In this article, we discuss the pros and cons of the CompTIA PenTest+. We also have a comparison of the PenTest+ and OSCP here, a comparison of the PenTest+ and CySA+ here, and a comparison of the PenTest+ and CEH here. You can also see our recommended resources to prepare for the PenTest+ here.
There has been a lot of interest surrounding the two new intermediate-level certifications from CompTIA, the CySA+ and the PenTest+. In this article, we’ll take a look at all of the details of the CompTIA PenTest+ and answer if it’s worth your investment of time, money and effort.
Ready to Start Your Cybersecurity Career?
Get my FREE 5-part series "Strategies for New Cyber Careers". These strategies can help you get your cyber career started. I'll also send you my weekly newsletter every Wednesday with resources that every cyber professional needs to know.
So, is the CompTIA PenTest+ worth it? The PenTest+ is a great certification for anyone that aspires to be a penetration tester, as it is a good entry-level penetration testing certification that is easier to obtain than other pen testing certifications, such as the OSCP.
Let’s now dive into the details of the PenTest+ so that you can make an informed decision about whether you should earn this CompTIA certification.
What is the CompTIA PenTest+?
The CompTIA PenTest+ is a relatively new certification from CompTIA that is specifically designed for the penetration testing discipline of cybersecurity. CompTIA states that the PenTest+ is designed to cover all aspects and steps of a professional penetration test, including planning and scoping and reporting.
The PenTest+ is considered to be a more difficult exam compared to the CompTIA Security+ and follows Security+ in the suggested track of certifications, along with the CySA+, which is similar but focuses on the defensive posture of a cybersecurity analyst instead of an offensive approach taken by a penetration tester. Both the PenTest+ and CySA+ are considered precursors to the even more advanced CompTIA CASP+.
CompTIA PenTest+ Exam Details
|Number of Questions||Up to 85|
|Question Type||Multiple Choice and PDQ|
|Test Length||165 Minutes|
|Scoring||Minimum 750 out of 900|
|Recommended Experience||Network+, Security+ or equivalent knowledge. Minimum 3 years of information security experience.|
|Suggested Prerequisite||CompTIA Security+ and 2 – 3 years of experience.|
Key skill areas of the CompTIA PenTest+
|Planning and Scoping|
|Information Gathering and Vulnerability Identification|
|Attacks and Exp[loits|
|Pen Testing Tools|
|Reporting and Communication|
Who Should Consider the CompTIA PenTest+?
The PenTest+ is intended by CompTIA for penetration testers as well as professionals that work in a defensive cybersecurity position, such as those in network security operations or vulnerability assessment. This can cover a wide range of positions but generally relates to positions dedicated to security at an intermediate or higher level.
Should You Consider The CompTIA PenTest+?
You should probably consider the PenTest+ if you are in one of the following situations:
- You are a junior-level or aspiring penetration tester and can use the CompTIA PenTest+ to open potential opportunities. Additionally, you currently lack the expertise to sit for more advanced pen testing certifications, such as the OSCP.
- You are an experienced penetration tester and can achieve the PenTest+ with minimal preparation.
- You have an interest in penetration testing and need a way to renew your existing Security+ and/or Network+.
- You have a defensive cybersecurity job and feel you need more knowledge of how the adversary approaches security.
What experience is required to sit for the CompTIA PenTest+?
There is no experience or certification requirement from CompTIA to sit for the PenTest+ exam, however, they do recommend that any test taker have Security+ or similar experience and three to four years of information security experience.
What is the cost of the CompTIA PenTest+?
The current cost of the CompTIA PenTest+ is $349, however, there are often other prices and discounts available from CompTIA or other training providers. There are also packages available in many cases, which may include an exam retake and training. Be sure to spend a little time shopping around.
What is the DoD compliance of the CompTIA PenTest+?
The PenTest+ is not an approved Department of Defense 8570 baseline certification, however, it does meet the ISO 17024 standard.
How long will it take to prepare for the CompTIA PenTest+?
If you are new to penetration testing, and especially if you are new to cybersecurity in general, you will probably need to devote at least several months of study to prepare for the PenTest+ certification. Even more-seasoned cybersecurity professionals may need a substantial amount of time to prepare if they do not work directly in penetration testing.
Is the CompTIA PenTest+ hard?
One of the most commonly asked questions about the PenTest+ relates to the difficulty of the exam.
So, is the CompTIA PenTest+ hard? Most entry to intermediate-level cybersecurity professionals will find the PenTest+ to be a challenging exam, however, it is achievable with proper preparation. Highly experienced penetration testers should be able to pass the CompTIA PenTest+ with a minimal amount of study.
What certifications are comparable to the CompTIA PenTest+?
One of the most comparable certifications to the CompTIA PenTest+ is the well established Certified Ethical Hacker, or CEH. The CEH is a longer exam than the PenTest+ at four hours, but it is straight multiple-choice, which some test takers may find easier. You can see our comparison of the PenTest+ and CEH here.
How well known is the CompTIA PenTest+?
Since the CompTIA PenTest+ is rather new, it is not as well known as other penetration testing certifications or other CompTIA certifications in general. This will change over time as more hiring managers see candidates for employment that have earned the PenTest+.
What should you expect on the CompTIA PenTest+ exam?
When sitting for the PenTest+, you should expect the exam to start with several PBQ, or performance-based questions that will provide a scenario and some tools to perform some portion of a penetration test. These questions are usually rather generalized as the PenTest+ is vendor-neutral.
The remainder of the exam will mostly include multiple-choice or multiple answer questions that will ask for your strategy or approach. CompTIA and other testing organizations use language such as “which answer is best” or “which should you do first” to assess your judgment in addition to assessing your rote knowledge. Test takers that have already attempted to Security+ should expect that the line of questioning on the PenTest+ to be much more difficult.
How long is the CompTIA PenTest+ good for?
Like most CompTIA certifications, the PenTest+ is good for three years from the date you earn it, however, it can be renewed by CEUs or by earning the more advanced CASP+.
Which positions would benefit from the CompTIA PenTest+?
According to CompTIA, the following positions would benefit from earning the PenTest+:
- Penetration Tester
- Vulnerability Tester
- Security Analyst (II)
- Vulnerability Assessment Analyst
- Network Security Operations
- Application Security VulnerabilityOur Recommendations
- Consider the PenTest+ as a way to renew your existing Security+ certification.
- The PenTest+ may be the best entry-level certification option for aspiring penetration testers, so consider it if you are moving in that career direction.
- Keep in mind that the PenTest+ is harder than the Security+, so prepare appropriately.
- Compare the PenTest+ to the similar CEH when deciding on your first, or next penetration testing certification.