Penetration testers defend organizations by discovering weaknesses before the bad guys do. CompTIA’s new PenTest+ certification validates your knowledge around identifying, exploiting, reporting and managing vulnerabilities.
Check out this slide deck to review everything you need to know about CompTIA’s PenTest+ cert, including:
-Why CompTIA created the PenTest+ certification
-How PenTest+ compares to certs like Certified Ethical Hacker (CEH)
-Who should earn a PenTest+ certification
-An overview of the PenTest exam
2. Looking for
CPEs?
Infosec webinars are a great way
to earn CPEs
• Request your completion certificate at:
infosecinstitute.com/cpe
• CPE eligibility varies by certifying body.
Learn more at:
infosecinstitute.com/cpe-requirements
6. CompTIA PenTest+ certification
Domain % of exam
1.0 Planning and Scoping 15%
2.0 Information Gathering and Vulnerability Identification 22%
3.0 Attacks and Exploits 30%
4.0 Penetration Testing Tools 17%
5.0 Reporting and Communication 16%
Total 100%
CompTIA PenTest+ is a certification for intermediate-skills level cybersecurity professionals who are tasked
with hands-on penetration testing to identify, exploit, report and manage vulnerabilities on a network.
PenTest+ assesses the most up-to-date penetration testing, and vulnerability assessment and management skills
necessary to determine the resiliency of the network against attacks. Successful candidates will have the
intermediate skills and best practices required to customize assessment frameworks to effectively collaborate on
and report findings, and communicate recommended strategies to improve the overall state of IT security.
Skills competence for key job roles:
● Penetration tester
● Vulnerability tester
● Security analyst (II)
● Vulnerability assessment analyst
● Network security operations
● Application security vulnerability
7. How is Pentest+ different?
1. CompTIA PenTest+ is the only exam taken at a Pearson VUE testing center with both
hands-on, performance-based questions and multiple-choice, to ensure each
candidate possesses the skills, knowledge and ability to perform tasks on systems
1. CompTIA PenTest+ exam not only covers hands-on penetration testing and vulnerability
assessment, but includes management skills used to plan, scope and manage
weaknesses, not just exploit them.
1. CompTIA PenTest+ is unique because our certification requires a candidate to
demonstrate the hands-on ability and knowledge to test devices in new environments
such as the cloud and mobile, in addition to traditional desktops and servers.
9. PenTest+ exam information
Item Description
Exam code PT0-001
Launch date July 31, 2018
Availability Worldwide
Pricing $349 USD (as of 10/1/2018)
Testing provider Pearson VUE testing centers
Question types Performance based and multiple choice
# of questions Maximum of 85 questions
Length of test 165 minutes
Passing score 750 (on a scale of 100-900)
Languages English only
Recommended
experience
Network+, Security+ or equivalent knowledge
CE program, ISO/ANSI
and DoD accreditation
Yes, part of CE program; CompTIA will pursue ISO/ANSI 17024 and DoD 8140/8570 approval
12. Workforce indicators
The U.S. Bureau of Labor Statistics (BLS)
classifies the job role under Information
Security Analysts, which includes:
● Conduct penetration testing, which is
when analysts simulate attacks to
look for vulnerabilities in their
systems before they can be exploited
● Median pay: $92,600 per year
● Number of jobs available: 82,900
● Job outlook: 28% growth by 2026
(much faster than average)
Cyberseek.org classifies the job role
under Penetration & Vulnerability Tester,
which includes:
● Median pay: $98,000 per year
● Number of jobs available: 6,695
(For comparison purposes, Cyberseek.org
states Cybersecurity Analyst open jobs at
19,017 jobs. That identifies one
pentester/vulnerability assessor job for
every three security analyst jobs.)
15. Red team vs. blue team
Red team
(penetration testing)
Blue team
(security analyst)
Red teams try to break into systems by
identifying weaknesses in people, processes
and technology
Blue teams discover, contain and remove
intruders through intrusion detection tools and
other methods
16. Red team vs. blue team
Red team exploits
are demonstrated
Blue team intrusion
detection tools discover
red team exploits
18. PenTest+ domain objectives
1.0 Planning and Scoping 15%
1.1 Explain the importance of planning for an engagement
1.2 Explain key legal concepts
1.3 Explain the importance of scoping an engagement properly
1.4 Explain the key aspects of compliance-based assessments
19. PenTest+ domain objectives
2.0 Information Gathering and Vulnerability Identification 22%
2.1 Given a scenario, conduct information gathering using appropriate techniques
2.2 Given a scenario, perform a vulnerability scan
2.3 Given a scenario, analyze vulnerability scan results
2.4 Explain the process of leveraging information to prepare for exploitation
2.5 Explain weaknesses related to specialized systems
20. PenTest+ domain objectives
3.0 Attacks and Exploits 30%
3.1 Compare and contrast social engineering attacks
3.2 Given a scenario, exploit network-based vulnerabilities
3.3 Given a scenario, exploit wireless and RF-based vulnerabilities
3.4 Given a scenario, exploit application-based vulnerabilities
3.5 Given a scenario, exploit local host vulnerabilities
3.6 Summarize physical security attacks related to facilities
3.7 Given a scenario, perform post-exploitation techniques
21. PenTest+ domain objectives
4.0 Penetration Testing Tools 17%
4.1 Given a scenario, use Nmap to conduct information gathering exercises
4.2 Compare and contrast various use cases of tools
4.3 Given a scenario, analyze tool output or data related to a penetration test
4.4 Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell)
22. PenTest+ domain objectives
5.0 Reporting and Communication 16%
5.1 Given a scenario, use report writing and handling best practices
5.2 Explain post-report delivery activities
5.3 Given a scenario, recommend mitigation strategies for discovered vulnerabilities
5.4 Explain the importance of communication during the penetration testing process
24. Get PenTest+ certified
Learn penetration testing and prepare to earn your
PenTest+ certification
Hands-on training
Build your skills through 100+ labs in our cloud-hosted
cyber ranges, or test your exam readiness with dozens of
certification practice exams
7-day free trial, then $34/month!
Your complete career advisor
Your subscription includes unlimited access to 300+
courses and 45+ skill- and certification-based learning
paths, including:
● CompTIA’s Security+ (18 courses)
● CompTIA’s CySA+ (17 courses)
● CompTIA’s CASP+ (16 courses)
26. Start your free trial
today!
infosecinstitute.com/skills
The bad guys are getting
smarter. Are you?
27. About us
At Infosec, we believe knowledge is the most
powerful tool in the fight against cybercrime. We
provide the best certification and skills
development training for IT and security
professionals, as well as employee security
awareness training and phishing simulations.
www.infosecinstitute.com
708.689.0131