CompTIA Security+ SY0-601 vs SY0-701: A Full Breakdown

CompTIA Security+ SY0-601 vs SY0-701

Embarking on your CompTIA Security+ certification journey has now presented a fork in the road. Do you take the established SY0-601 or the new SY0-701? With both exams available, the dilemma of preparing for CompTIA Security+ SY0-601 vs SY0-701 is a pivotal decision.

What has changed? What is different? What is no longer included in the exam objectives? We discuss why CompTIA updates the exams, dig into the domains and objectives, and explore any changes that have occurred.  

Read on to learn the answers to these questions and more as we break down Security+ SY0-601 and SY0-701.

Why the Update?

CompTIA regularly updates and refreshes its Security+ exams approximately every three years. This ensures that the exams remain relevant to new industry standards and changes. As technology continuously evolves, staying up-to-date is crucial. Accordingly, CompTIA removes any content it deems irrelevant.

Also, CompTIA has slightly changed what it deems necessary before writing the Security+ exam. They recommend having your Network+ and two years of experience in a security/ systems administrator role before taking the SY0-701. This is simply a recommendation.

What Hasn’t Changed Between Exams?

While CompTIA routinely updates its Security+ exams, some aspects of the exam have remained consistent.

For instance, the cost is still $392 USD, and the exam duration remains 90 minutes. Candidates can expect a maximum of 90 questions, which will be a mix of multiple-choice and performance-based. Once passed, the certification is valid for three years, and renewing it requires either completing Continuing Education Units (CEUs) or obtaining other advanced CompTIA certifications like the CySA+.

For the SY0-701 exam, there is one interesting change to note, CompTIA has not included the required passing score in its downloadable PDF objectives, unlike in SY0-601.

This omission could be an oversight or indicate a potential shift toward a pass-fail grading system, similar to the CASP+ exam, which only informs you whether you've passed or failed.

However, the required score is still mentioned on the official website, and it's currently the same as before, requiring a score of 750 on a scale of 100-900, so it's something to watch.

SY0-601 and SY0-701 Domains Compared

The domains in SY0-701 have changed and been refreshed from the SY0-601 ones. Let’s break down the domains, compare them, and tell you what has changed.

Both versions have the same number of domains but are organized differently. Additionally, the SY0-701 exam has fewer objectives (28 vs. 35) than SY0-601.

Here are the domains for the SY0-601 exam.

Security Plus SY0-601 Domains

For a more detailed breakdown of these domains for the SY0-601, read our article The 5 CompTIA Security+ Domains: All You Need To Know About.

And here are the new Security+ SY0-701 domains.

Security Plus 701 Domains

Let's go through each SY0-701 domain and what each encompasses.

  1. General Security Concepts (12%)

This domain dives into the foundational aspects of security, including the CIA triad of Confidentiality, Integrity, and Availability. It also introduces various types of security controls like preventive, deterrent, and corrective, and the Zero Trust architecture.

2. Threats, Vulnerabilities, and Mitigations (22%)

This domain focuses on identifying and understanding common threat actors and their motivations, such as nation-states and hacktivists. It also discusses various threat vectors like email, SMS, and vulnerable software.

3. Security Architecture (18%)

This domain centers on secure systems architecture, discussing data types, classifications, and methods to secure data. It also covers high availability considerations like load balancing and site considerations like geographic dispersion.

4. Security Operations (28%)

This is the most heavily weighted domain and covers a wide range of operational activities, including incident response and the importance of automation and orchestration in secure operations. It also discusses using various data sources like logs and vulnerability scans to support security investigations.

5. Security Program Management and Oversight (20%)

This domain focuses on the governance aspects of security, summarizing elements of effective security governance like policies and standards. It also goes into risk management processes, strategies, and security awareness practices like phishing recognition and user training.

Domain Changes

Let's take a look at what changes have occurred as they pertain to the domains themselves.

