CompTIA PenTest+ is a vendor-neutral cybersecurity certification that verifies competency in the knowledge and skills required to plan and scope an assessment, understand legal and compliance requirements, perform vulnerability scanning and penetration testing, analyze data, and effectively report and communicate results. Key job roles include Penetration and/or Vulnerability Tester, Security Analyst (II), Vulnerability Assessment Analyst, Network Security Operations and Application Security Vulnerability.

About the exam

This exam is designed for IT professionals who want to develop penetration testing skills to enable them to identify information-system vulnerabilities and effective remediation techniques for those vulnerabilities. Target students who also need to offer practical recommendations for action to properly protect information systems and their contents will derive those skills from this course.


Lesson 1: Planning and Scoping Penetration Tests
Topic A: Introduction to Penetration Testing Concepts
Topic B: Plan a Pen Test Engagement
Topic C: Scope and Negotiate a Pen Test Engagement
Topic D: Prepare for a Pen Test Engagement

Lesson 2: Conducting Passive Reconnaissance
Topic A: Gather Background Information
Topic B: Prepare Background Findings for Next Steps

Lesson 3: Performing Non-Technical Tests
Topic A: Perform Social Engineering Tests
Topic B: Perform Physical Security Tests on Facilities

Lesson 4: Conducting Active Reconnaissance
Topic A: Scan Networks
Topic B: Enumerate Targets
Topic C: Scan for Vulnerabilities
Topic D: Analyze Basic Scripts

Lesson 5: Analyzing Vulnerabilities
Topic A: Analyze Vulnerability Scan Results
Topic B: Leverage Information to Prepare for Exploitation

Lesson 6: Penetrating Networks
Topic A: Exploit Network-Based Vulnerabilities
Topic B: Exploit Wireless and RF-Based Vulnerabilities
Topic C: Exploit Specialized Systems

Lesson 7: Exploiting Host-Based Vulnerabilities
Topic A: Exploit Windows-Based Vulnerabilities
Topic B: Exploit *Nix-Based Vulnerabilities

Lesson 8: Testing Applications
Topic A: Exploit Web Application Vulnerabilities
Topic B: Test Source Code and Compiled Apps

Lesson 9: Completing Post-Exploit Tasks
Topic A: Use Lateral Movement Techniques
Topic B: Use Persistence Techniques
Topic C: Use Anti-Forensics Techniques

Lesson 10: Analyzing and Reporting Pen Test Results
Topic A: Analyze Pen Test Data
Topic B: Develop Recommendations for Mitigation Strategies
Topic C: Write and Handle Reports
Topic D: Conduct Post-Report-Delivery Activities