Security+ SY0-301 versus SY0-401 and other questions
Security+ SY0-301 versus SY0-401 and other questions
The SY0-401Security+ exam went live in April 2014, though you may still take the SYO-301 exam through December 31, 2014. In either event, the Security+ credential is now a Continuing Education certification such that you will want to update your knowledge and skill sets regardless of the exam version you initially pass.
While teaching our Security+ course last week, students asked a few exam preparation questions for which there was no simple or precise answer. I am taking the time here to provide some answers and a few resources in response to a few of those questions.
What is the difference between the Security+ SY0-301 and SY0-401 exams?
My answer was that the material is essentially same, though as the focus of cybercrime shifts, and the toolsets expand, the exam will continue to evolve to encompass new technologies. Also, CompTIA exams are all shifting from merely being multiple choice, knowledge based exams toward interactive formats. Several of the Security+ domains now suggest implementation understanding in addition to alternative selection. You don’t need to be intensely familiar with vendor specific implementations, though you should be familiar with sequences or best practices. For example, an understanding of the Open System Interconnect (OSI) model as it relates to protocol analysis, firewall implementation, and intrusion detection/prevention is new to the exam.
Your best source for exam content is downloading the Security+ Exam objectives directly from CompTIA. You need merely provide your email address before acquiring the PDF download.
Concise-Courses blog offers a brief comparative overview (along with an offer for a 5 minute sample exam and the sale of their $395online exam prep course).
My favorite comparison of the two exams comes from GetCertifiedGetAhead by Darril Gibson.
Take your time and explore each of the links covering the topics listed below. Darril provides sufficient information to understand the differences between the SY0-301 and SY0-401 exams in detail, and to help you prepare for either of the exams.
- Differences in Domains
- Differences in Network Security
- Differences in Compliance and Operational Security
- Differences in Threats and Vulnerabilities
- Differences in Application, Data and Host Security
- Differences in Access Control and Identity Management
- Differences in Cryptography
- Differences in Acronyms
Darril also offers a free sample from a chapter in his CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide that includes 25 practice test questions. Sign up for his newsletter and you may also get access to his mini-SY0-401 course.
Where may I find free sample exam questions? And what is the best source of outside study material?
The courseware provided with the class certainly provided a wealth of content at the end of each module, though students typically want a wealth of actual exam questions for preparation or to build confidence.
Again, the best site for sample questions is CompTIA.org. Once again, you will need to enter your email address. As it is unethical (and against the CompTIA code of conduct) for a credential holder to share specific exam content, the closest that you will get to actual exam content is directly through CompTIA.
Although I prefer to learn material from a qualified instructor in order to obtain the nuances of context and implementation, when forced to explore exam content with limited preparation, the Exam Cram series of books are my favorite for comprehensive coverage. The SY0-301 Exam Cram book is currently available through Amazon and other online sources, but the CompTIA Security+ SY0-401 book is not due until December 6, 2014 and can only be pre-ordered.
Many of the vendors and sites offering sample questions appear to be using content derived from the SY0-301 Exam Cram content or similar sources. (If you perform a search for SY0-301 or SY0-401 plus ‘exam questions’, you will find a similar though reordered list if you search for the test and ‘exam cram’ .) After several extensive searches, I could not find a single site that provided exclusively SY0-401 free exams or quizzes. The credential and material have not been public sufficiently that much is prepared.
For a comprehensive list of truly free Security+ test prep material, I direct you first toward ProProfs. There are four sample exams, plus study guides, cram sheets, flashcards, articles and a test forum. A quick review of the content suggests explicit focus on the SY0-301exam, though content overlap will help you to prepare for much of the SY0-401 content – just not the entire exam format.
Before I aim anyone at additional sites, I feel compelled to remind all my students (, blog readers, and Twitter followers) that online exam content is typically provided by training or materials providers. Any free content, quiz, or exam is typically a precursor to a sale. The dozen most frequent hits were all selling courseware, sample exams, or online training. I am not promoting any additional product or content – context is critical to understanding. Caveat emptor.
Found one more site to provide an alternative for students who really to find some more free sample questions. GoCertify – SY0-301 quiz
Finally, based on reference to his material with our CompTIA A+ courseware, I will point at Professor Messer for his Security+ material. Follow the Security+ Training link at the top of the page for additional, short videos and study guides for both the SY0-301 and SY0-401 exams.
Steve teaches PMP: Project Management Fundamentals and Professional Certification, Windows 7, Windows 8.1 and CompTIA classes in Phoenix, Arizona.
You May Also Like
In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management
One of the coolest new features in Window Server 2012 and Windows Server 2012 R2 is the ability to clone a Domain Controller. In the past, if we had virtualized Domain Controllers and we actually took a snapshot of it and then rolled back to that snapshot, it would break the logon service on that … Continue reading How to clone a Windows Server 2012 or 2012 R2 Domain Controller
How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015