About the PenTest+ Exam:

The PenTest+ is among the more intermediate certifications offered by CompTIA and focuses primarily on penetration testing techniques and methodology. The exam has both practical hands on questions as well as traditional multiple choice questions to test both the knowledge and capability of testers.

It is broken up into 5 primary sections

  1. Planning and Scoping - 15%
  2. Information Gathering and Vulnerability Scanning - 22%
  3. Attacks and Exploits - 30%
  4. Penetration Testing Tools - 17%
  5. Reporting and Communication - 16%

For a quick comparison to other offensive side cyber certifications, it is generally regarded as being more difficult and hands on than the Certified Ethical Hacker (CEH), and less difficult/hands on than the eLearnSecurity Junior Penetration Tester (eJPT).

My Experience:

Overall, I really enjoyed the PenTest+ certification. I feel it is a far more accurate reflection of knowledge and ability than the other CompTIA certifications I have taken like Security+. Although there is still a lot to learn that is not reflected on this test, it is a great start for anyone looking to get more of an understanding of Penetration Testing and common attack vectors. I took about a week to formally ‘study’; however, a lot of my hobbies include things like HackTheBox and CTF challenges so I definitely recommend a few months to study for anyone without an existing background. I ended up scoring an 806 after a week of intense studying and felt I had learned a lot from the whole process. Additionally, because the PenTest+ is rated as more difficult than the A+, Net+, and Security+ exams, passing the certification renewed the other three for me which were due to expire this fall. For those interested in taking the certification, I highly recommend it! Listed below are the primary resources that helped make me feel confident in my ability to pass the test. My biggest recommendation is to spend some times hands on to confidently be able to perform, identify, and remediate the attacks listed on the exam objectives.

  • Jason Dion’s PenTest+ course on Udemy - I would recommend starting here. Great way to familiarize yourself with the content of the test; however, it will NOT be sufficient as the actual exam is far more technical than the course is

  • Sybex Practice Test - Good tests that gave me a pretty accurate measurement of my ability to pass the exam. There are a few incorrect answers/explanations so make sure to verify any that are questionable. The exam questions for me were a little more technical than the practice tests found in the book.

  • TryHackMe PenTest+ training path, as well as any other lessons relating to tools on the test. Focus on all things OWASP as well as the general syntax/purpose of the tools mentioned in the exam objectives.

  • HackTheBox - Complete a few boxes, these will really help you understand how to enumerate and exploit systems as well as gain familiarity with pivoting, privilege escalation, reverse shells, and other techniques frequently used in a Penetration Tests.

  • Consider deploying a local Hackazon and Metasploitable VM to practice against