Skip to main content

V3

PenTest+

CompTIA PenTest+ validates your ability to identify, mitigate, and report system vulnerabilities. Covering all stages of penetration testing across attack surfaces like cloud, web apps, APIs, and IoT, it emphasizes hands-on skills such as vulnerability management and lateral movement. This certification equips you with the expertise to advance your career as a penetration tester or security consultant.

Plus PenTest+ Certification

Skills you'll learn

Build skills with CompTIA learning and validate them with the PenTest+ certification. 

  • Plan and scope penetration tests while ensuring compliance with legal and ethical requirements, and develop detailed reports with remediation recommendations to support engagement management.

  • Perform active and passive reconnaissance, gather information, and enumerate systems to uncover vulnerabilities effectively.

  • Conduct vulnerability scans, analyze results, and validate findings to identify and address security weaknesses.

  • Execute network, host-based, web application, and cloud-based attacks using appropriate tools and techniques to test system defenses.

  • Maintain persistence, perform lateral movement, and document findings to support remediation efforts during post-exploitation activities.

 

Exam details

  • Exam version: V3

  • Exam series code: PT0-003

  • Launch date: December 17, 2024

  • Number of questions: maximum of 90, including multiple-choice and performance-based questions

  • Length of test: 165 minutes

  • Passing score: 750 (on a scale of 100–900)

  • Recommended experience:  3–4 years in a penetration tester job role, with Network+ and Security+ or equivalent knowledge

  • Languages: English, French, Japanese, and Portuguese

  • Retirement of the previous exam: June 17, 2025

  • Retirement: Usually three years after launch (estimated 2027)

Pick the right learning and practice solutions for your skill-building and exam preparation needs

No matter where you are in your journey, CompTIA’s CertMaster products deliver flexible learning and practice experiences to help you build skills, boost confidence and achieve PenTest+ exam readiness.

Shop PenTest+ Learn and Practice products

 

  Perform Learn Practice Labs
Best for:

Best for those looking to build skills, learn concepts, and gain hands-on experience. No prior related job role experience needed.

Best for those building foundational knowledge and skills. No prior related job role experience needed.

Best for those having experience with the skills and concepts.

Best for those looking to gain hands-on experience applying skills.

Primary purpose:

Comprehensive learning with robust set of lab activities in real and simulated environments to practice skills and job readiness.

Comprehensive learning with lab activities to practice skills.

Confirm exam readiness and close gaps.

Apply skills in real-world scenarios.
Contains:

Instructional content, video, interactives, labs (simulated and live virtual machines), assessments, practice tests

Instructional content, video, interactives, labs (simulated), assessments, practice tests

Timed practice exams, objective quizzes, exam objective mastery scores

Live virtual lab environment with guided tasks and real world-scenarios
Estimated duration:

30–60 hours

25–40 hours

1020 hours

1525 hours
 

Learn more about CertMaster Perform

Learn more about CertMaster Learn

Learn more about CertMaster Practice

Learn more about CertMaster Labs


Save with popular PenTest+ product bundles

Bundle our popular CertMaster products with an Exam Voucher plus Retake Assurance and save!

Shop all PenTest+ product bundles

  • Validate your skills and reduce exam risk

    PenTest+ Practice and Exam Bundle with Retake

    Know you're ready before you test. Validate your skills and reduce exam-day risk with Practice, plus a built-in exam retake for peace of mind. Bundle includes: CertMaster Practice and a Voucher with Retake Assurance.

    Buy now
  • Everything you need from learning to certification

    PenTest+ Complete Bundle with Retake

    Everything you need to go from learning to exam-day confidence. Build skills, practice, and gain hands-on experience with an exam retake for peace of mind. Bundle includes: CertMaster Learn, Labs, Practice, and a Voucher with Retake Assurance.

    Buy now

PenTest+ (V3) exam objectives summary

Engagement management (13%) 

  • Planning and scoping: defining rules of engagement, testing windows, and target selection.
  • Legal and ethical compliance: ensuring authorization letters, mandatory reporting, and adherence to regulations.
  • Collaboration and communication: aligning with stakeholders through peer reviews, escalation paths, and risk articulation.
  • Penetration test reports: creating reports with executive summaries, findings, and remediation recommendations.

Advance your career—Buy PenTest+ certification exam or training today.

Reconnaissance and enumeration (21%) 

  • Active and passive reconnaissance: gathering information using open-source intelligence (OSINT), network sniffing, and protocol scanning.
  • Enumeration techniques: performing DNS enumeration, service discovery, and directory enumeration.
  • Reconnaissance tools: using tools like Nmap, Wireshark, and Shodan for information gathering.
  • Script modification: customizing Python, PowerShell, and Bash scripts for reconnaissance and enumeration.

Vulnerability discovery and analysis (17%) 

  • Vulnerability scans: conducting authenticated, unauthenticated, static application security testing (SAST) and dynamic application security testing (DAST).
  • Result analysis: validating findings, troubleshooting configurations, and identifying false positives.
  • Discovery tools: using tools like Nessus, Nikto, and OpenVAS for vulnerability discovery.

Attacks and exploits (35%) 

  • Network attacks: performing VLAN hopping, on-path attacks, and service exploitation.
  • Authentication attacks: executing brute-force attacks, pass-the-hash, and credential stuffing.
  • Host-based attacks: conducting privilege escalation, process injection, and credential dumping.
  • Web application attacks: performing SQL injection, cross-site scripting (XSS), and directory traversal.
  • Cloud-based attacks: exploiting container escapes, metadata service attacks, and identity and access management (IAM) misconfiguration.
  • AI attacks: explaining prompt injection and model manipulation against artificial intelligence systems.


Get exam-ready—Find your training and explore bundles.

Post-exploitation and lateral movement (14%) 

  • Post-exploitation activities: establishing persistence, performing lateral movement, and cleaning up artifacts.
  • Documentation: creating attack narratives and providing remediation recommendations.