CompTIA Pentest+ Beta Review

https://certification.comptia.org/

This is a quick review of CompTIA’s new Pentest+ exam PT0-002 which is the latest offering on their Pentest+ series. Well version 2 is not officially launched yet and I took the Beta exam which is code named PT1-002.

Here are the main differences between the two versions of the exam, which are not that much:

Read here and here for more details.

The Beta Exam is only $50. So if you are ready to explore a bit of unknown, want to save a lot money and have good preparation than go for this Beta exam. Clearing the Beta exam gives you a full certification status. The official launch date of Pentest+ v002 is October 2021.

Find the full objectives of the exam here:

https://partners.comptia.org/docs/default-source/resources/comptia-pentest-pt0-002-exam-objectives-(4-0)

There is no experience required to give this certification but CompTIA recommends to have minimum of 3-4 years of hands-on information security or related experience.

For the BETA exam the number of questions will be more that 85 or at least that was the case with me. Time of 165 minutes is still sufficient to answer these questions.

Performance Based Questions

I really like the performance based questions as they were very practical and requires the candidate to have practical knowledge and gives more weight to this certification. Here are few pointers to prepare for these types of questions:

  • Do hands on with your tools, specially NMAP and understand the output.
  • Understand 3-way TCP/IP handshake in details. Capture a handshake using Wireshark and understand it thoroughly.
  • Understand OWASP Top 10 vulnerabilities thoroughly and their remediation.
  • Understand HTTP request and reply. Capture them using any Web Proxy like Burp and understand and analyse all the fields.

Multiple Choice Questions

  • MCQ were also of good quality.
  • Understand NMAP. Did I said that already :) . NMAP is still the king and expect lots of questions on it.
  • Most of them are given a scenario and are practical in nature.
  • There were few easy and straight forward questions.
  • There were definitely few good questions from the newly added/renamed section 5-Tools and Code Analysis. So reading and understanding scripts is really important and make sure you understand the basics of shell scripts, python scripts , PowerShell scripts and ruby scripts.

Resources I used

As PT00-002 is new and not officially launched there is no material on that and only source is the objectives. But the resources for PT00-001 are still valid as the objectives and very similar. I used the following sources:

From Udemy:

  • Jason Dion’s CompTIA Pentest+ (PT0–001): Complete Course & Practice Exam
  • Jason Dion’s CompTIA PenTest+ (PT0–001) Practice Certification Exams
  • Michael Solomon’s CompTIA PenTest+ (Ethical Hacking) + 2 FREE Tests.
  • Search interwebs for a particular objective which I wanted to explore.

As you can see I did not refer any book, but a good book is always recommended.

Result will also be given only in October, so I don’t know my result as of now, but I think I did pretty well. If you want to know more about the exam hit me up on twitter at 0xsanz . Note these are my personal opinion and I have no affiliations with CompTIA.

Thanks for reading and have a nice day!

Update 27-Oct-2021: Yesterday I got the results of the CompTIA PenTest+ (PT0–002) Beta given back in May 2021. I passed :)

My Security+ was also renewed because of passing PenTest+ and I got a new badge for CompTIA Network Vulnerability Assessment Professional — CNVP Stackable Certification. Awesome!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
0xsanz

0xsanz

Software Developer having keen interest in Security, Privacy and Pen-testing. Certs:- Security+,PenTest+,AZ900,AZ204