  • Domain 1 in SY0-701 ("General Security Concepts") is a new addition, not directly corresponding to any single domain in SY0-601. Most of the concepts in this new domain were spread throughout the SY0-601 objectives.
  • Domain 1 in SY0-601 ("Attacks, Threats, and Vulnerabilities") has moved to become Domain 2 in SY0-701 ("Threats, Vulnerabilities, and Mitigations").
  • Domain 2 in SY0-601 ("Architecture and Design") has moved to become Domain 3 in SY0-701 ("Security Architecture").
  • Domain 3 in SY0-601 ("Implementation") doesn't have a direct counterpart in SY0-701 but is now spread across multiple domains.
  • Domains 4 and 5 in both objectives are conceptually similar, although worded differently. In SY0-601, they are "Operations and Incident Response" and "Governance, Risk, and Compliance," while in SY0-701, they are "Security Operations" and "Security Program Management and Oversight."

Domain Weight Changes

Now that you understand how the domains have changed, let's look at how the domain weights have changed in the SY0-701.

New areas of focus have been introduced, and some previous domains have either been rephrased or their topics dispersed into other domains.

This shift in focus and restructuring of domains means that the SY0-701 exam is adapting to the evolving world of cyber security, placing emphasis on areas that are becoming increasingly critical in the field, such as operations and program management.

New Focus:

  • The SY0-701 exam introduces a new domain, "General Security Concepts," which accounts for 12% of the exam.

Shifted Focus:

  • "Threats, Vulnerabilities, and Mitigations" in SY0-701 is a rephrased version of "Attacks, Threats, and Vulnerabilities" from SY0-601. However, its weight has decreased from 24% to 22%.
  • "Security Architecture," formerly "Architecture and Design," remains consistent in terms of focus, moving from 21% in SY0-601 to 18% in SY0-701.

Increased Focus:

  • "Security Operations," formerly "Operations and Incident Response," has increased from 16% in SY0-601 to a whopping 28% in SY0-701, putting much more emphasis on operational security.
  • "Security Program Management and Oversight" in SY0-701 is the new version of "Governance, Risk, and Compliance" from SY0-601 and has increased slightly, moving from 14% to 20%.
Domain 1: Attacks, Threats, and Vulnerabilities24%Domain 1:  General Security Concepts12%
Domain 2: Architecture and Design21%Domain 2: Threats, Vulnerabilities, and Mitigations22%
Domain 3: Implementation25%Domain 3: Security Architecture18%
Domain 4: Operations and Incident Response16%Domain 4: Security Operations28%
Domain 5: Governance, Risk, and Compliance14%Domain 5: Security Program Management and Oversight20%

What Is New to SY0-701?

Within the revamped objectives for SY0-701, what is new, and where does CompTIA put its focus compared to the SY0-601?

The SY0-701 covers emerging attack vectors, vulnerabilities, risk management strategies, and security technologies not present in the previous SY0-601 exam. There is increased emphasis on securing hybrid environments encompassing cloud, mobile, IoT, and operational technology.

CompTIA has done a great job of streamlining the content in the new exam objectives. Everything flows nicely. Introducing you to general concepts before diving into other areas.  The objectives have been cleaned up and are much better organized. Having the objectives laid out this way should make it easier to learn.

The CompTIA Security+ 601 objectives placed a greater emphasis on requiring you to apply your knowledge in specific, practical contexts.

The 701 exam objectives focus more on a conceptual and analytical understanding of security topics, encouraging you to explain, compare, and contrast various elements.

It aims for a more comprehensive understanding of security concepts, moving beyond just practical application to also include analytical skills.

Let’s look at some of the new information in the SY0-701 domains.

Domain 1: General Security Concepts

In this new domain, fundamental security concepts (1.2)  include new terms like "Gap analysis" and "Honeytoken." This reflects the industry's growing focus on advanced security models, like Zero Trust, which abandons the notion that internal traffic is automatically safe. To emphasize this shift, the domain features a larger, more detailed section on “Zero Trust.”

