IT certifications show employers that candidates have the knowledge and skills they need to do the job, and they help IT pros advance in their careers. As cybersecurity has become a critical function, cybersecurity certifications are among the most popular IT certifications globally.
The CompTIA PenTest+ certification is a vendor-neutral, internationally targeted validation of intermediate-level penetration testing (or pen testing) knowledge and skills. It focuses on the latest pen testing techniques, attack surfaces, vulnerability management, post-delivery and compliance tasks.
The skills covered by CompTIA PenTest+ help companies comply with regulations, such as PCI-DSS and NIST 800-53 Risk Management Framework (RMF), which require pen tests, vulnerability assessments and reports. CompTIA PenTest+ is approved under the Department of Defense (DoD) Directive 8140/8570.01-M and under ANSI/ISO standard 17024.
IT Jobs Related to CompTIA PenTest+
The next version of CompTIA PenTest+ (PT0-002) is slated to launch in October 2021. CompTIA updates its certifications every three years to keep up with evolving technology, so your skills are relevant and you stay up to date on the latest technologies.
When CompTIA updates exams, subject matter experts (SMEs) from the industry participate in workshops to write and review the content, ensuring that the exam domains, objectives and questions validate the skills needed on the job today.
Cybersecurity experts from the following companies contributed to the update of CompTIA PenTest+:
- RxSense
- John Hopkins University Applied Physics Laboratory
- U.S. Army
- Target Corp.
- General Dynamics IT (GDIT)
- Ricoh
Read more about the CompTIA exam development process.
As cyberattacks continue to grow, more IT job roles are tasked with pen testing and vulnerability management to address today’s cyberthreats. Updates to CompTIA PenTest+ reflect those skills and prepare you to test and manage a broader attack surface that includes cloud, hybrid environments and internet of things (IoT) devices for vulnerabilities. Organizations must be proactive in preventing the next cyberattack.
The primary CompTIA PenTest+ job roles are similar to the previous version, as the core skills requirements for these jobs have not significantly changed over time:
As more cybersecurity job roles are tasked with identifying vulnerabilities and remediation techniques across broader surfaces, the following job roles can also benefit from a CompTIA PenTest+ certification:
- Cloud penetration tester
- Web app penetration tester
- Cloud security specialist
- Network and security specialist
- Information security engineer
- Security analyst
CompTIA PenTest+ PT0-001 vs PT0-002
CompTIA PenTest+ addresses the latest trends, techniques and attack surfaces – covering the core and intermediate skills in penetration testing and vulnerability management, ensuring high performance on the job. Let’s break down some of the highlights.
CompTIA PenTest+ Exam Domains
The exam domains covered in CompTIA PenTest+ PT0-001 and PT0-002 are not vastly different, as they are still relevant to the job roles, but you will see some slight changes.
- We changed the name of exam domain 2.0 from Information Gathering and Vulnerability Identification to Information Gathering and Vulnerability Scanning.
- We also swapped the order of two domains – what was formerly 5.0 Reporting and Communication is now 4.0, (with the same name), and what was formerly 4.0 Penetration Testing Tools is now 5.0 Tools and Code Analysis.
|
CompTIA PenTest+ PT0-002 Exam Domains |
CompTIA PenTest+ PT0-001 Equivalency |
| 1. Planning and Scoping (14%) |
1. Planning and Scoping (15%) |
| 2. Information Gathering and Vulnerability Scanning (22%) |
2. Information Gathering and Vulnerability Identification (22%) |
| 3. Attacks and Exploits (30%) |
3. Attacks and Exploits (30%) |
| 4. Reporting and Communication (18%) |
4. Penetration Testing Tools (17%) |
| 5. Tools and Code Analysis (16%) |
5. Reporting and Communication (16%) |
However, the new CompTIA PenTest+ (PT0-002) focuses on the most up to date and current skills needed for the following tasks:
- Planning and scoping a penetration testing engagement
- Understanding legal and compliance requirements
- Performing vulnerability scanning and penetration testing using appropriate tools and techniques, and then analyzing the results
- Producing a written report containing proposed remediation techniques, effectively communicating results to the management team and providing practical recommendations
This is equivalent to three to four years of hands-on experience working in a security consultant or penetration tester job role. CompTIA PenTest+ is recommended to follow CompTIA Security+ on the CompTIA cybersecurity career pathway.
