From the course: CompTIA PenTest+ (PT0-002) Cert Prep

About the CompTIA PenTest+ (PT0-002) exam

From the course: CompTIA PenTest+ (PT0-002) Cert Prep

Start my 1-month free trial Buy for my team

About the CompTIA PenTest+ (PT0-002) exam

- So let's talk a little bit about exam details. This is the CompTIA PenTest+ PT0-002 exam. So what about the exam? What are the things that you need to do and need to know in order to successfully pass the exam? Let's cover each piece individually. First and foremost, this is not an entry level course. It does assume you have a little bit of experience and a little bit of knowledge of computers and computer networks in general. You don't have to be an expert, but you will want to be able to download and install a virtual manager, such as Virtual Box or VMware. Either one of those products will work, we'll talk about it in the lab environment, but you want to be comfortable enough to download and install software on your computer. And you'll also be doing some work at the command line. Again, don't worry if you're not really comfortable with it, but we'll help you get to that point. So let's take a look at what's going to be on the exam. This exam includes a maximum of 85 questions. It's possible that you could have fewer than 85, but the maximum will be 85 questions. They're both multiple choice and performance based. Now that means that it's not just going to be choosing A, B, C, or D. Sometimes you're going to be given a scenario and you actually have to answer based on your ability to follow through in the scenario. So it's more than just knowledge. It's the ability to apply the knowledge that we're going to talk about, and we'll be talking about how to actually apply the knowledge and where you would use the things you're learning throughout this course. The exam lasts 165 minutes. Before you even sit for the exam, it's recommended that you have three to four years of hands-on experience performing penetration tests, vulnerability assessments, and vulnerability management. That means that this is not going to be an exam for someone who's brand new. You need to have some experience to recognize how to use the tools and how to apply the results that you get back from your PenTest. To get a passing score, you need 750 points on a scale of 100 to 900. Anything 750 or higher means you passed and you get the PenTest+ certification. The PenTest+ exam covers five different domains. The first domain, domain one is planning and scoping. It represents 14% of the total exam questions, and it covers governance, risk, and compliance with regulations and laws. Scoping your PenTest engagement and demonstrating an ethical mindset. It is the domain that kind of sets the stage for all PenTest activities, and you'll need to know how to set up the pentesting project. That's what domain is all about, or domain one is all about. Domain two is 22% of the exam. Now that's almost a quarter of the exam, so it's a big chunk. It is information gathering and vulnerability scanning. So it's not necessarily the tools you're going to use, but it's how you use the tools. You're going to learn how to perform passive and active reconnaissance and vulnerability scans, and most importantly, how to analyze those results. Remember that pentesting is really not about using tools. It's about knowing when to use tools, how to use the tools, and most importantly, how to assess the results, analyze those results, and determine what to do next. Domain three is 30% of the exam. Now, that's even more than the previous domain, and that's on attacks and exploits. In domain three, you'll learn about researching attack vectors, performing various attacks on both wired and wireless networks. Also on applications and cloud technologies. You'll explore various mobile and internet of things or IoT vulnerabilities and attacks, and begin to understand how those attacks can be used in a PenTest. You'll also learn about carrying out social engineering and physical attacks, as well as implementing post exploitation techniques. Domain four is reporting and communication and makes up 18% of the exam. In this domain, you'll learn about the importance of writing and delivering written reports, because written reports and reporting your activity is one of the major phases of penetration testing. You'll learn about analyzing the results that you received from your vulnerability assessments and other activities, how to categorize what you've found and create recommendations, and then document those recommendations. And you'll also understand the importance of communication throughout the reporting process. In the last domain, domain five, is tools and code analysis. But notice that domain five is only 16% of the entire exam. That's why there's a smaller focus on the actual tools and a larger focus on the rest of the domains on how you use those tools and analyze the results. We're also going to be talking about scripting and coding, using Python, Ruby, Perl and JavaScript, and explaining the use cases for various pentesting tools. Picking the right tool is just as important as knowing how to use each individual tool. Okay, now you have an idea of what's on the exam. What do you do? Well, the first thing you should do is buy an exam voucher. You're thinking, wait, I'm not ready to take the exam. I haven't even studied yet. That's okay. If you go ahead and buy the exam voucher, it's a great motivator because you've set a time clock ticking that before the voucher expires, you've got to take the exam. It is a wonderful tool to use to keep yourself on target and actually follow through with taking the exam. So buy that exam voucher, but before you buy it, look for discounts. You never know, you might find a discounted voucher here or there. So look for, for discount vouchers first, buy it and then schedule that exam. Once again, once you schedule the exam, it is motivation for you to finish your studies by the exam date. You can take it in person or you can take it at home. Either way, if you have a training center that's close by, or if you just want to go to a training center or a testing center, rather, you can schedule it that way. If you would prefer to take it in the comfort of your own home or office, you can do that as well. Be aware, you will have to have software installed. You have may have to change your configuration a little bit, so there's a few changes that may have to occur because the exams are proctored, but you have the choice of going either way. Once you're ready to take the exam, in other words, you've scheduled it, now it's time to actually dig into the material. Study, study, study. Watch this course. Read the associated book from McGrawHill and take lots of practice exams. Make sure that you answer lots of practice questions because those will help you get prepared. And then finally, when your exam day comes, you'll be prepared to sit for the exam and pass it and become a PenTest+ professional.

Contents