It has been over three years since the last revision of the CompTIA Security+ exam back on May 1, 2014. In fall of 2017, the latest version, SY0-501, was released. This revamped exam retains the same six domains as established in SY0-401, which emphasizes security in three main areas: application, data, and host.
The CompTIA Security+ exam was revised to focus more on best practices and concepts related to risk management and mitigation. The domains have been re-ordered and renamed and new topics account for about 30 percent of the material. There is more focus on direct hands-on activities performed by a security professional (i.e. understanding and applying) while toning down coverage of concept analysis. The exam was adjusted to focus primarily on entry-level concepts and skills with an emphasis on application (Bloom’s Taxonomy layer 3) as opposed to being focused on intermediate concepts and skills with an emphasis on analysis (Bloom’s Taxonomy layer 4). The intermediate material and analysis is covered on the CompTIA Cybersecurity Analyst (CSA+) exam.
In your efforts to prepare for SY0-501, it would be a good idea to pay special attention to the new topics and issues added for this latest revision. For a complete and detailed explanation of each of these new topics, please consider attending a Global Knowledge Security+ training course. You can obtain a full and official copy of the CompTIA Security+ Certification Exam Objectives EXAM NUMBER: SY0-501 here.
The new version of SY0-501 is currently available while the previous version, SY0-401, will remain available until July 2018 when it will be fully retired. (The July date applies to the English version. Japanese and Portuguese versions will be retired December 2018.) The revision of this exam aligned with CompTIA's historical practice of updating exam content about every three years.
The timeframe for the update makes sense given all CompTIA achieved certifications have a three-year expiration. Certification holders will either need to earn continuing education credits to extend their current certification or take another exam to achieve the new version of the certification (for its limited three-year lifespan).
It is also important to note that the SY0-501 Security+ exam continues to include performance-based questions. Effectively, the term "performance-based" is used by CompTIA to refer to questions that require some form of interaction, problem solving, or concept application. These are questions that go beyond basic multiple choice. A performance-based question might require answering questions based on a video, categorizing attacks, filling out a security device's rule list, placing steps in proper order, or performing drag-and-drop of security control labels into a logical network diagram. For a general overview of the concepts of performance based questions, CompTIA has provided a written description and a video presentation. These are acceptable from the Security+ information page. Click on the performance-based link located in the Exam Details table.
This white paper lists all differences in topics between the SY0-401 and SY0-501 versions of the exam according to the official objectives list. In other words, the list below includes all of the new items appearing in the objectives list for SY0-501 which were not present in the objective list for SY0-401.