THE CU
  • Home
  • Blogs
  • Offense
    • Pen Tester Training Program
    • Offensive Cheat Sheets >
      • Bash Commands
      • Network Enumeration
      • Web Enumeration
      • Windows Post Ex
      • Metasploit
      • Shells
      • PowerShell
    • Offensive Links
  • Defense
    • Junior SOC Analyst Roadmap
    • Intermediate SOC Analyst Training Program
    • Defense Links
  • Land A Job
    • Improve Resume
    • Find a Job
    • Interview Prep
    • Grow as a Practitioner
    • Get Experience
  • FAQS
  • Other
    • Finance Resources
    • CTFs and Cons
    • Training
    • Twitter People to Follow
    • Podcasts
    • Books
    • Twitch Streamers

 

My thoughts on the Comptia pentest+ beta (PT0-002)

4/24/2021

2 Comments

 
This past week I dove in to take the new beta version of CompTIA’s Pentest+ version PT0-002. Since I did a terrible job of reading the contract and remembering what I can disclose, I will try to be careful. But CompTIA, feel free to message me if I reveal anything I shouldn’t. I will discuss how the exam went for me, my thought on the material covered, and my recommendations for how to study.
I found out about this exam from a co-worker one day last week who said CompTIA offered this beta certification for the low, low price of $50. You can’t really beat that price when it comes to infosec certs. I figured why not give it a shot. As soon as I got home, I signed up to take the exam the following Tuesday, roughly 5 days to study.

How I Studied

To get ready, I read through the objectives. I bought the book CompTIA Study Guide Exam PTO-001 by Mike Chapple and David Seidl from Amazon. Let me tell you, I was pleasantly surprised by the breadth of the topics in the book.

In my mind, CompTIA exams are very entry-level. They are typically studied by memorizing a brain dump slash doing a bunch of practice tests. Honestly, this test could be prepared for the same way. However, if anyone is interested in Penetration Testing as a career, I can’t recommend reading this book enough. It literally covers all the administrative side of the business and the theoretical stuff as to why we do what we do.

If you are brand new to pen testing, I recommend taking your time and reading through the entire book. After which, you will be able to articulate your role as a pen tester to any executive you may work with on a project. I promise it is worth it.

Now the question is, did it help me prepare for the exam. Kinda. It seems that about half of the questions on the exam were covered in this book. For the rest of the questions, I had to lean heavily on my five years of pen testing experience. If you have taken a CompTIA exam in the past, the style of questions is very much the same.
​

Did I pass? I don’t know. It was actually pretty tough. I would like to think I did.

UPDATE: I am happy to report I did indeed pass the PenTest+ Exam.

What I think of the exam

I honestly took the exam to see what is out there for new people entering the information security world. PenTest+ comes up pretty often in conversations with entry-level practitioners. Before, I was just blase about the certification, but now I can confidently recommend getting it.

I recommend it solely on the knowledge an individual will gain from studying the material. I don’t believe it will be a standard in the information security industry for some time. And I don’t think it will give you a big leg up in the eyes of HR like the CEH. But, it will help prepare you for the job.
​

In fact, based on the material covered in the exam, I changed my recommended certification path for pen testing to:
CompTIA PenTest+ --> eJPT -> eCPPT -> OSCP

How to Study

Time for recommending how to study for the exam. If you want to try giving the CompTIA PenTest+ beta a try, grab the Sybex book. Read through it thoroughly. Next, focus on learning the tools they cover heavily. You will need to know the various switches and be able to reconstruct the commands based on the tool’s output. To do this, I recommend hopping in a Kali VM and running the tools against some machines. TryHackMe and HackTheBox are always great options for vulnerable systems to play with.
​

Additionally, understand the other sections well enough to answer all of the practice questions easily. Each Chapter has a 15 to 20 question practice test, and there is an assessment at the beginning of the book. I would say the book’s style of asking questions is similar enough to the exam to be helpful. With that being said, I would surmise that the Practice Tests by Sybex would be beneficial in preparing. Please, someone, let me know what you thought if you purchase and use the Practice Tests.

Conclusion

Yea. The exam was a good time, and I enjoyed the study materials. Baby pen testers, I recommend this for you.

2 Comments
rardroid
1/1/2022 11:46:15 pm

thanks for sharing the journey. agree with you, practice, practice, practice will make it convenient for us.
do you mind sharing the baby doc?

Reply
Silverbits
1/2/2022 08:40:52 am

Hey RARDROID, thanks for replying. Would love to help you out but, I am not sure I understand what you are asking. What is the "baby doc," you are referring to? Please try to clarify your question because I would love to help if I can.

Reply

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Silverbits
    - Infosec Enthusiast
    - Traveler
    - Future AT Thru-Hiker
    - CTFer
    - Red and Blue Teamer

      signup!

    Subscribe to Newsletter

    Categories

    All
    Book Review
    Certifications
    Coding
    Conferences
    Course Review
    Cracking
    Defense
    Finance
    Fire
    Forensics
    Hacking
    Hashes
    Incident Response
    Job Hunting
    Malware
    Mindset
    OSCP
    Pen Testing
    Tools
    Travel
    Updates
    Web Hacking

    Archives

    January 2023
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    May 2018
    April 2018

    RSS Feed

Home      Blogs    Disclaimers    Copyright Notice   Cookie Policy ​
  • Home
  • Blogs
  • Offense
    • Pen Tester Training Program
    • Offensive Cheat Sheets >
      • Bash Commands
      • Network Enumeration
      • Web Enumeration
      • Windows Post Ex
      • Metasploit
      • Shells
      • PowerShell
    • Offensive Links
  • Defense
    • Junior SOC Analyst Roadmap
    • Intermediate SOC Analyst Training Program
    • Defense Links
  • Land A Job
    • Improve Resume
    • Find a Job
    • Interview Prep
    • Grow as a Practitioner
    • Get Experience
  • FAQS
  • Other
    • Finance Resources
    • CTFs and Cons
    • Training
    • Twitter People to Follow
    • Podcasts
    • Books
    • Twitch Streamers