SY0-401 Differences in Application, Data and Host Security

Posted by in Security+ | 0 comments

On the surface, it might look like the SY0-401 differences in Application, Data and Host Security are minimal. CompTIA reduced the weighting of this domain from 16% in the SY0-301 exam to 15% in the SY0-401 exam. However, some of the changes were significant. As an example, they added a full new objective on mobile devices.

Also, some of the reworded objectives require a much deeper set of knowledge. For example, instead of just knowing about the importance of data security, you’re expected to know how to implement security controls to protect data security. You can expect to see as many as 15 questions on these topics.

This post is a part of a series showing all the SYO-401 differences compared to the SY0-301 exam. Here are links to all the pages in the series:

SY0-301 Available Until December 31, 2014

Remember, you can still take the SY0-301 exam up until December 31, 2014.

Hiring managers rarely care what version of Security+ you have. They only want to know you are Security+ certified. Unless you want to be on the bleeding edge of this certification, you don’t need to pursue the 401 version.

At this writing, there is a limited amount of material available for the 401 version. However, there is plenty of study material available for the 301 version. Many people tell me they take and pass the Security+ exam within 30 days after getting this book: CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide. Even if it takes you a little longer, you’ll still have plenty of time to get the certification before December 31, 2014.

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is now available.

SY0-401 Differences in Application Security

CompTIA modified the first objective slightly to focus on specific controls used with application security.

SY0-301SY0-401
Explain the importance of application securityExplain the importance of application security controls and techniques.

They also added the following two new topics within this objective:

  • NoSQL databases vs. SQL databases
  • Server-side vs. Client-side validation

Security+ Full Access Package

Get Certified Get Ahead Security+

Pass the First Time!

Up-to-date Content

New multiple-choice and performance-based questions added regularly

Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.

Buy The Full Access Study Package Today

60 Days Access For Only $65.97

Need more time? You can easily renew for another 60 days at a significantly reduced price.

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. They can also be used to help ensure you're ready no matter what study guide you're using.

This exam is expensive.

Make sure you're ready before exam day. 

Here's what you'll get:
  • All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. See a demo here. All questions have full explanations so you'll know why the correct answers are correct and why the incorrect answers are incorrect.
  • Over 40 new multiple-choice questions we've added after publishing the study guide.
  • Over 30 performance-based questions. See a demo here.
  • All of the flashcards from the study guide. View them in any Web browser.
  • All of the audio from the study guide. Listen to a sample here.
  • Access to a free discount code for 10% off your Security+ voucher.

Buy The Full Access Study Package Today

60 Days Access For Only $65.97

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

SY0-401 Differences in Mobile Security

Mobile devices continue to be more and more popular. Similarly, mobile security has  become more and more important to organizations. While the SY0-301 addressed some mobile device security in the context of host security, CompTIA dedicated a full objective to it in the SY0-401 exam.

SY0-301SY0-401
Carry out appropriate procedures to establish host securitySummarize mobile security concepts and technologies.

The first topic in this section is Device Security and it includes many familiar objectives with some new ones. New concepts are bold to highlight them.

  • Device security
    • Full device encryption
    • Remote wiping
    • Lockout
    • Screen-locks
    • GPS
    • Application control
    • Storage segmentation
    • Asset tracking
    • Inventory control
    • Mobile device management
    • Device access control
    • Removable storage
    • Disabling unused features

The Application security topic is new in that it focuses specifically on application security for mobile devices.

  • Application security
    • Key management
    • Credential management
    • Authentication
    • Geo-tagging
    • Encryption
    • Application whitelisting
    • Transitive trust/authentication

Bring your own device (BYOD) has also become increasingly popular and the next section covers many security concerns related to BYOD.

