CompTIA PenTest+ (PT0-002) is an exam designed for cybersecurity professionals involved in penetration testing and vulnerability management. It is known for its comprehensive coverage of all penetration testing stages, making it the industry standard for assessing penetration testing skills.
Key highlights of CompTIA PenTest+:
- Comprehensive Exam: PenTest+ covers all stages of penetration testing with a focus on hands-on vulnerability assessment, scanning, analysis, planning, scoping, and weakness management. It uses a mix of performance-based and knowledge-based questions.
- Vulnerability Management: This exam emphasizes hands-on vulnerability assessment and management, including scanning, analysis, and planning. It assesses your skills in identifying and addressing vulnerabilities.
- Up-to-Date Techniques: PenTest+ ensures candidates are well-versed in the latest penetration testing techniques, applicable to cloud environments, hybrid setups, web applications, the Internet of Things (IoT), and traditional on-premises systems.
Skills you will learn include:
- Planning and Scoping: Governance, risk, and compliance concepts, ethical hacking mindset, and organizational requirements.
- Information Gathering and Vulnerability Scanning: Vulnerability scanning, reconnaissance, and vulnerability management.
- Attacks and Exploits: Expanding attack surfaces, social engineering, network attacks, wireless attacks, application-based attacks, and attacks on cloud technologies.
- Reporting and Communication: The importance of reporting and communication in a regulatory environment.
- Tools and Code Analysis: Identifying scripts, analyzing code samples, and using various tools during penetration testing.
Potential job roles for CompTIA PenTest+ certified professionals include Vulnerability Analyst, Security Consultant, Cloud Penetration Tester, Web App Penetration Tester, Cloud Security Specialist, Network Security Specialist, Network Security Operations, Threat Intelligence Analyst, and Penetration Tester.
The exam (PT0-002) was launched on October 28, 2021, and contains a maximum of 85 questions, both performance-based and multiple choice. The test duration is 165 minutes, and the passing score is 750 on a scale of 100-900. While there is no strict prerequisite, it is recommended to have Network+ or Security+ knowledge and 3-4 years of hands-on information security experience. The exam is available in English, Japanese, Portuguese, and Thai.
The certification is typically valid for three years from the launch date, and it’s offered through Pearson VUE testing centers, including online testing, at a cost of $392 USD.
Difficulty: 1 out of 5.
If you're coming from taking CySA+, you're going to be extremely disappointed by this certification.
Offensive security is all about being an expert in using your tools to achieve a result.
This certification is about memorizing the names of tools and what category they fall into. Very little practical use and no one in offensive security really cares about it. There are cheaper and better options like PNPT or the newish certification from Hackthebox.
Since tools are replaced faster than an exam could ever keep up, you're essentially just learning the functions of old tools for attacks that might be deprecated by the time you take the exam. Every other offensive security certification manages to get this right with strictly practical exams. No, that doesn't include CEH despite the name.
Overall, I'd say save your money and go for something different.