Skip to main content

V3

PenTest+ V3 (New Version)

CompTIA PenTest+ validates your ability to identify, mitigate, and report system vulnerabilities. Covering all stages of penetration testing across attack surfaces like cloud, web apps, APIs, and IoT, it emphasizes hands-on skills such as vulnerability management and lateral movement. This certification equips you with the expertise to advance your career as a penetration tester or security consultant.

Plus PenTest+ Certification

PenTest+ (V3) exam objectives

Engagement management (13%) 

  • Planning and scoping: defining rules of engagement, testing windows, and target selection.
  • Legal and ethical compliance: ensuring authorization letters, mandatory reporting, and adherence to regulations.
  • Collaboration and communication: aligning with stakeholders through peer reviews, escalation paths, and risk articulation.
  • Penetration test reports: creating reports with executive summaries, findings, and remediation recommendations.

Reconnaissance and enumeration (21%) 

  • Active and passive reconnaissance: gathering information using open-source intelligence (OSINT), network sniffing, and protocol scanning.
  • Enumeration techniques: performing DNS enumeration, service discovery, and directory enumeration.
  • Reconnaissance tools: using tools like Nmap, Wireshark, and Shodan for information gathering.
  • Script modification: customizing Python, PowerShell, and Bash scripts for reconnaissance and enumeration.

Vulnerability discovery and analysis (17%) 

  • Vulnerability scans: conducting authenticated, unauthenticated, static application security testing (SAST) and dynamic application security testing (DAST).
  • Result analysis: validating findings, troubleshooting configurations, and identifying false positives.
  • Discovery tools: using tools like Nessus, Nikto, and OpenVAS for vulnerability discovery.

Attacks and exploits (35%) 

  • Network attacks: performing VLAN hopping, on-path attacks, and service exploitation.
  • Authentication attacks: executing brute-force attacks, pass-the-hash, and credential stuffing.
  • Host-based attacks: conducting privilege escalation, process injection, and credential dumping.
  • Web application attacks: performing SQL injection, cross-site scripting (XSS), and directory traversal.
  • Cloud-based attacks: exploiting container escapes, metadata service attacks, and identity and access management (IAM) misconfiguration.
  • AI attacks: explaining prompt injection and model manipulation against artificial intelligence systems.

Post-exploitation and lateral movement (14%) 

  • Post-exploitation activities: establishing persistence, performing lateral movement, and cleaning up artifacts.
  • Documentation: creating attack narratives and providing remediation recommendations.

Exam details

  • Exam version: V3

  • Exam series code: PT0-003

  • Launch date: December 17, 2024

  • Number of questions: maximum of 90, including multiple-choice and performance-based questions

  • Length of test: 165 minutes

  • Passing score: 750 (on a scale of 100–900)

  • Recommended experience:  3–4 years in a penetration tester job role, with Network+ and Security+ or equivalent knowledge

  • Languages: English on release; other languages TBD

  • Retirement of the previous exam: June 17, 2025

  • Testing provider: Pearson VUE testing centers and online testing

Skills learned

  • Plan and scope penetration tests while ensuring compliance with legal and ethical requirements, and develop detailed reports with remediation recommendations to support engagement management.

  • Perform active and passive reconnaissance, gather information, and enumerate systems to uncover vulnerabilities effectively.

  • Conduct vulnerability scans, analyze results, and validate findings to identify and address security weaknesses.

  • Execute network, host-based, web application, and cloud-based attacks using appropriate tools and techniques to test system defenses.

  • Maintain persistence, perform lateral movement, and document findings to support remediation efforts during post-exploitation activities.

Stay informed

Advance with confidence

Get updates, insights, and exclusive offers to support your learning journey and career growth.