  • BYOD concerns
    • Data ownership
    • Support ownership
    • Patch management
    • Antivirus management
    • Forensics
    • Privacy
    • On-boarding/off-boarding
    • Adherence to corporate policies
    • User acceptance
    • Architecture/infrastructure considerations
    • Legal concerns
    • Acceptable use policy
    • On-board camera/video

Master Security+ Performance Based Questions Video

SY0-401 Differences in Host Security

The host security topic is slightly modified to include the phrase “Given a scenario.” This indicates it will include more questions starting with one or two sentences to identify the scenario before you choose the best option. Also, the mobile devices topic was moved to it’s own objective.

SY0-301SY0-401
Carry out appropriate procedures to establish host securityGiven a scenario, select the appropriate solution to establish host security.

Several topics are added in this section but they were included in the SY0-301 exam in other objectives. They are:

  • OS hardening
  • Trusted OS
  • Host-based intrusion detection

Host-based firewalls was previously a sub-bullet under anti-malware but is now listed as its own bullet in this section. CompTIA added one new objective and several sub-topics under Virtualization:

  • White listing vs. black listing applications
  • Virtualization
    • Snapshots
    • Patch compatibility
    • Host availability/elasticity
    • Security control testing
    • Sandboxing

Apps for Your Mobile Devices

Are you looking for an app that includes quality practice test questions and flashcards? Learnzapp has published several including apps on A+, Network+, and Security+. Some of the features include:
  • Extremely easy to navigate.
  • Excellent performance and stability.
  • Fluid user interface with colorful tiles design.
  • Available for most mobile smartphones and tablets.
  • Versions are available for Apple iOS 7, Android 4.X, and Amazon Kindle Fire.

See the Security+ app in action in this short video:

https://www.youtube.com/watch?v=xhbvBcXEvYA

See the Network+ app in action in this short video:

https://www.youtube.com/watch?v=MVy0eKZkp2I

See the A+ app in action in this short video:

https://www.youtube.com/watch?v=Yrkf-piY0EA

Free No Risk Discount CompTIA Voucher Code

Discount CompTIA Vouchers

Are you ready to take your CompTIA certification exam? If so, get a free discount code here. No risk. Use the code at CompTIAs site and get a discount that is often better than sellers of discount vouchers.

SY0-401 Differences in Data Security

The Data Security has a significant change in the wording of the objective. Instead of just of knowledge of data security so that you could explain it, the new objective expects you to be able to implement appropriate controls.

SY0-301SY0-401
Explain the importance of data securityImplement the appropriate controls to ensure data security.

While some topics are the same, there are several new topics, including:

  • Cloud storage
  • SAN
  • Handling Big Data
  • Data in-transit, Data at-rest, Data in-use
  • Permissions/ACL
  • Data policies
    • Wiping
    • Disposing
    • Retention
    • Storage

Security+ Practice Test Questions

SY0-501 Practice Test Questions 

Over 300 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of SY0-501 Practice Test Questions Here

 SY0-501 Practice Test Questions

INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Three sets of performance-based questions including over 30 questions. These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions. See a demo here.

Bonus - Extra Practice Test Questions

New multiple-choice questions in the extra test bank. Questions are added occasionally. You can see what has been added recently here.

Get the full bank of Security+ (SYO-501) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SY0-501 Full Study Package

Simulated Performance-based Questions

Bonus - Performance Based Questions

Simulated performance-based questions included with all

packages that include practice test questions.

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ Practice Test Questions Here

Simulated performance-based questions included with

all packages that include practice test questions.

 SY0-401 Differences in Application, Data and Host Security Summary

While CompTIA is giving less weight to this topic by reducing it from 16% to 15%, it has some significant changes.  You can expect to see a greater emphasis on mobile device security, and on the controls available to enforce data security.  It also includes several new topics such as application security and BYOD.

CompTIA Security+

CompTIA Security+ Study Guide

The 501 Version of the Study Guide

The CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide is an update to the top-selling SY0-201, SY0-301, and SY0-401 study guides, which have helped thousands of readers pass the exam the first time they took it.  It includes the same elements readers raved about in the previous three versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.

Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 75 question pre-test
  • A 75 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-501 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.

Kindle edition also available.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2015 Get Certified Get Ahead. All Rights Reserved.