Security vulnerabilities and exploits are more common than ever. Organizations must develop vigorous security postures that protect assets through penetration testing. This testing of an organization’s information systems can help in determining the resiliency of their security postures and highlight how resistant they are to unauthorized access. Stakeholders must agree to the bounds of the testing, and a report including the data collected with recommended mitigation strategies must be formed.
The new CompTIA PenTest+ reflects this and addresses all stages of the penetration testing process. Keep reading to get answers to the most common questions we get about CompTIA’s intermediate pen testing cybersecurity certification.
Why Is There a New Version of CompTIA PenTest+?
Every three years, CompTIA PenTest+ gets updated to meet the needs of the industry and ensure that IT pros have the skills necessary for today’s cybersecurity jobs. Like its predecessor PT0-001, CompTIA PenTest+ (PT0-002) is still designed for cybersecurity professionals tasked with penetration testing and vulnerability management.
The updates to CompTIA PenTest+ qualify penetration testers tasked with assessing the most up-to-date penetration testing, vulnerability assessment and management skills necessary to determine the resiliency of the network against attacks.
People who have CompTIA PenTest+ are able to do the following:
- Plan and scope a penetration testing engagement
- Understand legal and compliance requirements
- Perform vulnerability scanning and penetration testing using appropriate tools and techniques, and then analyze the results
- Produce a written report containing proposed remediation techniques, effectively communicate results to the management team and provide practical recommendations
Other penetration testing exams only cover a portion of the stages with essay and hands-on questions. CompTIA PenTest+ is the most comprehensive exam covering all penetration testing stages, with both performance-based and knowledge-based questions.
Learn more about the difference between CompTIA PenTest+ 001 vs. 002.
What’s on the Latest Version of CompTIA PenTest+?
The latest version of CompTIA PenTest+ (PT0-002) includes performance-based and multiple-choice exam questions across five domains:
- Planning and Scoping (14%)
- Information Gathering and Vulnerability Scanning (22%)
- Attacks and Exploits (30%)
- Reporting and Communication (18%)
- Tools and Code Analysis (16%)
These domains relate back to the primary responsibilities of a penetration tester or a security consultant. Someone in this role will have the intermediate-level skills tasked with identifying vulnerabilities and remediation techniques across broader attack surfaces.
You should also be familiar with the following broad categories of software tools:
Web proxying tools
Command and control tools
Credential testing tools
Social engineering tools
Detection and avoidance tools
Remote access tools
Security information and event management (SIEM)/intrusion detection system (IDS)/intrusion prevention system (IPS)
Software assurance tools
Wireless testing tools
Mobility testing tools
See all the topics covered by CompTIA PenTest+ (PT0-002) by downloading the exam objectives for free.
Why Should I Get the New CompTIA PenTest+?
The new CompTIA PenTest+ certification endorses your intermediate-level cybersecurity skills with a credential that’s respected industry-wide across the globe:
- CompTIA PenTest+ is the only exam on the market to include all aspects of vulnerability management – not only hands-on vulnerability assessment, scanning and analysis, but also planning, scoping and managing weaknesses, not just exploiting them.
- CompTIA PenTest+ is the most current penetration testing exam covering the latest techniques against expanded attack surfaces – a unique exam that requires a candidate to demonstrate the most relevant pen testing skills for the cloud, hybrid environments, web applications, Internet of Things (IoT) devices, embedded systems and traditional on-premises.
- CompTIA PenTest+ fulfills the U.S. Department of Defense (DoD 8570) compliance and National Initiative for Cybersecurity Education (NICE) work roles.
When you've earned CompTIA PenTest+, you can be confident in your ethical hacking skills.
Ready to Buy CompTIA PenTest+?
Once you’ve decided that CompTIA PenTest+ is right for you, head on over to the CompTIA Store to purchase your voucher and training solutions – or bundle them for a discount!
What Jobs Can I Get with CompTIA PenTest+?
CompTIA PenTest+ verifies the skills necessary for jobs like penetration tester, security consultant, or cloud penetration tester. One of the benefits of taking the new CompTIA PenTest+ is that it is aligned to the latest trends and techniques against expanded attack surfaces.
Updates to PenTest+ (PT0-002) reflect newer pen testing techniques for the latest attack surfaces, including the cloud, hybrid environments, and web applications, as well as more ethical hacking concepts, vulnerability scanning and code analysis.
