The CompTIA PenTest+ certification guide (2023)

The CompTIA  PenTest+ certification validates the skills of ethical hackers and penetration testers. Getting certified:

  • Validates ethical hacking skills
  • Provides recognition globally across industries
  • Enhances career prospects in cybersecurity

Key facts

  • The PenTest+ certification exam (PT0-002) was last updated in October 2021 
  • Average U.S. PenTest+ salary as of 2022: $113,535
  • Recommended experience: 3-4 years of hands-on information security or related experience

Start your journey to becoming a certified PenTest+ professional with Infosec.

PentTest+ exam overview

CompTIA PenTest+ (PT0-002) uses a mixture of performance-based and knowledge-based questions to address all stages of pentesting and ensure certified professionals have the technical knowledge and know-how to identify vulnerabilities and act on them quickly to minimize damage.
 
The certification exam objectives lists the specific topics across five domains on which professionals will be tested:

Domain 1: Planning and scoping (14%)

This domain involves understanding the concepts of governance, risk and compliance. Topics include regulatory considerations like PCI DSS and GDPR, understanding various security standards and methodologies, defining engagement scope and emphasizing professional ethics and integrity in penetration testing.

Domain 2: Information gathering and vulnerability scanning (22%)

Covers the latest techniques for performing vulnerability scanning, passive and active reconnaissance exercises and vulnerability management strategies, as well as analyzing reconnaissance results. 

Domain 3: Attacks and exploits (30%)

Covers techniques for testing across an expanding threat landscape, including researching social engineering tactics and common attacks that target the network, cloud, wireless technologies and applications.  

Domain 4: Reporting and communication (18%)

Covers critical reporting and communication needs prevalent in today’s increasingly complicated regulatory environment through analysis of findings and recommendation of appropriate remediation strategies.

Domain 5: Tools and code analysis (16%)

Learn more about the PenTest+ domains.

CompTIA PenTest+ (PT0-002) exam details

The CompTIA PenTest+ certification tests your proficiency in planning and executing penetration tests, including vulnerability scanning. It also demonstrates that you have a deep understanding of legal and compliance requirements in cybersecurity.

Launch date: 2018 Last update: October 28, 2021
Number of questions: Up to 85 questions Type of questions: Performance-based and multiple choice
Length of test: 165 minutes Passing score: 750 (on a scale of 100-900)
Recommended experience: 3-4 years of hands-on information security or related experience Languages:

English, Japanese, Portuguese and Thai

Validity duration:  Three years CEUs needed for renewal: 60 CEUs
Exam cost:  $392    

PenTest+ additional resources

Studying for the PenTest+ exam is the best way to prepare yourself to earn a passing grade. Luckily, there are tons of helpful PenTest+ resources. Before you scout out the best training resources, we recommend looking at the official PenTest+ exam outline since it will shed light on what topics you’ll need to study.

 

PenTest+ study guides and books

Several study guides and books are available to help you prepare for the PenTest+ exam. You can find them at your local library, bookstore or online stores like Amazon. A few of the most popular are:

Practice exams and simulations

Practice exams are a great way to gauge your exam readiness, although it’s against CompTIA policy to disclose the actual exam questions being used. A few of the most popular PenTest+ practice question options are listed below:

  • CompTIA CertMaster Practice for PenTest+ (PT0-002)
  • CompTIA CertMaster Labs for PenTest+ (PT0-002)
  • CompTIA PenTest+ Practice Tests & PBQs: Exam PT0-002 Kindle Edition by Nikolaos Gorgotsias

In addition to these options, Infosec Skills PenTest+ training includes a customizable practice exam with more than 70 questions.

 

Other free PenTest+ training resources

There are a number of other free PenTest+ training materials being produced and shared by the community:

  • Forums: TechExamsReddit and similar forums commonly include posts by people preparing for the PenTest+ certification exam or who have already taken it. 
  • Podcasts: These may not help you directly study for your PenTest+ exam, but those like the Cyber Work Podcast are a great way to learn about cybersecurity career options and your peers' career journeys.
  • Other social media: The CompTIA PenTest+ is a popular exam, and many people offer free training videos on YouTube, TikTok, Twitch and other platforms.

PenTest+ jobs and careers

Certified penetration testers look for weaknesses in various environments, such as mobile, cloud, IoT and on-site networks. Below are some positions where having a PenTest+ credential may be necessary.

 

Common PenTest+-related job titles

Learn more about the job outlook for PenTest+ professionals.

PenTest+ live boot camps and self-paced training

Infosec offers two ways to help you prepare for the PenTest+ certification exam — a live boot camp and a self-paced course. Below is a breakdown of the benefits for each.

PenTest+ certification comparisons and alternatives

While pentesters are in high demand, it is just one of the many specializations in cybersecurity. The best certification for you will largely depend on your career trajectory, current role and the skills or knowledge you aim to acquire. Below are some alternative career paths you can take.

PenTest+ vs. CISSP

While PenTest+ is squarely focused on penetration testing, the (ISC)² CISSP certification is broader, covering eight domains of information security. CISSP is often described as the gold standard for information security professionals and tends to be pursued by those looking for leadership or managerial roles in cybersecurity. It's ideal for those who want a comprehensive understanding of the information security field. In contrast, PenTest+ is more specialized, catering to those who wish to delve into the practical aspects of ethical hacking and penetration testing. CISSP requires five years of cumulative, paid work experience in two or more domains, positioning it for more seasoned professionals.

PenTest+ vs. OSCP

The PenTest+ and OSCP (by Offensive Security) are both centered around penetration testing. They differ in depth and approach: OSCP is renowned for its hands-on exam, which involves compromising multiple machines in a controlled environment. It's considered by many to be one of the most challenging certifications in cybersecurity. PenTest+, while also having a practical component, is less intense than the OSCP and serves as a stepping stone for many before attempting the OSCP. If PenTest+ introduces the concepts, OSCP dives deep, emphasizing a "try harder" mindset.

PenTest+ vs. CISSP

While PenTest+ is squarely focused on penetration testing, the (ISC)² CISSP certification is broader, covering eight domains of information security. CISSP is often described as the gold standard for information security professionals and tends to be pursued by those looking for leadership or managerial roles in cybersecurity. It's ideal for those who want a comprehensive understanding of the information security field. In contrast, PenTest+ is more specialized, catering to those who wish to delve into the practical aspects of ethical hacking and penetration testing. CISSP requires five years of cumulative, paid work experience in two or more domains, positioning it for more seasoned professionals.

Other PenTest+ certification options

Numerous other options are related to ethical hacking, penetration testing, red teaming and offensive security. You can learn more about the various roles you may qualify for in our Top 10 penetration testing certifications for security professionals (2023).

Explore Infosec certifications to find the best fit for your career goals.