Pentest +(v3)

Pentest +

Duration: On Demand

Language: English

CompTIA PenTest+ validates your ability to identify, mitigate, and report system vulnerabilities. Covering all stages of penetration testing across attack surfaces like cloud, web apps, APIs, and IoT, it emphasizes hands-on skills such as vulnerability management and lateral movement. This certification equips you with the expertise to advance your career as a penetration tester or security consultant. Prepare for your PenTest+ (V3) certification with access to the PenTest+ Complete Bundle with Voucher Plus Retake Assurance. This guided, customizable learning experience combines CompTIA learning products with engaging instructional videos and live instructional support for an all-in-one solution and provides you with the knowledge, exam prep tools, and peace of mind you need to succeed.

What’s included: Exam voucher, Certmaster Learn+Labs and Practice Exams.

Engagement management (13%)

• Planning and scoping: defining rules of engagement, testing windows, and target selection.
• Legal and ethical compliance: ensuring authorization letters, mandatory reporting, and adherence to regulations.
• Collaboration and communication: aligning with stakeholders through peer reviews, escalation paths, and risk articulation.
• Penetration test reports: creating reports with executive summaries, findings, and remediation recommendations.

Reconnaissance and enumeration (21%)

• Active and passive reconnaissance: gathering information using open-source intelligence (OSINT), network sniffing, and protocol scanning.
• Enumeration techniques: performing DNS enumeration, service discovery, and directory enumeration.
• Reconnaissance tools: using tools like Nmap, Wireshark, and Shodan for information gathering.
• Script modification: customizing Python, PowerShell, and Bash scripts for reconnaissance and enumeration.

Vulnerability discovery and analysis (17%)

• Vulnerability scans: conducting authenticated, unauthenticated, static application security testing (SAST) and dynamic application security testing (DAST).
• Result analysis: validating findings, troubleshooting configurations, and identifying false positives.
• Discovery tools: using tools like Nessus, Nikto, and OpenVAS for vulnerability  discovery.

Attacks and exploits (35%)

• Network attacks: performing VLAN hopping, on-path attacks, and service exploitation.
• Authentication attacks: executing brute-force attacks, pass-the-hash, and credential stuffing.
• Host-based attacks: conducting privilege escalation, process injection, and credential dumping.
• Web application attacks: performing SQL injection, cross-site scripting (XSS), and directory traversal.
• Cloud-based attacks: exploiting container escapes, metadata service attacks, and identity and access management (IAM) misconfiguration.
• AI attacks: explaining prompt injection and model manipulation against artificial intelligence systems.

Post-exploitation and lateral movement (14%)

• Post-exploitation activities: establishing persistence, performing lateral movement, and cleaning up artifacts.
• Documentation: creating attack narratives and providing remediation recommendations.

Exam details

• Exam version: V3
• Exam series code: PT0-003 Launch date: December 17, 2024
• Number of questions: maximum of 90, including multiple-choice and performance- based questions
• Length of test: 165 minutes
• Passing score: 750 (on a scale of 100–900)
• Recommended experience: 3–4 years in a penetration tester job role, with Network+ and Security+ or equivalent knowledge
• Languages: English on release; other languages TBD Retirement of the previous exam: June 17, 2025
• Retirement: Usually three years after launch (estimated 2027)

Skills learned

• Plan and scope penetration tests while ensuring compliance with legal and ethical requirements, and develop detailed reports with remediation recommendations to support engagement management.
• Perform active and passive reconnaissance, gather information, and enumerate systems to uncover vulnerabilities effectively.
• Conduct vulnerability scans, analyze results, and validate findings to identify and address security weaknesses.
• Execute network, host-based, web application, and cloud-based attacks using appropriate tools and techniques to test system defenses.
• Maintain persistence, perform lateral movement, and document findings to support remediation efforts during post-exploitation activities.

Prepare for your PenTest+ (V3) certification with access to the PenTest+ Complete Bundle with Voucher Plus Retake Assurance. This guided, customizable learning experience combines CompTIA learning products with engaging instructional videos and live instructional support for an all-in-one solution and provides you with the knowledge, exam prep tools, and peace of mind you need to succeed.

What’s included:

• Voucher Plus Retake Assurance  CertMaster Perform
• CertMaster Practice  OnDemand Services

*All included products must be redeemed within 12 months of purchase.

Key benefits:

• Comprehensive preparation: Master PenTest+ objectives with learning materials and skills-focused practice tools.
• OnDemand: Unlock a personalized, guided learning experience to prepare for certification with CompTIA resources, expert help, and extensive exam-prep materials.
• Rewards-based design: Experience an engaging, interactive, and positive learning environment with skills rewards and leaderboard points.
• Interactive learning: Engage with videos, job-based interactive scenarios, and performance-based questions.
• Extensive practice: Access hundreds of questions, assessments, and timed practice tests to reinforce your knowledge.
• Structured pacing guides: Manage your study time and stay on schedule.
• Exam attempt with retake assurance: Take your exam confidently, knowing you’re covered to retake it if needed.
• Year-long access: Study anytime with 12 months of training