Exploring the New CompTIA 7.0 exam. Updates on Security Plus Exam and Comparisons with Security Plus 6.0

Nope , I think it was last month . Anyway , welcome to technology tap . I'm Professor Jayrod . For those of you who don't know me , I am a college professor in the New York area and I do these podcasts .

You know I try to do two a month and it's all based most of it is based on CompTIA and technology at large , and is Professor Jayrod JROD like the baseball player , a rod , except they said Jay instead . All right , welcome . And on this week's edition we're going to talk about the new security plus . Can you imagine that ? Right ?

I think I did a recording on when it went from five to six and now it is going to six , from 601 to 701 . Now , those of you who are probably studying for the 601 , you probably panic mode saying , oh my god , I missed my window . Fear not , comptia does . Let you give out both tests parallel .

So you have up to July 31st of next year , of 2024 to take the 601 exam . That's the good thing about CompTIA they run it parallel because you know you just the exam just came out right and you know you just , you know you're still studying for it . So but that puts pressure on you which is a good thing to get the exam done by July 31st of next year .

So those of you interested , we could always do question answer sessions , right , if you want , on technology tab , you just got to let me know . Email me at professor Jayrod , that's professor Jay ROD , at gmailcom , and we can work something out .

Always love to interact with my fans and always , always , always , looking forward to you passing your CompTIA exams anyway , any , any of them . So one of the big things about this CompTIA one , and that I saw doing some research , is CompTIA initially did not , even though they released some objectives , they didn't do the score , they didn't give a score .

So that speculated some people to believe that it was going to be like the CompTIA CASP exam the CASP , which , if you didn't know , and I didn't know until recently , is pass , fail , right . So a lot of people thought that it maybe this exam was going to be pass failed . But they , they did release the score and it's the same .

It's 750 out of 900 in order to pass this exam . So at least they did that . They didn't change that . But they , they do say that they have done a significant amount of change in this new one . They're saying that the number of exam domains has come down .

You know , actually , let me rephrase that the number of domains have remained the same , but it's fewer objectives from 28 it's 28 objectives used to be 35 on the 601 and it's due to being more focused job role in a maturing industry . Several the exam domains and exam objectives were reordered and redained to address and structural design improvements .

Plus , comptia is constantly reviewing exam content and updating questions to ensure wellness and exam integrity . So they've changed it . You know that's a seven domains , is is uh , it's pretty significant .

And about 20 of the exam objectives were updated to include current trends , the latest trends in threats , attacks , vulnerabilities , automation , zero trust , which is fairly new risk and internet of things . Ot and cloud environments are emphasized , as well as communication , reporting and teamwork . Collaboration is key . That's what I always say .

My classrooms , my students , probably tired of hearing me saying that , but I always say collaboration is key in IT . Right , because in the overall scheme of things right when you break it down to its essential . It is really in the communication business and you have to learn how to communicate with your team .

Hybrid environments the latest techniques for cybersecurity professionals working in hybrid environments that are located in the cloud or on premise . Cybersecurity professionals should be familiar with both worlds . Let's take a look at the domains that they have here .

So just to compare it to the 601 , the 601 had attacks and threats and vulnerabilities , which was 24% of the exam . Architecture and design 21% . Implementation 25% . Operations and incident response 16% . And governance , risk and compliance was at 14% . So this is the new exam , the 701 . It is the general . Security concepts is 12% .

Threats , vulnerabilities and mitigation is 22% . Security architecture is 18% . It looked like that went down . Security operations it's at 28% . That looks like it went up . From what is it ? Security operations ? So operation and incident response so up from 16% . And security program management and oversight it's 20% .

Looks like that's one of the newer concepts that they have , or they might have merged some domains here . So let's take a look at some of the objectives here from CompTIA . It's very interesting every time they come up with a new exam and the new things that they do . People freak out . I know it's . I find it to be a little bit funny . All right .

So general security concepts right . Categories technical managerial operations still have that . Control types right , they still have that . Summarized fundamental security concepts again CIA still there . Aaa still there . Zero trust they implemented See . Explain the importance of change management process right , change management is well last five , 10 years .

Explain the importance of using appropriate cryptographic solutions right . Public key structure encryption still asymmetric . Symmetric tools again . Tokenization , data masking , hashing , salting , digital signatures still in there . All still in there .

