Concepts like risk management and risk mitigation have quickly moved to the forefront of the world of cybersecurity. Malware is more nefarious, and hackers have developed craftier forms of social engineering and system entry. Cloud security must also be emphasized as the vast majority of IT pros now work in hybrid environments, which are a combination of on-premises and cloud networks. Keeping a business cybersecure requires entry-level security technicians to have a clear picture of the full operations of a network, and the baseline skills entry-level cybersecurity pros need have increased. The new CompTIA Security+ reflects that. Keep reading to get answers to the most common questions we get about CompTIA’s most popular cybersecurity certification.
Why Is There a New Version of CompTIA Security+?
Every three years, CompTIA Security+ gets updated to meet the needs of the industry and ensure that IT pros have the skills necessary for today’s cybersecurity jobs. Like its predecessor SY0-501, CompTIA Security+ (SY0-601) still provides the essential baseline knowledge and skills required of cybersecurity professionals.
The new CompTIA Security+ emphasizes hands-on practical skills, ensuring IT pros are prepared to solve a wider variety of cybersecurity issues and to proactively prevent the next cyberattack.
People who have CompTIA Security+ are able to do the following:
- Assess the security posture of an enterprise environment and recommend and implement appropriate security solutions
- Monitor and secure hybrid environments, including cloud, mobile and IoT
- Operate with an awareness of applicable laws and policies, including the principles of governance, risk and compliance
- Identify, analyze and respond to security events and incidents
CompTIA Security+ is the only entry-level cybersecurity certification that includes this type of hands-on evaluation. IT pros who earn this certification demonstrate to employers that they have more than just an academic understanding of what's needed to get the job done.
Learn more about the difference between CompTIA Security+ 501 vs. 601.
What’s on the Latest Version of CompTIA Security+?
The latest version of CompTIA Security+ (SY0-601) includes both performance-based and multiple-choice exam questions across five domains:
- Attacks, Threats and Vulnerabilities (24%)
- Architecture and Design (21%)
- Implementation (25%)
- Operations and Incident Response (16%)
- Governance, Risk and Compliance (14%)
These domains relate back to the primary responsibilities of a security or systems administrator. Someone in this role will be able to install, administer and troubleshoot an organization’s security solutions and keep the IT systems running.
You should also be familiar with the following broad categories of tools used for cybersecurity tasks in either Windows or Linux:
- Packet capture and replay: Wireshark, tcpdump, tcprelay
- Network reconnaissance and discovery: nmap, tracert/traceroute, nslookup/dig, Nessus, Cuckoo, sniper, IP scanners, netstat, netcat, etc.
- File manipulation: head, tail, cat, grep, logger
- Shell and script environment: SSH, PowerShell, Python, OpenSSL
- Vulnerability assessment/penetration testing: Kali Linux/Parrot OS, Metasploit
- Forensics: dd, memdump, winhex, ftk imager, autopsy (knowledge only)
- Exploitation frameworks, password crackers, data sanitization
For example, nmap is used to build a map of a network, including the types of systems running and services available. This task is very important because IT pros must know exactly what is on the network before securing it. Nmap can also identify non-authorized systems and services running on a network. Unfamiliar systems or services on a network might be cybersecurity incidents to report.
See all the topics covered by CompTIA Security+ (SY0-601) by downloading the exam objectives for free.
Why Should I Get the New CompTIA Security+?
The new CompTIA Security+ certification endorses your cybersecurity skills with a credential that’s respected industry-wide across the globe:
- CompTIA Security+ is chosen by more corporations and defense organizations than any other baseline cybersecurity certification on the market.
- CompTIA Security+ fulfills the U.S. Department of Defense (DoD 8570) compliance andNational Initiative for Cybersecurity Education (NICE) work roles.
- CompTIA Security+ is one of the most widely held IT certifications worldwide, according to Global Knowledge’s 2020 IT Skills and Salaries Report.
- CompTIA Security+ is the only baseline cybersecurity certification that emphasizes hands-on practical skills.
- CompTIA Security+ covers the cybersecurity skills needed for more job roles than any other baseline cybersecurity certification.
When you've earned CompTIA Security+, you can be confident that your skills are up to par.
Ready to Buy CompTIA Security+?
What Jobs Can I Get with CompTIA Security+?
