The benefit of the CompTIA PenTest+ certification is that it is proof that you know and have validated your understanding of the penetration testing process and tools. The CompTIA PenTest+ certification can be presented to employers and clients alike as proof of your competency and skill in this area. This certification is valid for three years from the day you attain the certification, after which time you must renew your certification by taking the newest version of the exam, or by taking a higher-level certification exam.
© ra2 studio / Shutterstock.comFormed in 1982, CompTIA originally was named the Association of Better Computer Dealers. It is a company focused on providing research, networking, and partnering opportunities to its 19,000 members in 100 countries. In 2018, CompTIA created the CompTIA PenTest+ certification as a way for candidates to learn the penetration testing process and tools, and to help candidates learn the job skills needed in IT security.
The PenTest+ certification gives employers confidence that existing employees or new recruits have a level of knowledge with which they can do their jobs efficiently. It also gives employers a yardstick against which recruits and employees can be measured.
A PenTest+ certification also allows clients to rest assured knowing that the person they hire to assess the security of their networks has the knowledge to do so in a sound professional manner. This provides clients with peace of mind and increases repeat business. In the end, with the CompTIA PenTest+ certification on your side, you have more opportunities open to you in your career path.
The exam and its objectives
To earn the PenTest+ certification, you must pass exam PT0-001, which is the 2018 version of the PenTest+ certification exam. The PenTest+ certification verifies that candidates have the knowledge and skills required to plan and scope an assessment, understand legal and compliance requirements, perform vulnerability scanning and penetration testing, and create a penetration testing report and communicate the results to the customer.In addition to traditional multiple-choice questions, the CompTIA PenTest+ exam includes an unspecified number of performance-based questions (PBQs). PBQs are short exercise-styled questions that test your ability to solve problems in a simulated environment. The CompTIA website has a sample performance-based question.
The CompTIA PenTest+ Exam PT0-001 is a linear format exam — a standard timed exam — taken on a computer. It covers topics on how to perform a penetration test from planning and scoping the test up to reporting on the findings. You have 165 minutes to complete the exam. The following table lists the number of questions and passing score for the exam.
| Details | |
| Exam number | PT0-001 |
| Number of questions | 85 questions |
| Type of questions | Multiple choice and performance-based |
| Time permitted | 165 minutes |
| Passing score | 750 (on a scale of 100–900) |
| Retirement | Three years from release date |
| Domain | Percentage of Examination |
| 1.0 Planning and scoping | 15% |
| 2.0 Information gathering and vulnerability identification | 22% |
| 3.0 Attacks and exploits | 30% |
| 4.0 Penetration testing tools | 17% |
| 5.0 Reporting and communication | 16% |
| Total | 100% |
How to prepare for the exam
Exams are stressful events for most people, but if you are well prepared, your stress level should be much lower. If you read and understand the material in CompTIA PenTest+ Certification For Dummies, you should have no problem with the PenTest+ exam. The review question, and the sample exam are designed to prepare you for what lies ahead. Review all the material, and then you will be prepared to go and take the exam.Make arrangements to take the exam
The CompTIA PenTest+ certification exam can be scheduled at Pearson VUE testing centers. For more information about scheduling your exam, check the CompTIA PenTest+ Certification page on CompTIA’s website.The cost to take the PenTest+ certification exam is $349 (US). CompTIA Premier members receive a discount.
The day the Earth stood still: exam day
Knowing what to expect on the day of the exam can take some of the pressure off of you. The following sections look at the testing process.Arriving at the exam location
Get to the exam location early on the day of the exam. You should arrive at the testing center 15 to 30 minutes before the exam starts. This keeps you from being rushed and gives you some temporal elbow room in case there are any delays. It is also not so long that you will have time to sit and stew about the exam. Get there, get into a relaxed frame of mind, and get into the exam.To check in for your exam, you will need two pieces of identification: One must be a government-issued photo ID, while the other must have your name and signature. This may vary in some regions of the world.
When you get to the test site, before you sign in, take a few minutes to get accustomed to the testing center. Get a drink of water. Use the restroom if you need to. The test will be 165 minutes, so you should be able to last that long before another break.
Now relax. Getting to the exam site early gives you this privilege. You didn’t show up early just to stew and make yourself more nervous.
If you feel prepared and are ready to go, you might want to see whether you can start the test early. As long as a testing seat is available, this is usually not a problem.
You will not be able to take anything into the testing room. You will not be allowed electronics, paper, and so on. The testing center will provide you with something to write with and to write on, which they will take back at the end of test.Taking the exam
In the testing room, and depending on the size of the testing center, there may be as many as eight computers set up. Each computer represents a testing seat.Because the exam consists of multiple-choice questions and an unspecified number of performance-based questions, take it slow — or at least pace yourself. Trying to complete the questions too quickly will no doubt lead you to errors. When you are about to start the exam, you will see onscreen how many questions there will be, and how long you have to complete the exam. Be sure to read the onscreen exam instructions at the start of the exam; they do change from time to time.
Based on the number of questions and your exam time, figure out how long you can spend on each question. On average, you have about a minute and a half per question, but keep in mind, the performance-based questions take longer. Take your time, but be aware of your time for the exam overall. Think of it this way: When you have completed 25 percent of the exam, you should have used only 25 percent of your allotted time.Read the entire question and try to decide what the answer should be before looking at the answer choices. In most cases, you will find a few key words that are designed to remove any ambiguity in the question, as well as a few distracters and useless information designed to throw you off. If you do not notice these key words, the question will seem vague. If this is the case, re-read the question and look for the key words. Exam questions are written by many authors, so the style of writing for each question could differ.
Don’t overcomplicate the questions by reading too much into them. Besides the key words and the distracters, the question should be straightforward. In some cases, the question might ask for the best choice, and more than one answer might seem correct. Choose the one that is best — the quickest, most likely to succeed, least likely to cause other problems — whatever the question calls for. The best choice is always the right choice.
After identifying the key words and distracters, follow these additional steps:- Eliminate choices that are obviously wrong. Most questions will ask you to choose one of four answers. Some questions will ask you to choose all that apply and have as many as eight choices. You should be able to immediately eliminate at least one choice — perhaps two. Now the odds of choosing the right answer have gotten substantially better. Re-read the question and the remaining choices carefully, and you should be able to locate the correct answer.
- If you don’t have a clue which of the remaining choices is correct, mark an answer. On a standard timed exam, you can review your answers. Not answering a question is automatically wrong, so if you at least have an answer, it might be right. You might also find information on other questions in the exam that triggers the correct answers for questions you were not sure of.
- Make your choice and leave it. Unless you have information that proves your choice is wrong, your first instinct is usually correct.
Your first choice is usually correct — don’t second-guess your first choice! Change your answer only if you’re absolutely positive it should be changed.
Regardless of which type of exam CompTIA has available for you when you take your exam (adaptive or standard timed), you are given a Pass/Fail mark right on the spot after completing the exam. In addition, you get a report listing how well you did in each domain. If you don’t pass (or even if you do), you can use this report to review the material on which you are still weak.How does CompTIA set the pass level?
CompTIA uses a scale score to determine the total number of points that each question on the exam will be calculated from. Your final score will be between 100 and 900. In any case, the passing score for PenTest+ is 750. The scale score system allows the number of points assigned to questions to vary between each copy of the exam, which makes it harder for test candidates to compare scores across exams.CompTIA has a retake policy. If you do not pass on the first attempt, you can take the exam again. There is no waiting period to make your second attempt at the exam, but you have to wait at least 14 days before your third or subsequent attempts.
