SY0-401 Differences in Threats and Vulnerabilities
You’ll notice several SY0-401 differences in Threats and Vulnerabilities compared to the SY0-301 exam. While the objectives are very similar, several of these objectives have new topics within them. However, this domain has more topics compared with the previous version, the weighting of the domain is reduced by 1% to 20%. You can expect to see as many as 20 questions on this topic.
This post is a part of a series showing all the SYO-401 differences compared to the SY0-301 exam. Here are links to all the pages in the series:
- SY0-401 Differences in Domains
- SY0-401 Differences in Network Security
- SY0-401 Differences in Compliance and Operational Security
- SY0-401 Differences in Threats and Vulnerabilities
- SY0-401 Differences in Application, Data and Host Security
- SY0-401 Differences in Access Control and Identity Management
- SY0-401 Differences in Cryptography
- SY0-401 Differences in Acronyms
SY0-301 Available Until December 31, 2014
Remember, you can still take the SY0-301 exam up until December 31, 2014.
Hiring managers rarely care what version of Security+ you have. They only want to know you are Security+ certified. Unless you want to be on the bleeding edge of this certification, you don’t need to pursue the 401 version.
At this writing, there is a limited amount of material available for the 401 version. However, there is plenty of study material available for the 301 version. Many people tell me they take and pass the Security+ exam within 30 days after getting this book: CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide. Even if it takes you a little longer, you’ll still have plenty of time to get the certification before December 31, 2014.
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is now available.
SY0-401 Differences in Malware
The first objective covers malware with only a slight difference in the wording of the objective. This indicates less of a focus on comparing malware with each other but instead understanding each type on its own.
|Analyze and differentiate among types of malware||Explain types of malware.|
Interestingly, worms have been removed from the objective list.
However, the following items were added:
- Polymorphic malware
- Armored virus
SY0-401 Differences in Attacks
CompTIA changed the wording in this objective placing less emphasis on the attacks. In general, it’s easier to summarize a topic than it is to analyze and differentiate to compared with other topics.
|Analyze and differentiate among types of attacks||Summarize various types of attacks.|
CompTIA added several additional attacks in this section. They are:
- Password attacks
- Brute force
- Dictionary attacks
- Birthday attacks
- Rainbow tables
- Typo squatting/URL hijacking
- Watering hole attack
Master Security+ Performance Based Questions Video
SY0-401 Differences in Social Engineering
While this objective first might look like it’s placing less emphasis on social engineering with the word “summarize,” CompTIA has actually increased the required knowledge for this objective by requiring you to also know the associated effectiveness of each attack.
|Analyze and differentiate among types of social engineering attacks||Summarize social engineering attacks and the associated effectiveness with
The following topics provide clarification of what CompTIA is looking for related to the effectiveness of attacks.
- Principles (reasons for effectiveness)
- Consensus/Social proof
SY0-401 Differences in Wireless Attacks
This objective only includes a slight difference in the wording.
|Analyze and differentiate among types of wireless attacks||Explain types of wireless attacks.|
Several additional topics were added to existing wireless attacks. Most of these are new but WEP/WPA attacks were included in other objectives in the previous version of the exam.
- Near field communication
- Replay attacks
- WEP/WPA attacks
- WPS attacks
SY0-401 Differences in Application Attacks
This objective places less emphasis on comparing attacks, but instead just expects you to them well enough to explain them.
|Analyze and differentiate among types of application attacks||Explain types of application attacks.|
All of the attacks listed in the SY0-301 exam are included in the SY0-401 exam. Additionally, the following topics were added:
- Integer overflow
- LSO (Locally Shared Objects)
- Flash Cookies
- Arbitrary code execution / remote code execution
SY0-401 Differences in Mitigation
While the knowledge required for the following objective stays the same, CompTIA did alter the wording slightly indicating that you’ll see these questions within a scenario.
|Analyze and differentiate among types of mitigation and deterrent techniques||Analyze a scenario and select the appropriate type of mitigation and deterrent
Several of the bullets within this objective have changed. Most of the original topics remain but the following bullets were removed:
- Manual bypassing of electronic controls
- Failsafe/secure vs. failopen
However, a later objective still includes Bypass security controls.
The Physical security topic is removed, but it has been added to a different objective in the Compliance and Operational Security domain.
Last, the Port security topic has been renamed to Network security. It includes the following two new topics:
- Disabling unused interfaces and unused application service ports
- Rogue machine detection
The first bullet is similar to the SY0-301 bullet of Disabling unused ports, but you can see that it has been expanded to include both physical ports and logical ports.
SY0-401 Differences in Tools and Techniques
The wording of this objective is slightly altered but the word “implement” isn’t much different than “use.” The biggest change here is that questions are likely to be in a scenario format and the topic is not limited to only assessment tools and techniques.
|Implement assessment tools and techniques to discover security threats and vulnerabilities||Given a scenario, use appropriate tools and techniques to discover security
threats and vulnerabilities.
The first bullet expands Vulnerability scanning and interpret results to the following bullet:
- Interpret results of security assessment tools
In the Tools bullet, Sniffer is removed but Protocol analyzer remains so the topic isn’t substantially different. Instead, it indicates CompTIA is moving away from the use of the slang word “sniffer.” The following tools were added to this bullet:
- Passive vs. active tools
- Banner grabbing
In the Assessment technique bullet, CompTIA slightly modified two topics:
- Architecture is changed to Review architecture
- Design reviews is changed to Review designs
SY0-401 Differences in Penetration Testing vs Vulnerability Scanning
The following objective is largely the same. CompTIA simplified it by removing the introductory phrase.
|Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning||Explain the proper use of penetration testing versus vulnerability scanning.|
The Penetration testing topic is the same but the Vulnerability scanning topic includes several new bullets. They are:
- Intrusive vs. non-intrusive
- Credentialed vs. non-credentialed
- False positive
SY0-401 Differences in Threats and Vulnerabilities Summary
The SY0-401 differences in Threats and Vulnerabilities include the addition of several new topics even though the weighting of the domain has been reduced by 1%. Still with a domain weighting of 20% you can expect to see as many as 20 questions from this domain. The only other domain that is this high is the Network Security domain.