What are the differences between the CompTIA Security+ SY0-601 Exam and the Security+ SY0-701 Exam?

This document was updated on January 16, 2025

What are the differences between the Network+ N10-008 Exam and the N10-009 Exam?

The CompTIA Security+ certification is a foundational information technology certification, and earning a Security+ credential provides a popular starting point for anyone interested in network security, enterprise cybersecurity, and many other IT security-related positions.

In this article we’ll discuss which topics are new in the SY0-701 exam objectives, which topics have been removed, and which topics are the same between the SY0-601 and SY0-701 Security+ exam versions.

Why does CompTIA change their exams?

CompTIA updates their Security+ exam objectives every few years, and this process keeps the exam topics up to date with the latest technologies and security-related topics. Professor Messer’s video training courses and study materials are always updated to stay consistent with the latest set of official CompTIA exam objectives. You can start your studies using the free Professor Messer CompTIA Security+ SY0-701 training course here:

https://www.professormesser.com/get-comptia-security-plus-certified/

Why is this information important?

The questions on the CompTIA exams are based on the official objective list, so anyone who has studied the objectives will have a very good chance of passing their exam. It’s useful to refer to these objectives as a definite checklist of study topics.

Does it matter which Security+ exam version I take?

Once you pass any single Security+ exam, you are officially CompTIA Security+ certified. The version of the exam is not part of the certification credential, so someone who passes the SY0-601 Security+ exam, the SY0-701 Security+ exam, or any other version of the Security+ exam earns the same Security+ certification.

Once the Security+ certification is successfully earned, the certification is valid for three years before it expires. During this three year period, the credential holder can choose to renew the Security+ certification at any time. There are a number of different renewal options available, such as accumulating continuing education credits, taking higher-level certifications, or online renewal training using Certmaster CE.

It takes time to study for the CompTIA Security+ exam, so the retirement date of the certification exam is important for planning your studies. Always check an exam’s retirement date and make sure there’s enough time to study and pass your selected version of the exam.

When are the Security+ SY0-601 and Security+ SY0-701 Exams available?

A timeline showing the release and retirement dates for the English-language versions of the CompTIA Security+ SY0-601 exam and the SY0-701 exam.

What is the Availability of the CompTIA Security+ SY0-601 Exam Version?

The English-language version of the CompTIA Security+ SY0-601 exam was released on November 12, 2020 and was retired on July 31, 2024. With the retirement of this exam version, the CompTIA Security+ SY0-701 exam version becomes the current version.

What is the Availability of The CompTIA Security+ SY0-701 Exam Version?

The CompTIA Security+ SY0-701 exam was released on November 7, 2023, and is estimated to be available for approximately three and a half years. This would place the estimated retirement date of the CompTIA Security+ SY0-701 exam as May of 2027. CompTIA commonly provides more detailed exam retirement information on their website as this date gets closer.

What has changed in the CompTIA Security+ SY0-701 Exam?

With each release of a new exam version, CompTIA updates the official exam objectives and adds topics and technologies used in many organizations.

This diagram shows a summary of these differences:

A visual comparison of exam objective changes between the SY0-601 and SY0-701 Security+ exam versions

This diagram compares the total size of both exams based on the total number of exam objectives from the CompTIA official exam objectives documents. This comparison also shows how these objectives are distributed between the two versions. The SY0-601 version of the Security+ exam version is on the left, and the SY0-701 version is on the right.

Number of objectives

As the diagram shows, the overall size of the Security+ exam has decreased by 36%, from a total of 1034 objectives to approximately 662 objectives. This smaller number of exam objectives means there are fewer topics to remember, and this focuses the SY0-701 exam studies around a smaller set of objectives. Although it’s unlikely the difficulty of the exam questions themselves varies between versions, it probably helps that there are over 370 fewer topics to memorize and retain for the exam.

What topics were dropped between the CompTIA Security+ SY0-601 and SY0-701 exams?

When an exam is updated, topics are often dropped between versions due to changes in technologies, a decrease in the use of a particular technology, or a change to the scope of the exam itself.

With the SY0-701 Security+ exam version, CompTIA decreased the overall size and quantity of the Security+ objective list. Approximately seventy percent of the SY0-601 exam objectives no longer appear in the SY0-701 exam objectives!

Although the following topics are no longer in scope for the SY0-701 exam, many of these objectives are still important security fundamentals and have been included in other CompTIA certifications. You’ll find these missing topics will often appear in the Cybersecurity Analyst (CySA+) and the CompTIA Advanced Security Practitioner (CASP+) certification objectives.

This list isn’t intended to be a comprehensive comparison, but we’ll highlight some of the most significant items which have been dropped from the SY0-701 exam version.

