CompTIA Security+ sy0-401 vs. sy0-501: What to Know when Renewing Your sy0-401

As cybersecurity becomes a more pressing concern in almost every industry, the demand for qualified information security professionals is growing. But pushing ahead in a cybersecurity field often means getting certified. While there are many different certifications available, many cybersecurity professionals choose CompTIA Security+ as a starting point. For years, CompTIA offered the Security+ sy0-401 certification. However, as cybersecurity needs have evolved, the set of skills required for starting positions in the field has changed, and to stay relevant, CompTIA had to adapt their Security+ certification. They retired the English version of the sy0-401 exam as of July 31, 2018, replacing it with a new version, CompTIA Security+ sy0-501.

But what if you’ve already earned the sy0-401 and your certification is about to expire? In this blog post, we will explain the main differences between two versions that you’ll need to take into consideration when you are planning to renew your certification.

What are the differences between the objectives of the sy0-401 vs. the sy0-501?

The Security+ certification exam has specific objectives, each worth a certain percentage of the total. The sy0-401 exam’s six objectives were:

  • Network security — 20 percent
  • Compliance and operational security — 18 percent
  • Threats and vulnerabilities — 20 percent
  • Application, data and host security — 15 percent
  • Access control and identity management — 15 percent
  • Cryptography — 12 percent

The sy0-501 exam also has six objectives, but three of them are quite different from sy0-401 objectives:

  • Threats, attacks and vulnerabilities — 21 percent
  • Technologies and tools — 22 percent
  • Architecture and design — 15 percent
  • Identity and access management —16 percent
  • Risk management — 14 percent
  • Cryptography and PKI — 12 percent

More generally, therefore, we can say that the primary difference between the Security+ sy0-401 vs. the sy0-501 is that sy0-501 includes core security functions, like using security frameworks and tools, configuring resilient networks, and performing risk management and risk mitigation. Also, with sy0-501, the content has been reorganized, and it focuses more on application and less on analytics.

What job roles are appropriate for those who pass the exams?

The job roles associated with the two exams are similar. Both are appropriate for people pursuing network administrator, security administrator and systems administrator careers. However, the sy0-501 exam also could assist people who wants to work as junior IT auditors and penetration testers; this was not the case with the previous version.

Which study materials assist with preparation?

There are many study materials focused on the latest version of the CompTIA Security+ certification; for example, CompTIA has an official study guide for the exam. Also, many people who passed the sy0-501 exam highly recommend Professor Messer’s online course. Considering the differences in the exam objectives, the materials you used to prepare for the sy0-401 version will be unlikely to help much in preparing for the newer version.

How do you renew your certification if you passed the sy0-401 exam?

If you passed the Security+ exam before Jan. 11, 2011, you are certified for life and never need to get recertified.

If you passed the sy0-401 exam after that date, your certification is valid for three years from the date you took the test. CompTIA offers several options for renewal:

  • The first option is to pass the sy0-501 exam. You can take the new exam at any time, even if you took the sy0-401 more than three years ago and you certification is expired.
  • If your certification has not expired, you can renew it without taking the new exam by completing the CompTIA CertMaster CE ?Security+ self-paced e-learning course. It bridges the knowledge gap between the sy0-401 and sy0-501 exams and takes approximately 4–6 hours to finish.
  • The third option is to pass a higher level certification — getting certified in CompTIA CySA+, PenTest+ or Advanced Security Practitioner (CASP+) will automatically renew your Security+ certification as well.

The application process for the sy0-501 is the same whether or not you have passed the sy0-401 exam, and the exam costs about $320. Go to the Pearson Vue website to set up a testing date and purchase an exam voucher.

  • What is the format the sy0-501 exam?

The sy0-501 exam follows the same general pattern and format as the sy0-401. It includes both performance-based questions and multiple-choice questions. There are 90 questions, and you have 90 minutes to complete the exam. The passing score is 750 on a scale of 100 to 900. You should take one or more practice tests before taking the actual exam.

Conclusion

To keep your Security+ certification up to date, you have several options: take the new version of the exam, take the CertMaster e-learning course, or earn a higher-level certification. No matter which option you choose, updating your certification will require knowledge, skills and experience in cybersecurity areas not included in the previous exam. To get prepared, you should seek out study materials designed for the new version of the exam. Keeping your certification current will be valuable, since it proves you are keeping current with the changing cybersecurity field.