Threats , vulnerabilities and mitigation they talk about threat actors , attributes , their motivation , common threat , attacks and attack services . They have message base emails , sms and instant message , image base , voice call , removable devices . Talk about unsecured network , both wireless and Bluetooth , open service fault supply chain .

And talk about again my best topic , social engineering fishing , fishing smishing , misinformation , impersonation , business email , compromise pretext water and hill type was squatting . I actually heard of a new said fishing , fishing smishing . Smishing is fairly new and it was another one I forgot .

If I remember , I'll post it , but I know there's another one , it's a newer one nowadays . Explained various type of vulnerabilities to talk about buffer overflow , race conditions , operating system-based , web-based , hardware-based virtualization Again . Supply chain , mobile devices like siloing and jailbreaking they talk about giving a scenario .

Analyze indicators of malicious activity modwares , physical attacks , network attack , application attacks , cryptographic attacks , password spraying attacks that's a new one . Indicators , account lockouts , block content , impossible travel that sounds like it's new .

So a lot of new stuff here from the other as compared to the other exam , like you may know it , but they're just putting it on the exam now . Explained the purpose of mitigation techniques used to secure the enterprise . Again , least privilege is still there application allow , list isolation , patching , segmentation , decommissioning that's new Right .

What are you gonna do with the products that you already have been using and you kind of wanna get rid of them because they're old , right ? Number three security architecture . Compare and contrast security implications of different architect models . That architecture and infrastructure concept cloud , serverless right . They have cloud , responsible matrix , hybrid considerations .

Third party infrastructure has a code serverless , micro servers , network infrastructure on premise , centralized versus decentralized , containerization , virtualization , internet of things , embedded system , real time operating system considerations availability , costs , responsiveness , patch , available , inability to patch , power and compute All right .

Next one giving a scenario apply security principles to secure enterprise infrastructures . They talk about infrastructure considerations , device placements , security zones attack surface , failure mods , network compliance , ips , ids still in there . Secure communication access , vpn , remote access , tunneling right , still in there .

Compare and contrast concepts through strategies to protect data , data types , regulated trace secrets , intellectual properties , data classification they still have . General data considerations right , data at rest and transient use methods to secure data , geographic restrictions , encryption , hashing all that's still there .

See , explaining the importance of resiliency and recovery and security architecture , high availability , platform diversity right , don't use the same company for everything . Multi-cloud system right . Testing , tabletop exercise , failover simulations , parallel process right Still there . You know if you taking . You know power generators , ups you know again .

Now listen , let me pause this while we will go over two more

. One of the things I like to say is , with security plus and I might get people who say , hey , professor , you're out of your mind , but I think in a lot of cases but the security plus is a little bit easier than network plus . Now tell me if you're wrong . I've had both and I I found the security plus even though the topic is harder .

I think the exam is easier because it's more of Knowing what they're asking , right . So it's , if you study Terms and definitions and what they do , you should be able to pass this exam . Where network plus it's , you know , because of , I guess , subnetting and binary that's in there and I be addressing it's a little bit .

I find it's a little bit more difficult , though . Subnetting was really difficult for me in the Beginning . It's now , of course , easy because I've been teaching this for years and the method that I learned subnetting is is is fabulous . I Feel that network was a little bit harder Than security plus , though I did have to .

I felt like I had a study more for security plus . I don't know , that's weird , but let me know if you , if you , if you agree or disagree , email me , professor J Rod J R O D at gmailcom . I want to know what you think . Did you think that those of you who have both , do you think network and security plus Were harder ?

I should do pole Right , that would be a good idea . Do a poll question and , of course , a lot of this stuff . Scaffold right , like the , the , the biggest mistake that I made , that I see in in people who want to change the careers and I'm all for it .

Believe me , guys , you'll never get a bigger fan than me as far as you want to change career to it , regardless of what you were doing prior , right ? Because I'm I believe that this is a field that has plenty of opportunities , plenty of opportunity for employment , planning of opportunities for advancement and plenty of opportunities to make money .

