In this article, I’m going to review the study method I used to prepare for, and pass, the CompTIA PenTest+ foundational penetration testing and ethical hacking certification in March 2021. I will start by giving some background to the PenTest+ course content, the preparation I did before beginning my studies, the materials used and finally, I’ll go through the day of the exam itself. I will mainly focus on my exam study style, which can be easily transferred to almost any other tech certification or exam process.
Saying that, as with any CompTIA exam I’ve sat, this is a closed-book exam. If you’re looking for an open-book exam type guide, for example for a SANS course you’ve recently taken, I must recommend the wonderful guide written by the brilliant Lesley Carhart aka @HacksForPancakes located here.
The PenTest+ itself is meant to be a logical next step after attaining the Security+ and is aimed at people who have some experience (1–3 years) in an ethical hacking role, be it web application or network pentesting. It covers some slightly more advanced infosec concepts than the Security+, but as with most CompTIA exams, it’s much more focused on the application of these concepts in a real-world scenario. As a result, you’re going to have to get very familiar with a wide set of tools, their uses, nuances and particular “switches”, i.e. commands.
You must demonstrate that you have sound knowledge of the standard vulnerability assessment and penetration testing engagement steps, starting with firmly outlaying the scope of your engagement and ending with writing an actionable report at the end of your engagement. You need to have built up experience in reading vulnerability report output, and log files, and a knowledge of various operating systems and the services that run on them. You also need an understanding of networks a solid knowledge of common ports and their uses, and general information security best practices. Unlike previous CompTIA exams, you’ll also need a smattering of scripting languages, and be able to identify between Python, Ruby, Bash and PowerShell. I don’t want to go into too much detail about the PenTest+ course objectives and content, that’s all fully available here.
To keep it simple, The CompTIA Pentest+ (PT0–001) exam covers FIVE domains: