Penetration testers find and report vulnerabilities before they can be exploited. CompTIA’s PenTest+ is one of the best certifications to validate those skills, and it’s being updated to align with the most up-to-date hacking and pentesting skills requested by employers in 2021.
6. State of cybersecurity: A global view
Hacking accounts for over half of all recent data breaches; phishing is the second biggest
risk. Not surprisingly, 70% of breaches are financially motivated, with 43% of breaches
involving exploiting vulnerabilities in web applications.
Growth: Globally, the penetration testing market size is expected to grow from $1.6B to
$3B by 2026, a 13.8% growth rate
Opportunities: Cloud-based pentesting involving continuous testing and remediation
Challenge: Rising regulations and compliances mandating pentesting and costs, rising
sophistication of cyberattacks and increased internet/mobile-based apps penetration
Biggest challenge: Lack of skilled cybersecurity professionals to conduct testing
Biggest shortage of cybersecurity skills: Penetration testing/red teaming are within
the top 10
Most impactful for improving working relationship between security teams and
business management: More penetration testing and sharing results to
understand cyber risks are within the top 10
8. What is CompTIA PenTest+?
CompTIA PenTest+ is for cybersecurity professionals tasked
with penetration testing and vulnerability management
PenTest+ is the most comprehensive exam covering all red
team activities
It is the only exam on the market to include all aspects of
vulnerability management
PT0-002 is the most current penetration testing exam covering
the latest techniques against expanded attack surfaces
CompTIA PenTest+ launched October 28, 2021
9. CompTIA PenTest+ certification
Plan and scope a penetration testing engagement
Understand legal and compliance requirements
Perform vulnerability scanning and penetration testing using appropriate tools
and techniques, and then analyze the results
Produce a written report containing proposed remediation techniques, effectively
communicate results to the management team and provide practical
recommendations
The CompTIA PenTest+ certification exam will verify the successful candidate has the
knowledge and skills required to:
11. Accreditation and approvals
Approved under the DoD Directive 8140/8570.01-M
The directive requires DoD Information Assurance (IA) workers who work with sensitive data to
obtain a commercial certification accredited under ISO standard 17024. The three approved
8570.01-M work roles for PenTest+ are:
➢ Cybersecurity Service Provider (CSSP) Analyst
➢ CSSP Incident Responder
➢ CSSP Auditor
PenTest+ also maps to 7 DCWF/NICE Framework work roles at over 70%
This positions PenTest+ for the eventual DoD 8140 manual, expected in late 2021
➢ Security Control Assessor (612)
➢ Cyber Defense Analyst (511)
➢ Cyber Defense Infrastructure Support Specialist (521)
➢ Cyber Defense Incident Responder (531)
➢ Vulnerability Assessment Analyst (541)
➢ Forensics Analyst (211)
➢ Cyber Defense Forensics Analyst (212)
12. CompTIA career pathway
CompTIA certifications align with the skill sets needed to support and manage IT
infrastructure. Enter where appropriate for you. Consider your experience and existing
certifications or course of study.
14. Exam objectives: What’s new?
Same number of exam domains (5) with similar titles
Fewer objectives: 21 versus 24 due to consolidation of PT0-001
objectives to improve instructional design and merge similar topics
80% of topics are similar, 20% are updated to include:
Expanded techniques for pentesting web applications, cloud and hybrid
environments.
Emphasis on demonstrating an ethical hacking mindset given various scenarios.
More focus on vulnerability scanning. For example, Domain 2.0 renamed from
“…Vulnerability Identification” to “…Vulnerability Scanning” to emphasize
hands-on scanning skills.
More focus on code analysis: The previous Domain 4 Penetration Testing Tools
was renamed / reordered to Domain 5 Tools and Code Analysis to emphasize
the growing need to identify and analyze code during a penetration test. (Code
development is not required.)
15. Exam domains: What's new?
PT0-002 PT0-001
Exam domains % Exam domains %
1.0 Planning and scoping 14% 1.0 Planning and scoping 15%
2.0 Information gathering and vulnerability
scanning
22% 2.0 Information gathering and vulnerability
identification
22%
3.0 Attacks and exploits 30% 3.0 Attacks and exploits 30%
4.0 Reporting and communication 18% 5.0 Reporting and communication 16%
5.0 Tools and code analysis 16% 4.0 Penetration testing tools 17%
16.
17. 1.0 Planning and scoping
PT0-002 New objectives
1.1 Compare and contrast governance, risk, and compliance concepts.
1.2 Explain the importance of scoping and organizational/customer requirements.
1.3 Given a scenario, demonstrate an ethical hacking mindset by maintaining professionalism
and integrity.
18. 2.0 Information gathering and vulnerability scanning
PT0-002 New objectives
2.1 Given a scenario, perform passive reconnaissance.
2.2 Given a scenario, perform active reconnaissance.
2.3 Given a scenario, analyze the results of a reconnaissance exercise.
2.4 Given a scenario, perform vulnerability scanning.
19. 3.0 Attacks and exploits
PT0-002 New objectives
3.1 Given a scenario, research attack vectors and perform network attacks.
3.2 Given a scenario, research attack vectors and perform wireless attacks.
3.3 Given a scenario, research attack vectors and perform application-based attacks.
3.4 Given a scenario, research attack vectors and perform attacks on cloud technologies
3.5 Explain common attacks and vulnerabilities against specialized systems.
3.6. Given a scenario, perform a social engineering or physical attack.
3.7 Given a scenario, perform post-exploitation techniques.
20. 4.0 Reporting and communication
PT0-002 New objectives
4.1 Compare and contrast important components of written reports.
4.2 Given a scenario, analyze the findings and recommend the appropriate remediation within a
report.
4.3 Explain the importance of communication during the penetration testing process.
4.4 Explain post-report delivery activities.
21. 5.0 Tools and code analysis
PT0-002 New objectives
5.1 Explain the basic concepts of scripting and software development.
5.2 Given a scenario, analyze a script or code sample for use in a penetration test.
5.3 Explain use cases of the following tools during the phases of a penetration test.
23. Get certified with Infosec Skills
Train for your CompTIA certification with Infosec Skills:
Infosec Skills subscription:
➢ 130+ role-based learning paths (e.g., ITF+, A+, Network+,
Security+, CySA+ PenTest+, CASP+)
➢ 100s of hands-on labs in cloud-hosted cyber ranges
➢ Custom certification practice exams and skill assessments
Infosec Skills live boot camp:
➢ Live, instructor-led training (in-person or live online)
➢ Certification exam voucher
➢ 90 day extended access to recordings of daily lessons, plus
all materials in Infosec Skills
➢ Exam Pass Guarantee
infosecinstitute.com/skills
24. Get certified with Infosec Skills
And the winner for a
one-year subscription to
Infosec Skills is …
infosecinstitute.com/skills
(Valued at $299)
26. About us
Infosec believes knowledge is power when fighting
cybercrime. We help IT and security professionals advance
their careers with skills development and certifications
while empowering all employees with security awareness
and privacy training to stay cyber-safe at work and home.
www.infosecinstitute.com