
While CompTIA regularly makes changes to its most popular vendor-neutral certification exams, usually there is a bit of time staggered between them. This year, however, they updated both the Security+ and the Network+ exams in a very short timespan. In a previous article, we looked at the changes to Network+ (from N10-006 to N10-007), and in this article, we will focus on the changes to Security+ (from SY0-401 to SY0-501).
Domains
The SY0-401 exam consisted of 90 questions and there were 90 minutes in which to complete them with a minimum passing score of 750 (on a scale from 100 to 900). It was/is (as long as it still available) divided into six domains and weighted as follows:
1) Network Security 20 percent
2) Compliance and Operational Security 18 percent
3) Threats and Vulnerabilities 20 percent
4) Application, Data and Host Security 15 percent
5) Access Control and Identity Management 15 percent
6) Cryptography 12 percent
The SY0-501 exam has the same number of questions, time, and minimum passing score. It six domains and weighting have changed as follows:
1) Threats, Attacks and Vulnerabilities 21 percent
2) Technologies and Tools 22 percent
3) Architecture and Design 15 percent
4) Identity and Access Management 16 percent
5) Risk Management 14 percent
6) Cryptography and PKI 12 percent
While the number of domains stays the same, the overall number of objectives has actually gone up: from 33 to 37. The following table lists the domains/objectives on SY0-501 and offers a few notes on each:

In addition to looking at the domains/objectives, when you are studying for an exam you should also look at the acronyms/terminology associated with that exam and make sure you know them. The following acronyms are among those that have been added to the newest iteration of the Security+ exam that were not on the previous one:
- ABAC: Attribute-based Access Control
- CBC: Cipher Block Chaining
- COPE: Corporate Owned, Personally Enabled
- CTM: Counter-Mode
- CYOD: Choose Your Own Device
- DER: Distinguished Encoding Rules
- ECB: Electronic Code Book
- EMP: Electro Magnetic Pulse
- MMS: Multimedia Message Service
- MDA: Memorandum of Agreement
- MSP: Managed Service Provider
- OTA: Over The Air
- PEM: Privacy-enabled Electronic Mail
- PFX: Personal Exchange Format
- RAT: Remote Access Trojan
- RTOS: Real-time Operating System
- SDN: Software Defined Network
- SED: Self-encrypting Drive
- SoC: System on Chip
- WORM: Write Once Read Many
- XOR: Exclusive Or
While these were added, only a few acronyms were removed from the previous version, including: FQDN, HSRP, JBOD, NOS, OLA, RDP, SONET, and TFTP.
Important Update: We have updated our Privacy Policy to comply with the California Consumer Privacy Act (CCPA)