Overview
Overview
CompTIA PenTest+ is for cybersecurity professionals tasked with penetration testing and vulnerability management.
CompTIA PenTest+ is the most comprehensive exam covering all penetration testing stages. Unlike other penetration testing exams that only cover a portion of stages with essay questions and hands-on, PenTest+ uses both performance-based and knowledge-based questions to ensure all stages are addressed.
PenTest+ is the only exam on the market to include all aspects of vulnerability management. It not only covers hands-on vulnerability assessment, scanning, and analysis, but also includes planning, scoping, and managing weaknesses, not just exploiting them.
PenTest+ is the most current penetration testing exam covering the latest techniques against expanded attack surfaces. It is a unique exam that requires a candidate to demonstrate the most relevant pen testing skills for the cloud, hybrid environments, web applications, Internet of Things (IoT), and traditional on-premises
About the exam
PenTest+ assesses the most up-to-date penetration testing, and vulnerability assessment and management skills necessary to determine the resiliency of the network against attacks. The CompTIA PenTest+ certification exam will verify successful candidates have the knowledge and skills required to:
• Plan and scope a penetration testing engagement
• Understand legal and compliance requirements
• Perform vulnerability scanning and penetration testing using appropriate tools and
• techniques, and then analyze the results
• Produce a written report containing proposed remediation techniques, effectively
• communicate results to the management team, and provide practical recommendations
PenTest+ is compliant with ISO 17024 standards and approved by the US DoD to meet directive 8140/8570.01-M requirements. Regulators and government rely on ANSI accreditation, because it provides confidence and trust in the outputs of an accredited program. Over 2.3 million CompTIA ISO/ANSI-accredited exams have been delivered since January 1, 2011.
Global cybercrime costs are expected to grow 15% over the next five years. Now more than ever, it is imperative that organizations prevent sensitive data from falling into the wrong hands. Updates to PenTest+ reflect newer pen testing techniques for the latest attack surfaces, including the cloud, hybrid environments, and web applications, as well as more ethical hacking concepts, vulnerability scanning and code analysis.
Learning Outcomes
Planning and Scoping
Includes updated techniques emphasizing governance, risk, and compliance concepts, scoping and organizational/customer requirements, and demonstrating an ethical hacking mindset.
Reporting and Communication
Expanded to focus on the importance of reporting and communication in an increased regulatory environment during the pen testing process through analyzing findings and recommending appropriate remediation within a report.
Information Gathering and Vulnerability Scanning
Includes updated skills on performing vulnerability scanning and passive/active reconnaissance, vulnerability management, as well as analyzing the results of the reconnaissance exercise.
Tools and Code Analysis
Includes updated concepts of identifying scripts in various software deployments, analyzing a script or code sample, and explaining use cases of various tools used during the phases of a penetration test. It is important to note that no scripting and coding is required.
Attacks and Exploits
Includes updated approaches to expanded attack surfaces, researching social engineering techniques, performing network attacks, wireless attacks, application-based attacks and attacks on cloud technologies, and performing post-exploitation techniques.