The following topics were dropped from the CompTIA Security+ SY0-701 exam version:

SY0-601 Domain 1: Attacks, Threats, and Vulnerabilities

  • 1.1 – Some attack types (SPIM, pharming, hybrid warfare, dumpster diving, etc.), principles of social engineering
  • 1.2 – Potentially unwanted programs (PUPs), fileless virus, remote access trojan (RAT), rainbow tables, malicious USB cable/flash drives, adversarial artificial intelligence
  • 1.3 – DLL injection, improper input handling, API attacks, shimming, refactoring
  • 1.4 – Bluesnarfing, bluejacking, ARP poisoning, MAC flooding, MAC cloning, malicious scripts
  • 1.5 – Advanced persistent threat (APT), attack vectors, automated indicator sharing, predictive analysis, threat maps, threat research sources
  • 1.6 – Outsourced code development, third-party data storage risks, Data breaches, identity theft, availability loss
  • 1.7 – Intelligence fusion, maneuver, log reviews, security information and event management
  • 1.8 – Lateral movement, persistence, cleanup, pivoting, war flying, war driving, footprinting, red/blue/white/purple teams

SY0-601 Domain 2: Architecture and Design

  • 2.1 – Configuration management, rights management, DNS sinkholes
  • 2.2 – Cloud models, edge and fog computing, software-defined visibility (SDV), VM sprawl avoidance
  • 2.3 – Secure deployments, secure coding techniques, software diversity, automation and scripting
  • 2.4 – Directory services, authentication methods, biometrics
  • 2.5 – Disk redundancy, network redundancy, managed power distribution units, replication, backup types, non-persistence, technology diversity
  • 2.6 – Embedded systems, SCADA, IoT, specialized systems, embedded systems communication, embedded systems constraints
  • 2.7 – Closed-circuit television (CCTV), industrial camouflage, robot sentries, locks, sensors, drones, faraday cages, hot and cold aisles, secure data destruction
  • 2.8 – Quantum computing, stream and block cipher modes of operation, cipher suites, steganography, cryptography use cases, cryptography limitations

SY0-601 Domain 3: Implementation

  • 3.1 – Secure protocols, secure protocol use cases
  • 3.2 – Boot security/Unified Extensible Firmware Interface (UEFI), measured boot, boot attestation, manual code review, application hardening, hardware root of trust
  • 3.3 – Load balancing, network segmentation, split tunnel vs. full tunnel, out-of-band management, BPDU guard, loop prevention, DHCP snooping, MAC filtering, stateful vs. stateless firewalls, route security, monitoring services
  • 3.4 – WPA2, CCMP, SAE, wireless authentication protocols, WiFi protected setup, captive portals, WiFi analyzers, access point placement, controller and access point security
  • 3.5 – NFC, infrared, RFID, GPS, mobile device management (MDM), microSD Hardware Security Module (HSM), mobile application management, SEAndroid, mobile device enforcement, virtual desktop infrastructure (VDI)
  • 3.6 – Cloud security controls, securing cloud storage, securing compute clouds, cloud security solutions
  • 3.7 – Identity controls, account types, geofencing, geotagging, account audits
  • 3.8 – Knowledge-based authentication, PAP and CHAP, TACACS+, OpenID, Kerberos, conditional access, privileged access management, filesystem permissions
  • 3.9 – Certificate authority, certificate attributes, CN, subject alternative name, expiration, certificate formats, certificate concepts

SY0-601 Domain 4: Operations and Incident Response

  • 4.1 – Network reconnaissance and discovery, file manipulation tools, shell and script environments, packet tools, forensic tools
  • 4.2 – Incident response, walkthrough exercises, attack frameworks, business continuity plan, incident response teams
  • 4.3 – SIEM dashboards, authentication log files, session Initiation Protocol (SIP) traffic, journalctl, NXLog, bandwidth monitors, sFlow, IPFIX
  • 4.4 – Update or revoke certificates, runbooks, 
  • 4.5 – Admissibility, digital forensics, forensics data acquisition, data breach notification laws, checksums, provenance, strategic intelligence/counterintelligence

SY0-601 Domain 5: Governance, Risk, and Compliance

  • 5.1 – No objectives were dropped
  • 5.2 – General Data Protection Regulation (GDPR), payment Card Industry Data Security Standard (PCI DSS), security frameworks, secure configurations
  • 5.3 – Job rotation, mandatory vacation, separation of duties, clean desk space, end of service life (EOSL), credential policies
  • 5.4 – Risk management types, risk matrix/heat map, risk control assessment, person-made disasters, internal vs. external disasters, mission essential functions, identification of critical systems, site risk assessment
  • 5.5 – Identity theft, IP theft, escalation, data minimization , anonymization, information life cycle, terms of agreement, privacy notice

What topics were added to the CompTIA Security+ SY0-701 exam?

Updated exam objectives often introduce new technologies and topics. CompTIA tends to focus on a practical use of IT security technologies, so their exams often include both older and newer technologies on the same test.

Just over 330 new topics were added to the SY0-701, so about half of the SY0-701 exam contains new objectives. If you are migrating your studies to the newer exam version, you’ll find these objectives cover topics not previously seen on the SY0-601 exam.

This is why we highly recommend studying from materials that match the version of the exam you’re planning to take. If all of your studies have been for the SY0-601 and you sit for the SY0-701 exam, you will be at a significant disadvantage.