But I find it interesting that people want to jump right away to security plus . I know that's the one that the a lot of people really , really want , especially the government . But I find that , if you , this is , this is not easy , right ? So , if you know , I almost said tell my students , you know , it's like jumping in front of the line , right ?

You want to jump ahead in front of the line because you want to be able to say to yourself hey , this is this one out , it's gonna make me more money . And , yes , it's true , you might get hired for a job Making more money because you have the security plus .

And a lot of people like to Hire people , what I call a taba roaster , like clean slate , like didn't work anywhere . You know , don't have any Other companies , bad habits , they take you and they teach you from the ground up their way .

And with security plus , you have the ability to do that and that's why it's a it's a good one to have , but I've you know , since a lot of this stuff scaffolds , right , using my education background , and in what I mean by scaffold is , if you take a plus , and you take network plus and you take security plus , you're gonna see a lot of things that are the

same . So by the time you get to security plus , there's a lot of things that you already know , right , and if you're taking one of these Woukamp classes that are very , very popular in this country , you and they don't have time to explain to you a lot of this stuff , right ?

There's an assumption that you already know this stuff and they won't go over the little stuff I Right that you supposedly learned in order to take up security plus exam , even come tears , says you have to have two years of experience in the field before you take this exam . That's what . That's what they expect , right ?

They expect you to have two years of experience and this in this field before Before you you be able to take it . So I don't know , it's up to you if you feel like this is , this is something that you should be doing . It's up to you . I don't , you know , if you want to jump straight to security plus , I Don't really recommend it ?

I recommend that you take Go through the natural a plus that were plus and then go to security plus and not Jumping straight to security plus Because you might find it very difficult . You might find it very difficult , so all right , let's , let's Continue . You got security operations given a scenario . Apply common security techniques to computing resources .

They talk about security baseline Hardling targets right mode device workstation switches , routers right . How do we do that ? Update right . Wireless devices installation considerations , site surveys , heat map , mobile solutions , mdm Right . Use jams Right . If you're using Apple products , the play model , bring your own device , which I absolutely hate .

Bless you people who tolerate that . Wireless security Settings . They talk about WPA 3 now Right . Triple a again , radius cryptology , cryptographic protocols , authentication protocols . So explain the security , implement , take , implement implications of proper hardware , software and data asset management .

So they talk about acquisition , monitoring , asset tracking , inventory , disposal , the commissioning , sanitation , destruction , certification , data retention , if you need it . I Explained various activities associated with vulnerability management , identification methods , application security .

They talk about analysis , vulnerability response and remediation , patching , insurance , segmentation , compensating , control . They talk about validation of remediation , rescanning , orderly verification . Explain security alerting and monitoring concept and tools Right . They talk about monitoring computer resources , activities .

Tools Right security concept , automation , benchmark agents , anti-virus , dlp's they talk about that , giving a scenario . Modify enterprise capabilities to enhance security firewall , ids , ips , right opening operating system , security group policy , sel , se , linux , dns , filtering , email security Giving a scenario .

Implement and maintain Identity and access management provisioning , the provisioning of user accounts . Permission assignment and implement . Implement and permission assignments and implications . Identity proofing , single sign-on , which is very popular now . Access control , multi-factor authentication very popular now , and you in , especially with your phone .

You know you can't , you can't be without your phone nowadays . Explain the importance of automation and orchestration related to security operations that's a new domain . Use case of automation and scripting , the benefits and other considerations .

Explain appropriate incident response activities your processes , training , testing , group cost analysis , digital forensics Given a scenario . Use data sources to support and investigations log data , firewalls , logs , your logs , right Data resources , data sources , vulnerability scans , automation reports , etc .

Security program and oversight since the last only summarize elements of effective security governance your guidelines , your policies , your standards with password access control , your procedures of change management , onboarding and offboarding Playbooks that's new external considerations regulatory , legal , industry , local , regional , national , global .

That's new roles and responsibilities for system and data . Explain and that I think that's that's expanded . They had on the last exam a little bit , a little bit , but I think that has May have expanded . Explain the risk , the , the elements of risk management process risk identification , risk assessments Right . Ad hoc recurring one time .

A continuous risk analysis still there , right . You expose your factor yes . Single loss expectancy , all that . Risk registers , risk tolerance , risk appetite still there , that hasn't changed , right . Business impact analysis your recovery time objective your recovery point objective still in there . Meantime to repair Hasn't changed .

