Today I’ll be reviewing the CompTIA PenTest+ exam, a basic penetration testing certification with an emphasis on planning, scoping, and reporting on offensive engagements. The exam covers the knowledge and skills related to security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures to help teach the essentials of preventing, detecting, and responding to incidents and breaches.
The PenTest+ PT0–001 exam contains four weighted sections:
- 15% Planning and Scoping — policies and procedures, legal concepts, contract types, and rules of engagement
- 22% Information Gathering and Vulnerability Identification — vulnerability scanning and enumeration, exploit identification, identifying and scanning specialized systems
- 30% Attacks and Exploits — host, network, application, wireless, social engineering, and physical attacks, as well as post-exploitation techniques
- 17% Penetration Testing Tools — reconnaissance, enumeration, vulnerability scanning, credential attacks, persistence, evasion, forensics, debugging, and software assurance tools
- 16% Reporting and Communication — report writing, post-engagement cleanup, findings and remediation
There is a maximum of 80 questions (multiple-choice and “performance-based,” AKA simulations) on the exam, with 165 minutes to answer them. A passing score is 750 on a scale of 900, or roughly 83% (although not all questions are necessarily weighted equally or counted in the score).
How I scored
I’m a third-year computing security student at RIT in upstate New York, so I already had a bit of exposure to penetration testing before attempting the exam, including classes in web application and network security as well as red/blue team competitions. I definitely don’t think you need this kind of experience to attempt this exam, but it helped me quite a bit and saved many hours of studying.
I passed PT0–001 with a score of 802 out of 750 points. I studied for about 2 weeks (from 12/27/2019 to 1/10/2020), with the test on 1/10 at 11:00 AM.
How did I pay for the exam?
I am fortunate enough to have the CyberCorps Scholarship for Service pay for my certifications. In general, I don’t recommend pursuing certifications unless your company, school, or scholarship will pay for it, but I also recognize that there might be edge cases.
If you are a student, the CompTIA Academic Marketplace offers nicely discounted exam vouchers for students enrolled in accredited colleges and universities.
The Pearson VUE testing centers
I took the exam in the same testing center in Minnesota that I usually go to while I am at home during breaks between semesters and co-ops, which I wrote a bit about previously.
My study materials
As I say every time, the exam objectives should always be the first resource that anyone studying for a certification exam should review.
Download the topics in PDF format. Cross out or highlight content that is familiar or unfamiliar to you, take notes in the margins, essentially do whatever you need to give yourself a clear picture or roadmap for how you will attempt this exam and in what order you will study the content. Sometimes, CompTIA’s syllabus is not always the best order in which new students should learn the content.
Jason’s courses have always been fantastic for a general overview of CompTIA exams. I found that he did a comprehensive job with each section except for domain 4 (penetration testing tools). In that section, he basically just listed off the many tools in the exam objectives, which I didn’t find helpful and don’t think is sufficient for this exam. However, this can mostly be rectified by just downloading and using the tools free tools yourself if you don’t already have experience with them.
I found these questions to be very realistic compared to the actual exam. In fact, I think I had about 5–6 questions that were almost word-for-word identical when I sat for it. However, I think there were also a few questions that might have been out of the exam scope or for which the answer and explanation were incorrect when reviewing Jason Dion’s videos. I still think it’s a great resource, though.
My CompTIA exam strategy is usually to skip the performance-based simulations presented at the beginning of the exam, answer as many multiple choice questions as possible, return to the performance-based simulations, then review any flagged questions I am unsure about at the end of the exam.
There were about 65 questions, 5 of which were performance-based. This surprised me because, in previous exams, I’ve always had a maximum of 3 PBQs. However, I had around 2.5 hours, which was more than enough time and seemed like more time than I had been given for previous exams like CySA+ (even though I know the time limit was the same). I finished with about an hour to spare.
There wasn’t really anything surprising on the exam. While the specific questions and other exam details are under NDA, I can speak generically about my experience. Obviously, I saw a significant amount of Nmap questions. I also remember questions on debugging/decompiling, how to remain stealthy when conducting a test, and “identify the type of threat actor” being prominent. Study the exam objectives and you have nothing to worry about.
- Identify false positives
- Write a script
- Identify web application vulnerabilities
- Run a port scan
- Identify vulnerable web traffic
Good luck with your studies!
To anyone else taking the exam, good luck! I’ve been jumping back and forth between Cisco and CompTIA exams for a bit; I also received CCNA Security on December 27th and will probably start on CCNA Cyber Ops after this semester of classes is over.
I thought CySA+ was harder than PenTest+. From what I can remember (I took it in April), most of the CySA+ questions were very in-depth and scenario-based. They required a lot of reading and attention to detail to choose the correct answer. In contrast, PenTest+ questions seem to mostly ask technical questions about a tool (what it does, how to apply it, etc.) or an attack type (specifically web vulnerabilities).
The PenTest+ covers the knowledge and skills related to security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures to help teach the essentials of preventing, detecting, and responding to incidents and breaches. It is definitely fundamental in these categories despite being classified as an “intermediate” CompTIA certification. I feel that many more practical certifications would be better for entry-level penetration testers, like eLearnSecurity’s Junior Certified Penetration Tester. For someone with no penetration testing experience, however, it might still be a good start. Regardless, best of luck, and do reach out if you have any questions.
I do not use affiliate links, nor do I earn compensation for any products I endorse in this post. These are the resources I used to pass this exam and my honest reviews of them.