Do you know about the SY0-601 Security+ beta questions that are appearing in the SY0-501 Security+ exam?
It’s an old story. When CompTIA is about to launch a new version of an exam, they seed the current version with beta questions for the new exam. In other words, if you take the SY0-501 question, don’t be surprised if you see questions related to the SY0-601 objectives.

SY0-601 Beta Questions
In July 2020, CompTIA announced they were launching the SY0-601 version of the exam in November 2020. Knowing this, you can expect to see beta questions from the SY0-601 objectives in the SY0-501 exam.
Many people start to panic when they start seeing questions that are completely foreign to them. However, there’s no need to panic.
Security+ Beta Questions are Not Graded
CompTIA uses Security+ beta questions for testing. If everyone gets the question correct, the question is too easy. If everyone gets the question incorrect, the question is too difficult. They determine a question is valid using some predetermined metric between these two extremes.
The good news is that beta questions aren’t graded. The bad news is that you do not know what questions are beta questions so you have to answer each question as if it’s a valid question.
Almost all test vendors test questions this way so it isn’t anything new. However, it can be a little disconcerting when you see five or more questions that look completely foreign to you.
SY0-601 Question
As an example, the objectives for the SY0-601 exam include this:
1.8 Explain the techniques used in penetration testing.
• Exercise types
- Red team
- Blue team
- White team
- Purple team
Based on my experience with the Security+ exam since SY0-201, I fully expect to see some questions on exercise types when the SY0-601 exam is launched. With that in mind, beta questions on these exercise types may show up on the SY0-501 exam.
Here’s a possible sample:
Your IT department includes a subgroup of employees dedicated to cybersecurity testing. Each member of this group has knowledge of known TTPs and how to use them. Additionally, each member of this group has knowledge of security controls that would be implemented to protect network resources. Which of the following BEST describes members of this team?
- A. Members of the red team
- B. Members of the blue team
- C. Members of the purple team
- D. Members of the white team
If you’ve studied for the SY0-501 exam and not the SY0-601 exam, you might think “Holy rainbow, Batman. I never saw these before.” However, these terms are not in the SY0-501 objectives so any questions about them are obviously beta questions.
Beta Questions can be on Current Objectives
All beta questions aren’t so obvious. As an example, CompTIA has reduced the emphasis on cryptography and PKI in the SY0-601 exam. It used to be an entire domain. In the SY0-601 exam, the topics are included as objectives within other domains.
As an example, SY0-501 includes this objective:
6.1 Compare and contrast basic concepts of cryptography.
The SY0-601 exam has a similar objective:
2.8 Summarize the basics of cryptographic concepts.
A lot of the same basic cryptography concepts are covered. However, the objectives change from “compare and contrast” to “summarize”. With this change, CompTIA may choose to rewrite these questions to make them easier.
Some objectives are almost the same, but CompTIA may still add new questions for these. If you understand the concepts, it doesn’t matter how CompTIA words the questions. You should still be able to answer them correctly.
Deep Dive – Skip if Desired
Learning objectives are often based on Blooms Taxonomy. It is based on a hierarchy of understanding and various verbs are used for specific levels within the hierarchy. The following list shows commonly quoted levels from the most basic to the most complex understanding.
- Knowledge: recall, name
- Comprehension: understand, summarize
- Application: use the knowledge, troubleshoot
- Analysis: compare and contrast, recognize trends
- Synthesis: apply previous learn concepts to new ideas, invent, imagine
- Evaluation: compare ideas, solve problems
The words “compare” and “contrast” used in SY0-501 indicate a level of analysis is required to answer a question.
The word “summarizing” used in SY0-601 indicates that comprehension is required to answer a question.
As you can see in the above list, comprehension is considered a more basic level of understanding than analysis.
Sample Beta Question Answer
Your IT department includes a subgroup of employees dedicated to cybersecurity testing. Each member of this group has knowledge of known TTPs and how to use them. Additionally, each member of this group has knowledge of security controls that would be implemented to protect network resources. Which of the following BEST describes members of this team?
- A. Members of the red team
- B. Members of the blue team
- C. Members of the purple team
- D. Members of the white team
C is correct. A purple team is composed of personnel that can perform as either red team members or blue team members. A red team attacks and they often use tactics, techniques, and procedures (TTPs) that attackers have used in actual attacks. A blue team defends, and they would know about various security controls used to protect network resources. The white team wasn’t mentioned in the scenario, but they don’t perform any testing, but instead set the rules and oversee the testing.