; it now involves using monitoring services, including real-time monitoring services.
More depth concerning how hackers pivot
A pivot is usually defined as a method that attackers use on compromised systems or a process to attack another. When responding to an incident, security professionals determine these pivot points by identifying indicators of compromise (IoCs). Defenders doing security assessments can also identify pivot points; once a defender has identified an IoC, they can use that attack artefact as a way to identify additional attacks or determine where an attacker has gone.
The subject matter experts who provided input to the 601 exam clearly felt that it was important for defenders to understand how pivot points and IoCs are identified. That’s why CompTIA Security+ 601 requires knowledge of more attack lifecycle models, including the following:
These additions have kept CompTIA Security+ 601 the de facto security education standard for various organizations, including the United States Department of Defense, Northrop Grumman and Tesco.
Is CompTIA Security+ 601 harder than 501?
Not necessarily. Any exam created using careful research and extensive input from working security professionals will expect individuals to prove their hands-on, practical experience. As a result, any valid certification exam will challenge individuals to perform up to professional standards. The new 601 exam includes multiple-choice questions and performance-based questions. It is designed to validate professional-level security knowledge reflecting someone with 24 months of experience or the equivalent. Feel free to delve more deeply into the differences between the old Security+ 501 and new Security+ 601 exams in a recent CompTIA blog entry.
Take a closer look
The objectives for the new CompTIA Security+ 601 exam are now available, along with official CompTIA CertMaster Learn training. If you’re looking for a way to enter into the security profession, consider using CompTIA Security+ as a starting point on your learning pathway. Thousands of organizations worldwide use it to gauge the skill level of their employees. Consider the advantage of being able to prove that you can help these organizations secure today’s attack surface.
About the author
Dr. James Stanger is CompTIA’s chief technology evangelist. He has consulted in cloud security, open source and networking for organizations such as Northrop Grumman, Tesco, AWS, West Point, SoftBank and Symantec. He has developed education programs on myriad subjects, including security analytics, cloud administration, Linux, British Romantic literature and kayaking.