The Security+ Nouveau has arrived! However, would you be
so inclined, you will still be able to sit for the “old” SY0-301 until December
31 of 2014.
The new material in CompTIA’s Certification Exam
Objectives for Security+ SY0-401 center mostly around the Cloud, mobile and the
challenges posed to internal security when allowing third party access.
They say you can make statistics say whatever you want it
to say and that holds, to a certain extent, true when it comes to analyzing the
difference between the new Security+ and the old one.
A superficial look will make the changes seem very minor.
You still have the exact same number of main domain, six. They are labelled
exactly the same as before and the difference in how they are weighed at the
exam is within a couple of percent or so compared to the old exam. Security+
SY0-401 has six main domains and a total of 33 sub domains. Of these 33 sub
domains only four are completely new and they are:
2.2 Summarize the security implications of integrating
systems and data with third parties.
2.9 Given a scenario, select the appropriate control to
meet the goals of security.
4.2 Summarize mobile security concepts and technologies.
4.5 Compare and contrast alternative methods to mitigate
security risks in static environments.
So four new sub domains out of 33 and we're looking at
just a bit over 12% added content to cover, right? Wrong, because here, as in
so many other cases, the devil is in the details.
Looking closer you will notice that (including the four
all new sub-domains) 22 out of the 33 sub-domains in SY0-401 have seen some content
added. Now we are looking a 66% difference! This of course is going a bit far
in the other direction but does demonstrate that a superficial analysis, is yet
again, not going to give you the whole story. So we have to look beyond just
the sub-domain level. Just for clarity here is how the terminology works:
Example of CompTIA objectives listing
|
Our terminology
|
1.4
Given a scenario, implement common protocols and services.
|
Sub-domain
|
• Protocols
|
Topic
|
o IPSec
|
Sub-topic
|
We prefer “Main-objective” for the top level objective and
“Sub-objective” instead of Sub-domain. However, in the interest of clarity and minimum
confusion, we use “Domain” because that is what CompTIA uses in their “Certification
Exam Objectives” document. To get these documents click on the following links:
Exam Objectives for SY0-301
and SY0-401.
So back to our analysis, the new exam objectives have a
total of 307 Topic items and 339 sub-topics. How many of those are new? There
are in all 61 Topic items and 128 new sub-topics. This means that 20% of the
Topics are new while 36 of the Sub-topics are new. This is quite significant.
The exam has a maximum of 90 questions, with 128 new sub-topics you could arguably
(although agreed, that would be extreme) sit for an exam that has none of the
content of the “old” SY0-301 exam. Here is another superficial fact, but this
may not lead to the wrong conclusion, the Certification Exam Objectives for
SY0-301 is 16 pages while the new Certification Exam Objectives document for
SY0-401 is 23 pages long…
So what does this mean to you? It means that if you already have started preparing for Security+ you are probably going to want to make sure you take it before December 31st because as you can see above there are some chances you will be facing a very different exam next year. If you haven’t started yet, then it doesn’t matter much, just let your schedule dictate which one you go for. Having said that the SY0-301 may still be more attractive as it probably will require a little less preparation. One thing we haven’t covered here are the changes in CompTIA’s Acronym list for the new cert but that will have to wait till the next post…
No comments:
Post a Comment