CompTIA has updated objectives and this post covers the SY0-401 differences in Access Control and Identity Management. They changed the weighting of this domain increasing it from 13% in the SY0-301 exam to 15% in the SY0-401 exam. You can expect to see as many as 15 questions on these topics. The changes aren’t significant and are often just organized differently. However, this section does include several new topics.
This post is a part of a series showing all the SYO-401 differences compared to the SY0-301 exam. Here are links to all the pages in the series:
- SY0-401 Differences in Domains
- SY0-401 Differences in Network Security
- SY0-401 Differences in Compliance and Operational Security
- SY0-401 Differences in Threats and Vulnerabilities
- SY0-401 Differences in Application, Data and Host Security
- SY0-401 Differences in Access Control and Identity Management
- SY0-401 Differences in Cryptography
- SY0-401 Differences in Acronyms
SY0-301 Available Until December 31, 2014
Remember, you can still take the SY0-301 exam up until December 31, 2014.
Hiring managers rarely care what version of Security+ you have. They only want to know you are Security+ certified. Unless you want to be on the bleeding edge of this certification, you don’t need to pursue the 401 version.
At this writing, there is a limited amount of material available for the 401 version. However, there is plenty of study material available for the 301 version. Many people tell me they take and pass the Security+ exam within 30 days after getting this book: CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide.
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is now available.
SY0-401 Differences in Authentication Services
This objective has minor wording changes which indicate that CompTIA expects you to be able to differentiate them from each other.
| SY0-301 | SY0-401 |
| Explain the function and purpose of authentication services | Compare and contrast the function and purpose of authentication services. |
They removed one item (TACACS) and added two new ones:
- SAML
- Secure LDAP
Master Security+ Performance Based Questions Video
The 601 Version of the Study Guide
The CompTIA Security+: Get Certified Get Ahead: SY0-601 Study GuideEach of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.
You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.
Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:
- A 75 question pre-test
- A 75 question post-test
- Practice test questions at the end of every chapter.
Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.
If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-601 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.
SY0-401 Differences in Authentication, Authorization, Access Controls
This objective has been changed, indicating CompTIA will do scenario based questions. These typically use one or two sentences to describe a situation and ask you to select the best solution.
| SY0-301 | SY0-401 |
| Explain the fundamental concepts and best practices related to authentication, authorization and access control | Given a scenario, select the appropriate authentication, authorization or access control. |
Within the objective, CompTIA has taken the time organize topics making them a little clearer about what they expect you to know. The first bullet adds in authorization.
- Identification vs. authentication vs. authorization
Next, the Authorization bullet groups several bullets directly related to authorization. These aren’t new concepts compared to the older objectives, but instead just reorganized.
- Authorization
- Least privilege
- Separation of duties
- ACLs
- Mandatory access
- Discretionary access
- Rule-based access control
- Role-based access control
- Time of day restrictions
Next, the Authentication bullet organizes common authentication topics and also adds some new ones. I bolded the new ones to help them stand out.
- Authentication
- Tokens
- Common access card
- Smart card
- Multifactor authentication
- TOTP
- HOTP
- CHAP
- PAP
- Single sign-on
- Access control
- Implicit deny
- Trusted OS
While CHAP and PAP were in the previous objectives, they were only in the cryptography section, not with the authentication section. Next the authentication factors are spelled out to indicate exactly what you’re expected to know. Also, they have added somewhere you are and something you do,which are new concepts for the Security+ exam.
- Authentication factors
- Something you are
- Something you have
- Something you know
- Somewhere you are
- Something you do
In the Identification bullet, they broke out some specific methods of identification. While username is an addition in this section, it isn’t a new topic. It’s the most common method of identification and was implied in the previous exam objectives.
- Identification
- Biometrics
- Personal identification verification card
- Username
Last, two new topics were added into this section.
- Federation
- Transitive trust/authentication
 | Pass the First Time! |
Up-to-date Content
New multiple-choice and performance-based questions added regularly
Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.Buy The Full Access Study Package Today
60 Days Access
Need more time? You can easily renew for another 60 days at a significantly reduced price.
All materials are available online shortly after making your payment.
Get the Security+ Full Access Study Package Here
Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. They can also be used to help ensure you’re ready no matter what study guide you’re using.
This exam is expensive.
Make sure you’re ready before exam day.
Here’s what you’ll get:- All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. See a demo here. All questions have full explanations so you’ll know why the correct answers are correct and why the incorrect answers are incorrect.
- Realistic SY0-601 Security+ Practice Test Questions
- Performance-based questions.
- All of the flashcards from the study guide. View them in any Web browser. See demo here
- All of the audio from the study guide.
- Access to a free discount code for 10% off your Security+ voucher.
Buy The Full Access Study Package Today
60 Days Access
All materials are available online shortly after making your payment.
SY0-401 Differences in Account Management
The account management objective changes the wording from “implement” to “install and configure” but this change isn’t significant. The new phrase “best practices” might cause some challenges, because there isn’t a definitive source that is reliable for all best practices, and they are often a moving target.
| SY0-301 | SY0-401 |
| Implement appropriate security controls when performing account management | Install and configure security controls when performing account management, based on best practices. |
Within the “Account policy enforcement” bullet, CompTIA added some new topics. Some of these topics were already implied in the previous objectives but I highlighted items that are new:
- Credential management
- Group policy
- Password history
- Password reuse
- Password length
- Generic account prohibition
Also within this objective CompTIA added two new bullets. They aren’t really new topics because they are mentioned in other objectives, but they do show CompTIAs desire to include a focus on these topics within the context of account management.
- User access reviews
- Continuous monitoring
| Pass the First Time! |
Up-to-date Content
New multiple-choice and performance-based questions added regularly
Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.Buy The Full Access Study Package Today
60 Days Access
Need more time? You can easily renew for another 60 days at a significantly reduced price.
All materials are available online shortly after making your payment.
Get the Security+ Full Access Study Package Here
Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. They can also be used to help ensure you’re ready no matter what study guide you’re using.
This exam is expensive.
Make sure you’re ready before exam day.
Here’s what you’ll get:- All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. See a demo here. All questions have full explanations so you’ll know why the correct answers are correct and why the incorrect answers are incorrect.
- Over 40 new multiple-choice questions we’ve added after publishing the study guide.
- Over 30 performance-based questions. See a demo here.
- All of the flashcards from the study guide. View them in any Web browser.
- All of the audio from the study guide. Listen to a sample here.
- Access to a free discount code for 10% off your Security+ voucher.
Buy The Full Access Study Package Today
60 Days Access
All materials are available online shortly after making your payment.
SY0-401 Differences in Access Control and Identity Management Summary
CompTIA is giving more weight to this topic by upping it 2% to 15%. As with other objectives, they have slightly modified the wording but these modifications are not significant. Of more importance is the addition of several new items such as TOTP, HOTP, Somewhere you are, Something you do, Federation, Transitive trust/authentication, Credential management, Group policy, and Generic account prohibition.
