CompTIA PenTest+ is designed for cybersecurity professionals working on penetration testing and vulnerability management. It is most comprehensive in its approach covering both performance-based and knowledge-based questions to ensure all stages are covered properly.

This covers not only penetration testing but is the only certification in the market that covers hands-on vulnerability assessment, scanning, and analysis, which includes planning, scoping, and managing weaknesses, not just exploiting them.

The CompTIA Pentest + certified people can help organisations comply with regulations, such as PCI-DSS and NIST 800-53 Risk Management Framework (RMF). It is approved under the Department of Defense (DoD) Directive 8140/8570.01-M and under ANSI/ISO standard 17024.

Minimum 3 years of Information security experience with Network+, Security+ or equivalent knowledge

• Cloud Penetration Tester
• Web App Penetration Tester
• Cloud Security Specialist
• Network and Security Specialist
• Information Security Engineer
• Security Analyst

• Understanding the key legal concepts, importance of planning for an engagement and its scope.
• Understanding the key aspects of compliance based assessments.
• Information gathering using appropriate techniques.
• Performing and analysing vulnerability scans.
• Leveraging information for exploitation preparation.
• Finding weaknesses related to specialised systems
• Understanding social engineering attacks
• Exploiting network based vulnerabilities, application-based vulnerabilities, wireless and RF-based vulnerabilities and local host vulnerabilities.
• Summarising physical security attacks related to facilities
• Performing post exploitation techniques
• Using Nmap and tools for information gathering
• Compare and contrast various tools usage
• Analysing tool output
• Analysing basic script reporting and communication
• Explaining post report delivery activities
• Recommend mitigation strategies