Pass Any Exam Online Now & Pay After Passing Exam. Contact Now
Chat with us:
CompTIA PenTest+

CompTIA PenTest+ Certification Exam (PT0-002): Overview of Domains 

Jan 10, 20217 mins readAmit Masih
CompTIA PenTest+ Certification Exam (PT0-002): Overview of Domains 

CompTIA PenTest+ Certification Exam (PT0-002): Overview of Domains         When it comes to the CompTIA cybersecurity pathway, PenTest+ is one of the advanced penetration testing certifications.

The PenTest+ exam course is designed to test the candidate's knowledge of the process, tools, and techniques required for penetration testing.

CompTIA recommends candidates having 3-4 years of hands-on experience in penetrating, vulnerability assessments, and code analysis.     

What is the CompTIA PenTest+ exam (PT0-002)?  

CompTIA PenTest+ is an entry-level penetration testing certification designed for cybersecurity professionals responsible for penetration testing and vulnerability assessment and management.  

CompTIA PenTest+ is one of the excellent cybersecurity penetration testing certifications, focusing on offensive skills through pen testing and vulnerability assessment.  

A successful certified CompTIA PenTest+ cybersecurity professional will have the following knowledge and skills:   

  • Plan and scope a penetration testing engagement 
  • Understand legal and compliance requirements 
  • Perform vulnerability scanning and penetration testing using appropriate tools and techniques, and then analyze the results 
  • Produce a written report containing proposed remediation techniques, effectively communicate results to the management team, and provide practical recommendations     

CompTIA PenTest+ exam (PT0-002) details 

  Number of Questions - Maximum of 85   Types of questions - Multiple-choice and performance-based   Length of test - 165 minutes   Recommended experience - 3–4 years of hands-on experience performing penetration tests, vulnerability assessments, and code analysis   Passing score - 750 (on a scale of 100-900) 


PenTest+ (PT0-002) domain overview  

   PenTest+ exam is 165 minutes long. In the fixed time, you will have to answer a maximum of 85 multiple-choice and performance-based questions.

The passing score is 750 (on a scale of 100-900).   

CompTIA PenTest+ cybersecurity certification course is divided into the following five domains or topics.   

1.0 Planning and Scoping - 14% 2.0 Information Gathering and Vulnerability Scanning - 22% 3.0 Attacks and Exploits 30% 4.0 Reporting and Communication - 18% 5.0 Tools and Code Analysis - 16%

Domain 1 — Planning and scoping  

   PenTest+ exam's first domain covers planning and scoping a penetration testing engagement. If we talk about the overall score on the exam, the planning and scoping domain itself makes up 14% of the candidate's score.       Further, domain one is broken up into three following sections:    1.1 Compare and contrast governance, risk, and compliance concepts.

• Regulatory compliance considerations • Location restrictions • Legal concepts • Permission to attack

1.2 Explain the importance of scoping and organizational/customer requirements.

• Standards and methodologies • Rules of engagement • Environmental considerations • Target list/in-scope assets • Validate scope of engagement

1.3 Given a scenario, demonstrate an ethical hacking mindset by maintaining professionalism and integrity.

• Background checks of penetration testing team • Adhere to specific scope of engagement • Identify criminal activity • Immediately report breaches/ criminal activity • Limit the use of tools to a particular engagement • Limit invasiveness based on scope • Maintain confidentiality of data/information • Risks to the professional

Domain 2 — Information gathering and vulnerability scanning 

Reconnaissance adds significant value to the penetration testing process, providing valuable intelligence for evaluating security weaknesses and designing a plan of attack. Information gathering and vulnerability scanning account for 22% of the questions in the PenTest+ certification exam, which is divided into three major parts: 

2.1 Given a scenario, perform passive reconnaissance.

• DNS lookups • Identify technical contacts • Administrator contacts • Cloud vs. self-hosted • Social media scraping • Cryptographic flaws • Company reputation/security posture • Data • Open-source intelligence (OSINT)

2.2 Given a scenario, perform active reconnaissance.

• Enumeration • Website reconnaissance • Packet crafting • Defense detection • Wardriving • Network traffic • Tokens • Cloud asset discovery • Third-party hosted services • Detection avoidance

2.3 Given a scenario, analyze the results of a reconnaissance exercise.

• Fingerprinting • Analyze output from

2.4 Given a scenario, perform vulnerability scanning.

• Considerations of vulnerability scanning • Nmap • Scan identified targets for vulnerabilities • Set scan settings to avoid detection • Scanning methods • Vulnerability testing tools that facilitate automation


Domain 3 — Attacks and exploits 

  Attacks and exploits, which is domain number three, add the most considerable value in the PenTest+ certification exam, accounting for 30% of questions in the exam. The topics included in this domain are far-ranging that covers potential attacks against any system that penetration professionals might encounter in their penetrating journey. The attacks and exploits domain is divided into seven sections:    3.1 Given a scenario, research attack vectors and perform network attacks.