If you are moving between exam versions, not all of your previous study time is lost. About 50% of the SY0-701 topics are the same between the two versions, so about half of the SY0-701 objectives should look familiar to anyone who has previously studied for the SY0-601 exam.

A summary of those new topics are listed below. This isn’t a comprehensive list, but we’ll highlight some of the most significant additions.

The following topics are new in the CompTIA Security+ SY0-701 exam version:

SY0-701 Domain 1: General Security Concepts

  • 1.1 – Physical security controls and directive security controls
  • 1.2 – The CIA triad, gap analysis, zero trust, physical security sensors, honeytokens
  • 1.3 – The change management process, technical change management, documentation
  • 1.4 – Data encryption, key management systems, secure enclave, third-party certificates

SY0-701 Domain 2: Threats, Vulnerabilities, and Mitigations

  • 2.1 – Threat actor motivations
  • 2.2 – Common threat vectors, misinformation/disinformation, business email compromise, brand impersonation
  • 2.3 – Memory injection, malicious updates, cloud-specific vulnerabilities, supply chain vulnerabilities
  • 2.4 – Bloatware, physical attacks, amplified and reflected denial of service, indicators of compromise
  • 2.5 – Isolation, configuration enforcement, decommissioning, removal of unnecessary software

SY0-701 Domain 3: Security Architecture

  • 3.1 – Responsibility matrix, hybrid considerations, third-party vendors, centralized vs. decentralized infrastructures, infrastructure considerations
  • 3.2 – Device placement, security zones, attack surface, fail open/fail closed, SD-WAN, SASE
  • 3.3 – Data types, segmentation
  • 3.4 – Load balancing vs. clustering, geographic dispersion, multi-cloud systems, capacity planning, fail over, parallel processing, backup frequency, replication, journaling

SY0-701 Domain 4: Security Operations

  • 4.1 – Secure baselines, hardening targets, Wi-Fi Protected Access 3 (WPA3)
  • 4.2 – Acquisition/procurement process, asset ownership, enumeration
  • 4.3 – Package monitoring, system/process audit, exposure factor, risk tolerance, vulnerability response and remediation
  • 4.4 – Monitoring computing resources, log aggregation, alerting, scanning, reporting, security content automation protocol (SCAP), benchmarks, simple network management protocol (SNMP) traps
  • 4.5 – Access lists, ports/protocols, web filtering, group policy, DNS filtering, DMARC, DKIM, SPF, endpoint detection and response (EDR) / extended detection and response (XDR), user behavior analytics
  • 4.6 – Provisioning / de-provisioning user accounts, identity proofing, interoperability, attestation, password managers, passwordless, privileged access management tools
  • 4.7 – Use cases of automation and scripting, scripting and automation benefits, complexity, cost, single point of failure, technical debt
  • 4.8 – Training, root cause analysis
  • 4.9 – Endpoint logs, IPS/IDS logs, automated reports

SY0-701 Domain 5: Security Program Management and Oversight

  • 5.1 – Information security policies, software development lifecycle (SDLC), security standards, external considerations, types of governance structures
  • 5.2 – Risk assessment, probability, likelihood, exposure factor, risk register, risk tolerance, risk appetite
  • 5.3 – Third-party penetration testing, evidence of internal audits, independent assessments, vendor selection, memorandum of agreement (MOA), work order (WO) / statement of work (SOW), vendor monitoring, questionnaires
  • 5.4 – Compliance reporting, sanctions, compliance monitoring, privacy legal implications, data inventory and retention, right to be forgotten
  • 5.5 – Compliance, audit committee, self-assessments, external audits and assessments
  • 5.6 – Recognizing a phishing attempt, responding to reported suspicious messages, anomalous behavior recognition, user guidance and training, reporting and monitoring

What strategies should be used when moving from the SY0-601 Security+ exam to the SY0-701 version?

Use the Exam Objectives as a checklist

CompTIA’s official exam objectives are always the best source to determine which topics are associated with the Security+ exam. These objectives are not only valuable to use during your studies, but they also make a great checklist before taking your exam.

Use the right study materials

As you’ve already seen, there are significant differences between the SY0-601 exam objectives and the SY0-701 exam objectives. Because of these changes, we highly recommend you use study materials written to match the version of the exam you’re planning to take. If you’re taking the SY0-701 exam, make sure all of your videos, books, and other study materials have been specifically written for the SY0-701 exam.

Get the right mix of study materials

The best combination of study materials follows the Professor Messer WRAP Formula: Watch a video training course, Read a good book, Apply your knowledge with hands-on labs, and Practice with lots of Q&A. Professor Messer provides a complete library of training materials covering every topic from the official CompTIA Security+ SY0-701 Exam Objectives, including both free and commercial options:

https://www.professormesser.com/get-comptia-security-plus-certified/

Get Security+ Certified

Join thousands of others working to earn their Security+ credentials. Join the Professor Messer community now!

Get Started Now