In the past, CompTIA Security+ has verified the skills necessary for jobs like network administrator, systems administrator and security administrator. One of the benefits of taking the new CompTIA Security+ is that it is aligned to the latest trends and techniques.
That means the new CompTIA Security+ (SY0-601) covers the most core technical skills in risk assessment and management, incident response, forensics, enterprise networks, hybrid/cloud operations and security controls, ensuring high-performance on the job.
Jobs That Use the Cybersecurity Skills Covered by CompTIA Security+
(Asterisk denotes primary job roles for CompTIA Security+)
Information Security Manager
With its enhanced objectives, the new CompTIA Security+ will confirm a candidate’s ability to thrive in these critical cybersecurity jobs.
How Can I Prepare for the CompTIA Security+ Exam?
While there are a range of exam prep tools, instructional videos, training boot camps and the like out there, CompTIA now offers a full suite of training solutions for Security+, including study guides, eLearning and online courses.
Here’s a quick overview of everything CompTIA offers to help you prepare for your certification exam:
- The Official CompTIA Security+ Study Guide, available in printed or eBook form
- CertMaster eLearning and test prep
- CompTIA Labs virtual lab environment
- CompTIA live online training
Regardless of how you prepare, the best place to start is with the CompTIA Security+ exam objectives. You can also download a free CompTIA Security+ practice test to understand of the types of questions you’ll be see on the exam.
How Long Will It Take Me to Get CompTIA Security+?
The amount of time you’ll need to dedicate to CompTIA Security+ training differs for everyone. It depends on your existing knowledge and your hands-on core security experience.
We recommend that you have CompTIA Network+ and two years of experience in IT administration with a security focus. We also suggest that you dedicate between 30 and 40 hours of studying before sitting for the exam.
How Much Does the CompTIA Security+ Exam Cost?
The retail price for CompTIA Security+ (SY0-601) is $370. CompTIA offers numerous ways to reduce this cost. Check out our article on how to save on exam vouchers as well as information about financing options.
I’ve been studying for CompTIA Security+ (SY0-501). Should I switch gears and study for CompTIA Security+ (SY0-601) instead?
If you’ve been studying for the CompTIA Security+ (SY0-501), we recommend reviewing the exam objectives for SY0-601 to see how much of what you’ve already studied is on the new exam. If it makes sense for your time and level of knowledge, you may want to switch gears and prepare for the new exam (SY0-601). If you’ve already purchased a CompTIA Security+ voucher, you can apply it to any version of the exam.
If you choose to take the CompTIA Security+ (SY0-501) exam, make sure to do so before it expires.
What Is the Expiration Date for CompTIA Security+ (SY0-501)?
The English version of the CompTIA Security+ SY0-501 exam will retire on July 31, 2021. At that point it will be completely replaced by SY0-601.
How Long is CompTIA Security+ Good For, and How Can It Be Renewed?
As with many CompTIA certifications, CompTIA Security+ is good for three years. CompTIA offers a number of ways for you to renew your certifications, including earning continuing education (CE) credits or earning a higher-level certification, such as CompTIA Cybersecurity Analyst (CySA+) or CompTIA PenTest+.
Can I Skip CompTIA Network+ and Take CompTIA Security+?
You can, but it’s not recommended. IT pros need to know how a network works before they can secure it. Take a look at the CompTIA Cybersecurity Career Pathway to see how each certification builds on the previous one. Skipping CompTIA Network+ could leave a gap in your baseline cybersecurity skills.
We recommend having CompTIA Network+ and two years of experience in IT administration with a security focus before taking the CompTIA Security+ exam.
Is CompTIA Security+ Approved by the DoD for 8570 Requirements?
Yes! CompTIA Security+ is U.S. DoD 8570 approved and complies with government regulations under the Federal Information Security Management Act (FISMA) and CompTIA Security+ also maps to 17 NICE framework work roles at over 70%. This mapping positions Security+ for the DoD 8140 initiative.
Many government, military and military contractor-related job roles require IT pros to hold certifications that comply with DoD 8570, DoD 8570.01-m and DoD 8140, which identify the skills needed for a cyber-ready workforce and align those skills with certain IT certifications. This matters to IT pros in the private sector, too.
Ready to start studying? Writing out your plan will set you up for success. Download our free training plan worksheet to help get organized and make your dream a reality.