The PenTest+ exam has been on the scene as long as the CySA+ exam and has quickly become a fan favorite. There hasn’t been as much clamoring for this certification in the workplace, but the topics and domains are helpful for those in the assessment space. This isn’t to downplay PenTest+, however, it is still globally recognized, is in various countries, and is vendor neutral.
Here’s a great primer from Infosec:
The difficulty is in the intermediate level. See below for PenTest+ PT0-001 exam details.
- Number of Questions: 75 questions (85 max)
- Duration: 165 minute duration, not including survey time, about 2 minutes per question
- Score Range: 100-900
- Passing Score: 750 (roughly 83%, not including experimental questions)
- Types of Questions:
- Multiple Choice – can have more than one answer
- Performance Based – perform the requested action
- Planning and Scoping 15%
- Information Gathering and Vulnerability Identification 22%
- Attacks and Exploits 30%
- Penetration Testing Tools 17%
- Reporting and Communication 16%
- PT0-002: October 2021, Current
- PT0-001: July 31, 2018, retiring April 2022
- Planning and Scoping
- Information Gathering and Vulnerability Identification
- Attacks and Exploits
- Penetration Testing Tools
- Reporting and Communication
After the Exam
- Requires 60 Continuing Education credits after passing exam.
- CompTIA PenTest+ Page
- CompTIA PenTest+ PT0-001 Exam Objectives
- 5 Reasons Cybersecurity Experts Love CompTIA PenTest+
- Penetration Tester
- Vulnerability Tester
- Security Analyst (II)
- Vulnerability Assessment Analyst
- Network Security Operations
- Application Security Vulnerability
The NICE Cybersecurity Workforce Framework reveals that CompTIA PenTest+ covers two job roles in addition to penetration testing that is in high demand — vulnerability management and vulnerability assessment. If you look at the job boards (Indeed.com, LinkedIn Jobs, etc.), there are quite a few more vulnerability management and assessment jobs in the U.S. than penetration testing jobs.
Learn the material in this certification to learn everything all the way from pre-project planning and scoping to post-project reporting and communication. The cybersecurity strategy portion is invaluable. Any up and coming cyber pro will quickly realize there’s more to it than just learning hard cybersecurity skills.