Explain the process associated with third-party risk assessment and management Vendor assessment , vendor selection , due diligence , conflict of interest that's new Right . Agreement types that has stays the same , uh . Vendor monitoring questionnaires rules of engagement that's new , right . They have the oh , this , right . This vendor assessment .

Right to audit clause , evidence of internal audits that's new , good stuff here . Summarize , uh elements of effective security compliance your compliance reporting , consequences of non-compliance , compliance monitoring , privacy Some of this stuff is new guys . Look at that . Uh . Next 5.5 .

Explain the types and purpose of audits and assessments internal , external penetration testing that's still in there , right , given the scenario . Implement security practice You're phishing . Behavioral recognition , risky , unexpected , unintentional user guidelines and training .

And other than that , you have policy handbook , situational awareness , insider threat , password management , removal , media and cables , social engineering , uh reporting and monitoring initial , initial and recurring development and execution . So it looks like , and all this I got from the CompTIA objectives . It's a PDF that they that they give you , uh , that you can get .

You can find this online . Uh , they have a hardware and software list . Now this is new , uh for the Security Plus . Comptia has included this sample list of hardware and software to assist candidates as they prepare for the Security Plus 701 , exam .

This list may be helpful , helpful for training companies that wish to create a lab component for their training offering . All right , so they have equipment .

They have a list of equipment tablet , laptop , web server , firewall , router , switch , ids , ips , wireless access point , virtual machines , wow , spare hardware , nic power supplies , managed switch tools , wi-fi analyzer , network map , per net flow analyzer software , windows Linux , kali Linux , packet capture software , pentesting software and others .

They have a lot more than you know , than I just mentioned keyloggers , the ACP service , dns service , sample code and then others , access to cloud environment , sample network documentation and diagram and sample logs that you can use for your , you know , to practice . This is a . This is a good idea .

I may be wrong , but I think that's the first time I got to look at the other ones , but I think this might be the first time that I see CompTIA do that . But , as you can see . And then they have , of course , their acronym list , which is always helpful for people who need a little bit reminder of what the acronyms are . There's a couple of pages here .

We'll see anything new that pops off , but I'm sure they will be just too . Just too long to go through . Anyway , yeah , good luck to anybody who wants to take this new exam . Again , it came out November 7th and again you could still take the 601 and the 701 , they're running parallel . They will run parallel until July 31st of next year .

So if you're studying for your 601 now , you're on the clock , ladies and gentlemen , literally you're on the clock and you know , start doing it . You know , don't , don't . You know those of you who've taken classes or taken a camp course or a class , you know now is the time to start .

You know , start studying and start planning a date where you could take the exam . And that's the key , right ? You should go to Pearson View and schedule a day that you want to take the exam , right ? That way you already have that mind frame set right .

Oh , I'm going to take the exam , you know February 15th , right , and then you could always move the date , right I think it's only four hours in advance If you're not comfortable or you're not ready .

But the important thing is setting a date right and you could still take the 601 and you know you don't have to worry and it's still going to be valid , right ? Nobody really asks you .

I think the only people who really care about what exams that you , that you have for Security Plus , is really like trainers , right , if you're training for this , if they're hiring you as a trainer to teach Security Plus , a lot of companies want you to have the newest exam . Some they don't care , but a lot of them do .

So if you , if you're taking , if you're teaching this , you might have to take this exam . But most people don't . You know , most companies don't care . Security Plus is Security Plus , so they're going to end up training you anyway . So you know , if you can take the first one the 601 , if that's the one that you're going to take , no harm , no foul .

No one's going to tell you like , oh , I'm not going to hire you because you don't have the 701 . That's not going to happen . They're still going to hire you because they it's still valid . So again , other than me , no one's going to ask you how you , what was your score . So there's that All right . So that's going to put a bow on on this episode today .

I want to thank everyone for listening and I want to wish a very happy Thanksgiving . Spend some time with your family , eat a lot of turkey and we'll see you next time . This has been our Little Chacha Productions , part by Sarah . Music by Joe Kim . If you want to reach me , you can email me at professorjrodsjrodcom , also on Instagram at professorjrod .