Skip to main content

V2

PenTest+ V2 (Retiring Version)

CompTIA PenTest+ validates your ability to perform penetration testing and vulnerability management across attack surfaces like cloud, web apps, IoT, and on-premises environments. It emphasizes your hands-on skills in exploiting vulnerabilities, post-exploitation techniques, and reporting findings. Please note that the English version of the V2 exam has retired, but you can still take it in Japanese, Portuguese, and Thai until September 17, 2025. If you want to pursue the latest certification, the newer V3 exam is available.

Plus PenTest+ Certification

PenTest+ (V2) exam objectives

Planning and scoping (14%) 

  • Rules of engagement: defining testing windows, target selection, and engagement rules.
  • Compliance: ensuring adherence to legal, ethical, and regulatory requirements.
  • Scoping: validating scope, reviewing contracts, and identifying in-scope assets.
  • Time management: developing strategies to manage time effectively.
  • Professionalism: maintaining confidentiality and adhering to ethical hacking principles.

Information gathering and vulnerability scanning (22%) 

  • Reconnaissance: performing active and passive reconnaissance using open-source intelligence (OSINT) and protocol scanning.
  • Enumeration: identifying hosts, services, and users through DNS and service discovery.
  • Vulnerability scans: conducting scans and analyzing results to identify false positives.
  • Tools: Nmap, Nessus, and OpenVAS for information gathering.
  • Analysis: validating findings and assessing the impact of vulnerabilities.

Attacks and exploits (30%) 

  • Network attacks: executing VLAN hopping, on-path attacks, and exploiting misconfigured services.
  • Authentication attacks: performing brute-force, pass-the-hash, and credential stuffing.
  • Host-based attacks: conducting privilege escalation and credential dumping.
  • Web application attacks: performing SQL injection, cross-site scripting (XSS), and directory traversal.
  • Cloud attacks: exploiting container escapes, metadata services, and identity and access management (IAM) misconfigurations.
  • Social engineering: executing phishing, pretexting, and other social engineering techniques.

Reporting and communication (18%) 

  • Reports: creating detailed reports with findings, summaries, and remediation steps.
  • Communication: presenting results to technical and non-technical stakeholders.
  • Collaboration: aligning with teams to review findings and escalate risks.
  • Compliance: ensuring reports meet regulatory and compliance standards.
  • Follow-up: provide recommendations and support for remediation efforts.

Tools and code analysis (16%) 

  • Tool usage: identifying and using tools like Metasploit, Burp Suite, and Wireshark.
  • Script analysis: analyzing and modifying scripts in Python, PowerShell, and Bash.
  • Automation: using tools to automate vulnerability scans and exploit execution.
  • Use cases: matching tools to appropriate phases of penetration testing.
  • Customization: adapting tools to meet specific engagement needs.

Exam details

  • Exam version: V2

  • Exam series code: PT0-002

  • Launch date: October 28, 2021

  • Number of questions: maximum of 85, a mix of multiple-choice and performance-based questions

  • Length of test: 165 minutes

  • Passing score: 750 (on a scale of 100–900)

  • Recommended experience: 3–4 years in a penetration tester job role, with Network+ and Security+ or equivalent knowledge

  • Languages: English, Japanese, Portuguese, and Thai

  • Testing provider: Pearson VUE testing centers and online testing

  • Retirement date: June 17, 2025 (English); September 17, 2025 (Japanese, Portuguese, and Thai)

Skills learned

  • Plan and scope penetration tests while ensuring compliance with legal and ethical requirements.

  • Develop detailed reports that include clear remediation recommendations.

  • Perform active and passive reconnaissance, gather information, and enumerate systems to identify vulnerabilities during information gathering and vulnerability scanning.

  • Execute network, host-based, web application, and cloud-based attacks using appropriate tools and techniques to test system defenses.

  • Maintain persistence, perform lateral movement, and document findings to support remediation efforts during post-exploitation activities.

  • Analyze scripts or code samples and explain the use of various tools employed during penetration testing for tools and code analysis.

Stay informed

Advance with confidence

Get updates, insights, and exclusive offers to support your learning journey and career growth.