SY0-601 Differences

Posted by in Security+ | 0 comments

As I’m updating the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide, I’ve noticed that the SY0-601 is much more comprehensive. There’s a lot more for test takers to study and understand.

I was wondering if I was just imagining this so I took some time to analyze both sets of objectives. The following table shows how many line items are in each set of objectives. As an example, Objective 1.1 in the 601 objectives has 33 line items such as Phishing, Smishing, and so on.

Domain501%601%Diff
11302125424+ 124
22032232821+125
31951532925+134
4761615216+76
51501416014+10
612412
Total8781223+345
Comparing SY0-501 and SY0-601

Do you have a question about SY0-601?

Every time I write about a new version of an exam, I’m flooded with common questions. If you have a question about the SY0-601 exam, check out this list of frequently asked questions.

SY0-601 Adds About 40% Content

As you can see in the above table, the SY0-501 exam has about 878 line items and the SY0-601 exam has about 1,223 line items. This equates to an increase of about 345 line items, or about 40% more content.

As an example, SY0-601 Objective 1.1 “Compare and contrast different types of social engineering techniques” includes the following new items:

  • Eliciting information
  • Prepending
  • Invoice scams
  • Credential harvesting
  • Reconnaissance
  • Pretexting
  • Influence campaigns
    • Hybrid warfare
  • Social Media

But Wait, There’s More

The SY0-501 objectives includes this: “Example topics and concepts are included to clarify the test objectives and should not be construed as a comprehensive listing of all the content of this examination.”

The SY0-601 objectives includes this: “These content examples are meant to clarify the test objectives and should not be construed as a comprehensive listing of all the content of this examination.”

In other words, both exams can include content beyond what is listed.

Pass SY0-601 Exam

Cryptography Not Removed

SY0-501 includes Domain 6 Cryptography and PKI but SY0-601 doesn’t have a Domain 6. This might look good, but don’t be fooled. Cryptography and PKI topics remain in SY0-601.

Most of the SY0-501 Cryptography and PKI objectives have been moved to SY0-601 objectives 2.8 “Summarize the basics of cryptographic concepts” and 3.9 “Given a scenario, implement public key infrastructure.”

More, you’ll find many new topics on cryptography. In SY0-601 objective 2.8, the following topics are new:

  • Quantum
    • Communications
    • Computing
  • Post-quantum
  • Blockchain
    • Public ledgers
  • Lightweight cryptography
  • Homomorphic encryption
  • Entropy

Most, if not all, of the algorithms that were in the SY0-501 objectives have been removed from the SY0-601 objectives. However, it appears that SY0-601 2.8 “Summarize the basics of cryptographic concepts” requires the test taker to know the limitations of algorithms. It includes the following list:

  • Limitations
    • Speed
    • Size
    • Weak keys
    • Time
    • Longevity
    • Predictability
    • Reuse
    • Entropy
    • Computational overheads
    • Resource vs. security constraints

In order to know the limitations of various algorithms, you have to know about some of them. Unfortunately, because they aren’t listed in the SY0-601 objectives, it’s difficult to know what algorithms you should know about. All of them?

In other words, removing the algorithms from the objectives while expecting you to know about their limitations, adds a layer of complexity to this objective. Perhaps I’m missing something. Time will tell.

Security+ (SY0-601) Practice Test Questions

SY0-601 Practice Test Questions 

Over 315 realistic Security+ practice test questions

At least 5 performance-based questions

All questions include explanations so you’ll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Upgrade Your Resume with the Security+ New Version

Multiple quiz formats to let you use these questions based on the way you learn.

  • Learn mode – randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you’ll see the explanation. Click here to see how learn mode works.
  • Test mode – randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode – 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions.

Pass the First Time You Take It

Get the full bank of SY0-601 Practice Test Questions Here

Click here if you’re looking for SY0-501 Online Study Package

SY0-601 Tests Your Knowledge of Scripting

There are several references to scripting included in the objectives. As an example, objective 1.4 “Given a scenario, analyze potential indicators associated with network attacks” includes the following list.:

  • Malicious code or script execution
    • PowerShell
    • Python
    • Bash
    • Macros
    • Visual Basic for Applications (VBA)

I studied PowerShell for about six months while teaching some related classes. While I gained a good understanding of the capabilities, I certainly didn’t master it. Instead, I learned how to look up topics that I didn’t know. More, I learned that if you want to use PowerShell to perform an administrative action, you can usually find a script online to meet your needs.

Python is a rich programming language used to create many websites. I took an online course a few years ago on Python, and while I learned quite a lot about it, it’s not something I use day-to-day. Much of my knowledge has slipped away.

Bash is a Unix (and Linux) command shell that can be accessed via the terminal on a Linux system. Similar to the command prompt in Windows, you can execute commands at the terminal. Windows allows you to string together multiple commands together in a batch file (.bat). If you execute the batch file, it runs all the command within the file. You can also string together Bash commands within a Bash script (.sh) and if you run the Bash script, it runs all of the Bash commands.

Macros and Visual Basic for Applications (VBA) run within Microsoft Office applications. Because they can be used maliciously, they are often disabled.

On the surface, this seems easy. The objective is “Given a scenario, analyze potential indicators associated with network attacks.” Malicious code will cause bad things to happen.

However, the objective seems to imply that if you see an indicator of a network attack, you need to determine which code or script type is being used. If you’ve been working in the field for ten years or more and dabbled with these scripts and programs, this may not be too hard. However, if you’ve only been working in the field for two years, this may be a little challenging.

Pass SY0-601 Exam

SY0-601 Differences Summary

The SY0-601 objectives include about 40% new content. If you plan to take it, be aware that you will have a little more content to study.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2020 Get Certified Get Ahead. All Rights Reserved.