Jobs That Use the Cybersecurity Skills Covered by CompTIA PenTest+
(Asterisk denotes primary job roles for CompTIA PenTest+)
With its enhanced objectives, the new CompTIA PenTest+ will confirm a candidate’s ability to thrive in these essential cybersecurity jobs.
How Can I Prepare for the CompTIA PenTest+ Exam?
While there are a range of exam prep tools, instructional videos, training boot camps and the like out there, CompTIA now offers a full suite of training solutions for CompTIA PenTest+, including study guides, eLearning and online courses.
Here’s a quick overview of everything CompTIA will offer to help you prepare for your certification exam:
- CertMaster Learn, eLearning solution
- CertMaster Labs (graded labs), hands-on practice (available in November)
- CertMaster Integrated Learn + Labs, a seamless learning and hands-on practice experience (available in November)
- CertMaster Practice, exam prep
The Official CompTIA PenTest+ Study Guide, available in printed or eBook form (available in November)
Regardless of how you prepare, the best place to start is with the CompTIA PenTest+ exam objectives. You can also download a free CompTIA PenTest+ practice test to understand of the types of questions you’ll be see on the exam.
How Long Will It Take Me to Get CompTIA PenTest+?
The amount of time you’ll need to dedicate to CompTIA PenTest+ training differs for everyone. It depends on your existing knowledge and your hands-on intermediate-level security experience.
We recommend that you have CompTIA Network+ and Security+ or the equivalent knowledge before taking the exam with a minimum of 3 to 4 years of hands-on information security or related experience.
While there is no required prerequisite, PenTest+ is intended to follow CompTIA Security+ and has a technical, hands-on focus. We also recommend that you dedicate 30 to 40 hours of studying before sitting for the exam.
How Much Does the CompTIA PenTest+ Exam Cost?
The retail price for CompTIA PenTest+ (PT0-002) is $370. CompTIA offers numerous ways to reduce this cost. Check out our article on how to save on exam vouchers as well as information about financing options.
I’ve been studying for CompTIA PenTest+ (PT0-001). Should I switch gears and study for CompTIA PenTest+ (PT0-002) instead?
If you’ve been studying for the CompTIA PenTest+ (PT0-001), we recommend reviewing the exam objectives for PT0-002 to see how much of what you’ve already studied is on the new exam.
If it makes sense for your time and level of knowledge, you may want to switch gears and prepare for the new exam (PT0-002). If you’ve already purchased a CompTIA PenTest+ voucher, you can apply it to any version of the exam.
If you choose to take the CompTIA PenTest+ (PT0-001) exam, make sure to do so before it expires in April 2022.
What Is the Expiration Date for CompTIA PenTest+ (PT0-001)?
The English version of the CompTIA PenTest+ PT0-001 exam will retire in April 2022. At that point it will be completely replaced by PT0-002.
How Long Is CompTIA PenTest+ Good For, and How Can It Be Renewed?
As with many CompTIA certifications, CompTIA PenTest+ is good for three years. CompTIA offers a number of ways for you to renew your certifications.
Additionally, earning CompTIA PenTest+ would renew lower-level CompTIA certifications, including CompTIA Cybersecurity Analyst (CySA+), Security+, Network+ and A+.
Can I Skip CompTIA Security+ and Take CompTIA PenTest+?
You can, but it’s not recommended. Intermediate-level cybersecurity pros need the skills required to plan and scope a penetration testing engagement, including vulnerability scanning, understanding legal and compliance requirements, analyzing results, and producing a written report with remediation techniques.
Take a look at the CompTIA Cybersecurity Career Pathway to see how each certification builds on the previous one. Skipping this foundational-level cybersecurity certification could leave a gap in your skills.
We recommend having a minimum of 3-4 years of hands-on information security or related experience.
Is CompTIA PenTest+ Approved by the DoD for 8570 Requirements?
Yes! CompTIA PenTest+ is U.S. DoD 8570 approved and complies with government regulations under the Federal Information Security Management Act (FISMA) and CompTIA PenTest+ also maps to seven NICE framework work roles at over 70%. This mapping positions PenTest+ for the DoD 8140 initiative.
Many government, military and military contractor-related job roles require IT pros to hold certifications that comply with DoD 8570, DoD 8570.01-m and DoD 8140, which identify the skills needed for a cyber-ready workforce and align those skills with certain IT certifications. This matters to IT pros in the private sector, too.
Ready to start studying? Writing out your plan will set you up for success. Download our free training plan worksheet to help get organized and make your dream a reality.