This past week I dove in to take the new beta version of CompTIA’s Pentest+ version PT0-002. Since I did a terrible job of reading the contract and remembering what I can disclose, I will try to be careful. But CompTIA, feel free to message me if I reveal anything I shouldn’t. I will discuss how the exam went for me, my thought on the material covered, and my recommendations for how to study.
I found out about this exam from a co-worker one day last week who said CompTIA offered this beta certification for the low, low price of $50. You can’t really beat that price when it comes to infosec certs. I figured why not give it a shot. As soon as I got home, I signed up to take the exam the following Tuesday, roughly 5 days to study.
How I Studied
To get ready, I read through the objectives. I bought the book CompTIA Study Guide Exam PTO-001 by Mike Chapple and David Seidl from Amazon. Let me tell you, I was pleasantly surprised by the breadth of the topics in the book.
In my mind, CompTIA exams are very entry-level. They are typically studied by memorizing a brain dump slash doing a bunch of practice tests. Honestly, this test could be prepared for the same way. However, if anyone is interested in Penetration Testing as a career, I can’t recommend reading this book enough. It literally covers all the administrative side of the business and the theoretical stuff as to why we do what we do.
If you are brand new to pen testing, I recommend taking your time and reading through the entire book. After which, you will be able to articulate your role as a pen tester to any executive you may work with on a project. I promise it is worth it.
Now the question is, did it help me prepare for the exam. Kinda. It seems that about half of the questions on the exam were covered in this book. For the rest of the questions, I had to lean heavily on my five years of pen testing experience. If you have taken a CompTIA exam in the past, the style of questions is very much the same.
Did I pass? I don’t know. It was actually pretty tough. I would like to think I did.
UPDATE: I am happy to report I did indeed pass the PenTest+ Exam.
What I think of the exam
I honestly took the exam to see what is out there for new people entering the information security world. PenTest+ comes up pretty often in conversations with entry-level practitioners. Before, I was just blase about the certification, but now I can confidently recommend getting it.
I recommend it solely on the knowledge an individual will gain from studying the material. I don’t believe it will be a standard in the information security industry for some time. And I don’t think it will give you a big leg up in the eyes of HR like the CEH. But, it will help prepare you for the job.
In fact, based on the material covered in the exam, I changed my recommended certification path for pen testing to:
CompTIA PenTest+ --> eJPT -> eCPPT -> OSCP
How to Study
Time for recommending how to study for the exam. If you want to try giving the CompTIA PenTest+ beta a try, grab the Sybex book. Read through it thoroughly. Next, focus on learning the tools they cover heavily. You will need to know the various switches and be able to reconstruct the commands based on the tool’s output. To do this, I recommend hopping in a Kali VM and running the tools against some machines. TryHackMe and HackTheBox are always great options for vulnerable systems to play with.
Additionally, understand the other sections well enough to answer all of the practice questions easily. Each Chapter has a 15 to 20 question practice test, and there is an assessment at the beginning of the book. I would say the book’s style of asking questions is similar enough to the exam to be helpful. With that being said, I would surmise that the Practice Tests by Sybex would be beneficial in preparing. Please, someone, let me know what you thought if you purchase and use the Practice Tests.
Yea. The exam was a good time, and I enjoyed the study materials. Baby pen testers, I recommend this for you.