Pentest+: Exam Review

-PenTest+-

05/08/2022

Background

The PenTest+ is CompTIA’s pentest certification. I want to get into penetration testing and I thought I would try getting this certification, mainly for its DOD clearance level and because it is a cheap pentest certification and maybe I could use it, along with my other certifications, to help me get a pentest position without having to get the OSCP.

Resources Used

For study material I used the video courses, Jason Dion’s CompTIA Pentest+ (Ethical Hacking) Course and Practice Exam, and Total Seminars Ethical Hacking and CompTIA PenTest+ Exam Prep (PT0-001). For books I used CompTIA PenTest+ Study Guide, by Mike Chapple and David Seidl, and CompTIA PenTest+ Practice Tests, by Crystal Panek and Robb Tracy.

The two video courses were good, they covered the exam material, Dion’s course didn’t go that depth into any particular subject, but the Total Seminars one did go more in depth. I watched Dion’s all the way through and watched the Total Seminars for exam objectives I wanted to get more in depth with.

Both of the books were good, but they tended to include extra non-exam material that the authors though you should know. There where questions on the practice exams that were not on the exam objectives list, which was annoying. Also, I did some of the rooms in TryHackMe that corresponded with the PenTest+ exam objectives, which really helped in showing how to use some of tools mentioned in the exam, what they look like and how to use them.

The Exam

I had 65 question and 2:30 to complete the exam and took about 1:30 to complete the exam. I took it remote and had internet issues right before my scheduled appointment, but thankfully after re-launching the exam software, everything connected.

The PenTest+ exam was hard. I would put it with the CCNA in terms of the knowledge required to know and understand in order to pass. Lots of question are along the lines of, what is the best action or tool in this situation. Most of the question where multiple choice and a few drag and drops.

Make sure you can read and understand all of the programming languages on the exam objectives. If I didn’t already have programming knowledge in Python, I am not sure I would have passed the exam. Also, find some labs or videos that show how the attacks mentioned on the exam are done and how to remediate those vulnerabilities. For example, what does a XSS attack look like and what does the remediation look like.

Conclusion

Unless you need the DoD clearance or need to renew some older CompTIA certifications or a job specifically wants it, the PenTest+ isn’t a pentest certification like the eJPT or OSCP. It’s a knowledge exam about many pentesting subjects and that’s it. No hands on hacking is done like in the eJPT.

My goal in getting this exam was to get it along with the eJPT, and PNPT and use all 3 to help get a penetration testers job without going for the OSCP, which just went up in price to $1500.

Written on May 8, 2022