• Stress testing for availability • Exploit resources • Attacks • Tools

3.2 Given a scenario, research attack vectors and perform wireless attacks.

• Attack methods • Tools • Attacks

3.3 Given a scenario, research attack vectors and perform application-based attacks.

• OWASP Top 10 • Server-side request forgery • Business logic flaws • Injection attacks • Application vulnerabilities • Application vulnerabilities • Directory traversal • Tools • Resources

  3.4 Given a scenario, research attack vectors and perform attacks on cloud technologies.

• Attacks • Tools

3.5 Explain common attacks and vulnerabilities against specialized systems.

• Mobile • Internet of Things (IoT) devices • Data storage system vulnerabilities • Management interface vulnerabilities • Vulnerabilities related to supervisory control and data acquisition (SCADA)/ Industrial Internet of Things (IIoT)/ industrial control system (ICS) • Vulnerabilities related to virtual environments • Vulnerabilities related to containerized workloads

3.6 Given a scenario, perform a social engineering or physical attack. 

• Pretext for an approach • Social engineering attacks • Physical attacks • Impersonation • Tools • Methods of influence

3.7 Given a scenario, perform post-exploitation techniques.

• Post-exploitation tools • Lateral movement • Network segmentation testing • Privilege escalation • Creating a foothold/persistence • Upgrading a restrictive shell • Detection avoidance • Enumeration


Domain 4 — Reporting and communication 

  Reporting and communicating is one of the essential parts of the penetration testing process. The reporting and communication, domain 4 of the PenTest+ certification exam, is accountable for 18% of the PenTest+ score. The section is divided into four sections:      4.1 Compare and contrast important components of written reports.

• Report audience • Report contents (** not in a particular order) • Storage time for report • Secure distribution • Note taking • Common themes/root causes

4.2 Given a scenario, analyze the findings and recommend the appropriate remediation within a report.

• Technical controls • Administrative controls • Operational controls • Physical controls

4.3 Explain the importance of communication during the penetration testing process.

• Communication path • Communication triggers • Reasons for communication • Goal reprioritization • Presentation of findings

4.4 Explain post-report delivery activities.

• Post-engagement cleanup • Client acceptance • Lessons learned • Follow-up actions/retest • Attestation of findings • Data destruction process  

Domain 5 — Tools and code analysis 

For executing the penetration testing process, mastery of writing and reading the code is necessary in order to identify vulnerabilities and develop tools. Tools and code analysis, domain 5 of the PenTest+ certification exam, is responsible for 16% of the examination's questions. The domain has got three sections which are mentioned below:      5.1 Explain the basic concepts of scripting and software development.

• Logic constructs • Data structures • Libraries • Classes • Procedures • Functions

5.2 Given a scenario, analyze a script or code sample for use in a penetration test.

• Shells • Programming languages • Analyze exploit code to • Opportunities for automation

5.3 Explain the use cases of the following tools during the phases of a penetration test.

• Scanners • Credential testing tools • OSINT • Debuggers • Wireless • Web application tools • Social engineering tools • Remote access tools • Networking tools • Misc. • Steganography tools • Cloud tools     

Ready to take the CompTIA PenTest+ certification? 

We are a well-known proxy examination center, offering a large number of IT certifications to information technology professionals around the globe.

If you want to take the CompTIA PenTest+ certification exam, we can help you with the same.  

Contact us to know more about us and our proxy exam pattern, and one of our consultants will be assigned to assist you accordingly.  

Keep Reading
CompTIA Network+ Certification Exam Objectives (N10-007) 
CompTIA Network+ Certification Exam Objectives (N10-007) 
The CompTIA (The Computing Technology Industry Association) is one of the well-known and well-established certification providers under the sun.
CompTIA IT Fundamentals (ITF+) Certification Exam Objectives (FC0-U61) 
CompTIA IT Fundamentals (ITF+) Certification Exam Objectives (FC0-U61) 
CompTIA is one of the leading vendor-neutral IT certification providers around the globe. IT Fundamentals (ITF+) certification is the most popular credential among IT professionals who want to explore the basics of the IT field.