Security+ SY0-201 and SY0-301 Differences
If you’re studying for theÂ CompTIA Security+ exam, you probably know there are currently two versions of the exam.Â The SY0-201 Security+ exam came out in 2008 and is available until December 31, 2011. The new Security+ version (SY0-301) has been available since May 2011. As I’ve been updating my CompTIA Security+: Get Certified Get Ahead book I’ve spent a lot of time comparing the objectives for the two versions and identifying the differences.
My first impression was that there were many similarities and not that many differences. I was wrong. I found that almost every chapter I updated simply took me more time to rewrite since there are so many differences.
Some of the differences are obvious such as the addition of control types and cloud computing. Similarly, the networking section omits “antiquated protocols” and instead focuses on specific relevant protocols and ports.
However, other differences are subtle. For example, the objectives provide a better focus on risk and risk management. The word “risk” is included much more (nine times verse four times in the previous version). More, the objectives focus more directly on elements of risk and methods of mitigating it.
A risk is the likelihood that a threat (a potential danger) will exploit a vulnerability (a weakness). Risk management is the practice of identifying, monitoring, and limiting risks to a manageable level. Of course, you can’t eliminate risk. However, by implementing different security controls, you can either reduce vulnerabilities or reduce the impact of threats. The objectives guide the prospective candidate through a variety of different threats, vulnerabilities, and controls in such a way that the candidate can see the connections. These aren’t disjointed topics.
Risk management has become very important in IT security because there are so many threats that can affect a company’s bottom line. It’s important for any organization to have IT professionals with a solid understanding of basic security concepts. These IT professionals are the front line of risk management, and if they understand the risks, they are better prepared to help the organization reduce their risk. In contrast, ten years or so ago, there was little focus on risk by IT personnel.
I’m hard at work updating the next version of this book. Even though it is taking me a little longer than I anticipated, I’m confident that when we’re done it’ll help many people learn the Security+ concepts and pass the SY0-301 version of the Security+ exam the first time they take it. Additionally, they’ll be prepared to help reduce risks within their organization.
The CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide is available at this time.
Also, many people have said they have used the 201 study guide along with this 301 practice test questions book and have been able to pass the 301 exam: CompTIA Security+: Get Certified Get Ahead- SY0-301 Practice Test Questions.
Here are some links to more Â resources to help you pass the Security+ exam the first time you take it.
- Security+ blogs organized by categories
- Security+ performance based questions
- Security+ study resources
- Security+ acronyms flashcards
- Security+ audio