Another notable addition is the emphasis on change management processes (1.3), particularly terms like "backout plan," which highlights the necessity of planning for changes in security infrastructure.

Domain 2: Threats, Vulnerabilities, and Mitigations

The new exam version makes substantial updates in discussing threat actors and motivations (2.1). New terminologies like "Nation-state," "Blackmail," and "Espionage" reflect an evolving threat landscape that now involves not just criminals but internal risks as well.

There is greater detail on supply chain vulnerabilities (2.2) and (2.3), perhaps in light of recent supply chain attacks. This section also introduces new indicators of malicious activity like "Bloatware" and "RFID cloning" (2.4), acknowledging the range of methods attackers use.

Domain 3: Security Architecture

Updates in this section focus on topics like "Fail-open" and "Fail-closed" failure modes (3.2), new terms for data types such as "Trade secret" and "Intellectual property" (3.3), as well as new considerations for multi-cloud systems and geographic dispersion for site considerations (3.4).

These updates reflect the industry's evolving priorities and the latest terminology. Ensuring you are prepared for modern cyber security.

Domain 4: Security Operations

The emphasis has shifted towards establishing, deploying, and maintaining "Secure baselines" (4.1). The focus has also expanded to hardening various targets like IoT and cloud infrastructure, a nod to the expanding attack surfaces in current technologies.

New tools for alerting and monitoring like "SCAP" and "SNMP traps" are introduced (4.4), reflecting the tools currently popular in the industry.

Expanded identity and access management topics like privilege access management, passwordless authentication, and multifactor authentication implementations (4.6) exist, and a greater focus on automation, orchestration, and scripting related to security operations (4.7).

Domain 5: Security Program Management and Oversight

Significant updates in this last section include new focus areas like "Vendor assessment" and "Vendor monitoring" under third-party risk assessment and management (5.3).

Compliance monitoring and reporting now include internal and external facets, indicating the rising importance of compliance in the cyber security landscape (5.4).

Additionally, including topics like the "Right to be Forgotten" underscores the growing emphasis on individual privacy rights within the context of compliance and cyber security.

The inclusion of terms such as “Anomalous behavior recognition” and “Hybrid/remote work environments” (5.6) shows a focus on modern challenges with cyber security and the workforce.

Along with this information, new acronyms have been added to the SY0-701. They include:

  • CIA: Confidentiality, Integrity, Availability
  • FIM: File Integrity Monitoring
  • IAM: Identity and Access Management
  • IaC: Infrastructure as Code
  • RDP: Remote Desktop Protocol
  • RBAC: Role-Based Access Control
  • SASE: Secure Access Service Edge
  • SD-WAN: Software-defined Wide Area Network
  • SE Linux: Security Enhanced Linux
  • SOW: Statement of Work
  • TOU: Time of Use
  • XDR: Extended Detection and Response

What Has Been Removed Since SY0-601?

The evolution of CompTIA Security+ from SY0-601 to SY0-701 showcases a notable shift. Numerous elements were removed from SY0-601. Here’s a breakdown of notable areas of change.

Implementation Scenarios

SY0-601 had an emphasis on scenario-based learning and practical implementation with numerous objectives framed as "Given a scenario/incident, implement/use/analyze  X." This emphasis has significantly reduced in SY0-701, going from 14 to seven, which shows how CompTIA is moving towards a more comprehensive grasp of security concepts.

Penetration Testing Techniques

The SY0-601 exam explicitly requires an understanding of penetration testing techniques, dedicating its entire objective (1.8), “Explain the techniques used in penetration testing,”  to penetration testing, a focus that is not as well-covered in the SY0-701 exam.

In SY0-701, penetration testing is only touched upon in (4.3), (5.3), and (5.5), with these sections emphasizing management, audits, and assessments.

Terms such as black and white box and red and blue team have been removed in favor of unknown and known environments and offensive and defensive. Instead of explaining techniques, more focus is on explaining the type of penetration testing assessments.

