Introduction

The CompTIA® PenTest+® Study Guide: Exam PT0‐003, Third Edition, provides accessible explanations and real‐world knowledge about the exam objectives that make up the PenTest+ certification. This book will help you to assess your knowledge before taking the exam, as well as provide a stepping‐stone to further learning in areas where you may want to expand your skill set or expertise.

Before you tackle the PenTest+ exam, you should already be a security practitioner. CompTIA suggests that test‐takers should have intermediate‐level skills based on their cybersecurity pathway. You should also be familiar with at least some of the tools and techniques described in this book. You don't need to know every tool, but understanding how to use existing experience to approach a new scenario, tool, or technology that you may not know is critical to passing the PenTest+ exam.

CompTIA

CompTIA is a nonprofit trade organization that offers certification in a variety of IT areas, ranging from the skills that a PC support technician needs, which are covered in the A+ exam, to advanced certifications like the SecurityX, certification. CompTIA divides its exams into categories based on what topics it covers, as shown in the following table:

CompTIA recommends that practitioners follow a cybersecurity career path that begins with Tech+ and A+ certifications and proceeds to include the Network+ and Security+ credentials to complete the core skills. From there, cybersecurity professionals may choose the PenTest+ and/or Cybersecurity Analyst+ (CySA+) certifications before attempting the SecurityX certification as a capstone credential.

The CySA+ and PenTest+ exams are more advanced exams, intended for professionals with hands‐on experience who also possess the knowledge covered by the prior exams.

CompTIA certifications are ISO/ANAB accredited, and they are used throughout multiple industries as a measure of technical skill and knowledge. In addition, CompTIA certifications, including the Security+ and the SecurityX, have been approved by the U.S. government as Information Assurance baseline certifications and are included in the State Department's Skills Incentive Program.

The PenTest+ Exam

The PenTest+ exam is designed to be a vendor‐neutral certification for penetration testers. It is intended to assess penetration testing engagement, reconnaissance, vulnerability assessment, and attacks and exploits, with a focus on network resiliency testing. Successful test‐takers will prove their ability plan and scope assessments, handle legal and compliance requirements, and perform vulnerability scanning and penetration testing activities using a variety of tools and techniques, and then analyze the results of those activities.

It covers five major domains:

1. Engagement Management
2. Reconnaissance and Enumeration
3. Vulnerability Discovery and Analysis
4. Attacks and Exploits
5. Post‐exploitation and Lateral Movement

These five areas include a range of subtopics, from scoping penetration tests to performing host enumeration and exploits, while focusing heavily on scenario‐based learning.

The PenTest+ exam fits between the entry‐level Security+ exam and the SecurityX (formerly CompTIA Advanced Security Practitioner [CASP+]) certification, providing a mid‐career certification for those who are seeking the next step in their certification and career path while specializing in pentesting or vulnerability management.

The PenTest+ exam is conducted in a format that CompTIA calls “performance‐based questions (PBQs).” This means that the exam uses hands‐on simulations using actual security tools and scenarios to perform tasks that match those found in the daily work of a security practitioner. There may be numerous types of exam questions, such as multiple‐choice, fill‐in‐the‐blank, multiple‐response, drag‐and‐drop, and image‐based problems.

CompTIA recommends that test‐takers have three or four years of experience as a penetration tester before taking this exam. As of 2024, the exam costs $404 in the United States, with roughly equivalent prices in other locations around the globe. More details about the PenTest+ exam and how to take it can be found at:

https://www.comptia.org/certifications/pentest

Study and Exam Preparation Tips

A test preparation book like this cannot teach you every possible security software package, scenario, and specific technology that may appear on the exam. Instead, you should focus on whether you are familiar with the type or category of technology, tool, process, or scenario presented as you read the book. If you identify a gap, you may want to find additional tools to help you learn more about those topics.

Additional resources for hands‐on exercises include the following:

• Exploit-Exercises.com provides virtual machines, documentation, and challenges covering a wide range of security issues at https://exploit-exercises.com.
• Hacking‐Lab provides capture‐the‐flag (CTF) exercises in a variety of fields at https://hacking-lab.com.
• The OWASP Hacking Lab provides excellent web application–focused exercises at https://owasp.org/www-project-hacking-lab.
• PentesterLab provides a subscription‐based access to penetration testing exercises at https://pentesterlab.com/exercises.

Since the exam uses scenario‐based learning, expect the questions to involve analysis and thought rather than relying on simple memorization. As you might expect, it is impossible to replicate that experience in a book, so the questions here are intended to help you be confident that you know the topic well enough to think through hands‐on exercises.

Taking the Exam

Once you are fully prepared to take the exam, you can visit the CompTIA website to purchase your exam voucher:

http://store.comptia.org

Currently, CompTIA offers two options for taking the exam: an in‐person exam at a testing center and an at‐home exam that you take on your own computer.

This book includes a coupon that you may use to save 10 percent on your CompTIA exam registration.

In‐Person Exams

CompTIA partners with Pearson VUE's testing centers, so your next step will be to locate a testing center near you. In the United States, you can do this based on your address or your ZIP code, while non‐U.S. test takers may find it easier to enter their city and country. You can search for a test center near you at the Pearson VUE website, where you will need to navigate to “Find a test center.”

https://www.pearsonvue.com/us/en/comptia.html

Now that you know where you'd like to take the exam, simply use the link on that site to set up a testing account and schedule an exam.

On the day of the test, take two forms of identification, and make sure to show up with plenty of time before the exam starts. Remember that you will not be able to take your notes, electronic devices (including smartphones and watches), or other materials in with you.

At‐Home Exams

CompTIA began offering online exam proctoring in 2020 through the OnVUE program. Candidates using this approach will take the exam at their home or office and be proctored over a webcam by a remote proctor. For more information on the at‐home testing option, visit:

https://www.pearsonvue.com/us/en/comptia/onvue.html

The OnVUE platform requires specialized software. Be sure to run the OnVUE system test before you register for an online exam. This will save you problems if your system is not compatible with the software.

After the PenTest+ Exam

Once you have taken the exam, you will be notified of your score immediately, so you'll know if you passed the test right away. You should keep track of your score report with your exam registration records and the email address you used to register for the exam. If you've passed, you'll receive a handsome certificate, similar to the one shown here:

Maintaining Your Certification

CompTIA certifications must be renewed on a periodic basis. To renew your certification, you can either pass the most current version of the exam, earn a qualifying higher‐level CompTIA or industry certification, or complete sufficient continuing education activities to earn enough continuing education units (CEUs) to renew it.

CompTIA provides information on renewals via their website here:

https://www.comptia.org/continuing-education

When you sign up to renew your certification, you will be asked to agree to the CE program's Code of Ethics, to pay a renewal fee, and to submit the materials required for your chosen renewal method.

A full list of the industry certifications you can use to acquire CEUs toward renewing the PenTest+ can be found...