CompTIA PenTest+ Exam Objectives
The exam purpose and audience are similar in both CompTIA PenTest+ PT0-001 and PT0-002 with the same number of exam domains, titles and page count. However, we consolidated the exam objectives down from 24 to 21 to improve the instructional design and merge similar topics.
Specifically, these changes have been made from CompTIA PenTest+ PT0-001 to PT0-002:
- Newer techniques for pen testing an expanded attack surface
- Emphasis on demonstrating an ethical hacking mindset given various scenarios
- More focus on the hands-on tasks and automation required for vulnerability management
- More focus on code analysis to emphasize the growing need to identify and analyze code during a penetration test (Note: Code development is not included on CompTIA PenTest+)
As you use the exam objectives to prepare for your test, note that they are not exhaustive of everything you may be tested on. Consider the exam objectives stem (the heading) as your item to study and the bulleted lists as examples of some of the things that might be covered. CompTIA is constantly reviewing exam content and updating questions to ensure relevance and exam integrity.
How CompTIA PenTest+ Evolves With the Industry
In a field like cybersecurity, where the job is continually evolving, CompTIA exam domains need to reflect what’s happening in the industry now. The following table explains why we updated the CompTIA PenTest+ exam domains and how they relate to job requirements.
|
Exam Domain |
Description |
How It Applies to the Job |
| 1.0 Planning and Scoping |
Includes updated techniques emphasizing governance, risk and compliance concepts, scoping and organizational/customer requirements and demonstrating an ethical hacking mindset. |
Pen testers can be held criminally liable when operating without ethics or proper approvals. Pen testing is required for compliance to regulations such as PCI-DSS and the NIST 800-53 RMF. |
| 2.0 Information Gathering and Vulnerability Scanning |
Includes updated skills on performing vulnerability scanning and passive/active reconnaissance, vulnerability management as well as analyzing the results of the reconnaissance exercise. |
Automation is required for modern vulnerability management to counteract automated attacks. Organizations must efficiently mitigate vulnerabilities, avoiding unnecessary dangers to operations. |
| 3.0 Attacks and Exploits |
Includes updated approaches to expanded attack surfaces; researching social engineering techniques; performing network, wireless, cloud and application-based attacks; and post-exploitation techniques. |
Updated skills are needed to secure multiple attack surfaces; 87% of CompTIA-certified IT pros already work in expansive hybrid environments (both on-premises and in the cloud), and 93% work in multi-cloud environments. |
| 4.0 Reporting and Communication |
Expanded to focus on the importance of reporting and communication in an increased regulatory environment during the pen testing process through analysis and appropriate remediation recommendations. |
Communication is critical for the penetration testing lifecycle because collaboration is essential for identifying and managing vulnerabilities. Reporting is especially important for complying with regulations. |
| 5.0 Tools and Code Analysis |
Includes updated concepts of identifying scripts in software deployments, analyzing a script or code sample and explaining use cases of pen test tools (Note: Scripting and coding is not required). |
Exposure to different scripts and code samples provides an expanded toolbox to help pen testers progress through their career. Pen testers work with scripting more as they advance in their careers. |
How to Train for CompTIA PenTest+
It may seem like CompTIA PenTest+ covers a lot of ground, but don’t worry, we’ve got your back. CompTIA offers training solutions, including study guides, online self-study tools and instructor-led courses that are designed to cover what you need to know for your CompTIA exam. No other content library covers all the exam objectives for all certifications.
CompTIA training solutions help you prepare for your CompTIA certification exam with confidence. Whether you are just starting to prepare and need comprehensive training with CompTIA CertMaster Learn, want to apply your knowledge hands-on with CompTIA Labs or need a final review with CompTIA CertMaster Practice, CompTIA's online training tools have you covered.
Ready to get started? Download the exam objectives for CompTIA PenTest+ (PT0-002) to begin studying now.