Digital Forensics

The SY0-601 objectives explicitly mention explaining the key aspects of digital forensics in (4.5). “Explain the key aspects of digital forensics.” This is only mentioned briefly in the 701 objectives  (4.8) “Explain appropriate incident response activities.”


A notable removal from SY0-601 is (4.1) “Given a scenario, use the appropriate tool to assess organizational security,” covering various tools and commands essential for network reconnaissance, file manipulation, and forensics. Tools such as Nmap, tracert/traceroute, Cuckoo, Tcpreplay, and Wireshark, shell protocols like SSH, and script environments such as Python and PowerShell, among others, are no longer mentioned in SY0-701.

Social Engineering and Physical Security Controls

While SY0-601 has dedicated comprehensive objectives comparing different types of social engineering techniques in (1.1) “Compare and contrast different types of social engineering techniques” and highlighting the importance of physical security controls in (2.7) “Explain the importance of physical security controls,” SY0-701 has relegated these topics to smaller sections. For social engineering, they are only briefly mentioned in (2.2) and (5.6). For security controls, (1.2) and (5.1).

Virtualization and Cloud Computing Concepts

The detailed virtualization and cloud computing objectives in SY0-601 (2.2) “Summarize virtualization and cloud computing concepts” have been replaced, and CompTIA only mentions related acronyms in SY0-701, such as IaaS, PaaS, and Managed service provider (MSP). In comparison, terms like fog computing and edge computing have been removed entirely.

Attack Frameworks

Attack frameworks such as MITRE ATT&CK and Cyber Kill Chain which were mentioned in SY0-601 (4.2) “Summarize the importance of policies, processes, and procedures for incident response”, are no longer mentioned in SY0-701.

In transitioning to SY0-701, a range of specific acronyms that were present in SY0-601 have been removed. Here are a handful that have been removed:

  • ABAC: Attribute-Based Access Control
  • CAC: Common Access Card
  • CBT: Computer-Based Training
  • DMZ: Demilitarized Zone
  • DNSSEC: Domain Name System Security Extensions
  • EOS: End-of-Service
  • EOL: End-of-Life
  • MAM: Mobile Application Management
  • MITM: Man-in-the-Middle
  • MITM: Man-in-the-Middle
  • NAS: Network-Attached Storage
  • OSI: Open Systems Interconnection
  • OWASP: Open Web Application Security Project
  • QA: Quality Assurance
  • RAM: Random Access Memory
  • RCS: Rich Communication Services
  • WORM: Write Once, Read Many

CompTIA Security+ SY0-601 vs SY0-701: Which Should I Take?

Now that you have all the information pertaining to the SY0-701, should you take the SY0-601 or the SY0-701?

Our recommendation is to take the one with the most training material available to you, including textbooks, courses, and practice tests, to aid your preparation. Given that the SY0-601 has been on the market for a longer period, it has way more study materials, making your preparation potentially easier.

Take the SY0-601 until you can’t anymore.


We have provided you with a great comparison between the new SY0-701 and the soon-to-be-retired SY0-601 CompTIA exams.

You should now have a much better understanding of not only the changes in the domains and their weighted values but also a much deeper insight into the updates to the objectives themselves. This information is crucial for making an informed decision on which exam to take based on your study resources and timeline.

Whichever exam you ultimately decide on, we wish you the best of luck in your CompTIA Security+ certification journey!

Are you looking to gain an edge in preparing for Security+? Join our Accelerator program today and take advantage of community resources, mentorship, training, mastermind groups, and more.

Frequently Asked Questions

Level Up in Cyber Security: Join Our Membership Today!

vip cta image
vip cta details
  • Richard Dezso

    Richard is a cyber security enthusiast, eJPT, and ICCA who loves discovering new topics and never stops learning. In his home lab, he's always working on sharpening his offensive cyber security skills. He shares helpful advice through easy-to-understand blog posts that offer practical support for everyone. Additionally, Richard is dedicated to raising awareness for mental health. You can find Richard on LinkedIn, or to see his other projects, visit his Linktree.