⚔️ CompTIA PenTest+

🧠 1. Certification Name and Issuing Body

🧩 2. Certification Level and Type

  • Level: Intermediate

  • Type: Technical

📜 3. Purpose and Goals

  • What skills does it certify?
    Planning and scoping penetration tests, performing vulnerability scans, exploiting systems, conducting post-exploitation tasks, and writing reports

  • Target roles or profiles:
    Penetration Tester, Vulnerability Analyst, Red Teamer (entry-level), Security Consultant

  • Practical applications:
    Internal and external pentests, vulnerability assessments, client reporting, and remediation validation

🎓 4. Prerequisites

  • Recommended prior certifications:
    CompTIA Security+, Network+, or equivalent knowledge

  • Suggested experience:
    2–3 years of hands-on experience in security or network administration

  • Required technical knowledge:
    Networking (TCP/IP, ports), Linux & Windows CLI, scripting (Bash/Python/PowerShell), vulnerability management

📚 5. Content and Curriculum

  • Key domains/modules:

    1. Planning and Scoping

    2. Information Gathering and Vulnerability Scanning

    3. Attacks and Exploits

    4. Reporting and Communication

    5. Tools and Code Analysis

  • Technologies/tools:
    Nmap, Metasploit, Burp Suite, Nikto, SQLMap, Hydra, Netcat, PowerShell, Python, Bash

  • Framework mapping:
    NIST SP 800-115, MITRE ATT&CK, NICE Framework (PR and DE categories)

🧪 6. Learning Approach

  • Style: Mixed (theory + simulations + multiple-choice)

  • Labs/environments: Available through CompTIA CertMaster Labs, TryHackMe, HTB, and third-party providers

  • Materials: Official CompTIA Study Guide, Sybex/Pearson books, video training, lab manuals

  • Recommended platforms: TryHackMe (“Offensive Pentesting” path), INE, Cybrary, Udemy (Jason Dion, TCM Security)

📝 7. Exam Format and Details

  • Mode: Online proctored (Pearson VUE) or in-person

  • Duration: 165 minutes

  • Questions: Max 85 (multiple-choice + performance-based)

  • Languages: English, Japanese

  • Retake policy: No mandatory wait after first failure; retake fee applies

  • Certification validity: 3 years

💰 8. Estimated Cost

  • Exam fee: $392 USD

  • Training cost: $150–$700 USD (depending on provider and modality)

  • Renewal cost: ~$150 every 3 years or via Continuing Education (CE) program

🌍 9. Industry Recognition

  • Demand/popularity: Widely accepted in U.S. and international markets; DoD 8570 approved

  • Organizations that value it: U.S. Department of Defense, cybersecurity consultancies, MSSPs, financial institutions

  • Comparison:

    • More accessible than OSCP or PNPT

    • More hands-on than CEH but less intense than eJPTv2 or Red Team certs

💼 10. Career Opportunities

  • Job roles:
    Junior Pentester, Security Tester, Red Team Apprentice, Security Operations Analyst

  • Suggested paths:
    → PenTest+ → PNPT / CRTO / OSCP
    → PenTest+ + CySA+ = Blue + Red foundational dual path

💵 11. Average Salary

  • USA: $70,000–$95,000/year

  • Europe: €45,000–€70,000/year

  • Salary boost: Mid-level increase (~15–20%) when moving into technical pentesting roles

  • (Sources: PayScale, Glassdoor, CyberSeek)

📅 12. Renewal and Maintenance

  • Validity: 3 years

  • Renewal options:

    • Submit 60 CEUs (Continuing Education Units)

    • Retake the latest PenTest+ exam

    • Earn a higher-level CompTIA or industry certification (e.g., CySA+, CASP+, or OSCP)

🧭 13. Final Recommendations

  • Ideal for:
    IT professionals transitioning into offensive security with structured goals and limited pentest experience

  • When to pursue:
    After Security+ or 1–2 years of IT/network administration + TryHackMe or Hack The Box practice

  • Tips:
    Focus on performance-based questions. Use a combination of labs and practice exams. Document methodology and improve speed on CLI tools.