CompTIA PenTest+ (PT0-002) Study Guide for Exam Success

1.0 Planning and Scoping – 14%

This domain covers the foundation of a penetration test: understanding legal and compliance requirements, defining the scope of the engagement, and demonstrating professional conduct throughout the process.

• 1.1 Compare and contrast governance, risk, and compliance concepts.
• 1.2 Explain the importance of scoping and organizational/customer requirements.
• 1.3 Demonstrate an ethical hacking mindset by maintaining professionalism and integrity.

2.0 Information Gathering and Vulnerability Scanning – 22%

This domain focuses on reconnaissance techniques, both passive and active, and the tools and methods used to identify vulnerabilities in systems, networks, and applications.

• 2.1 Perform passive reconnaissance.
• 2.2 Perform active reconnaissance.
• 2.3 Analyze the results of a reconnaissance exercise.
• 2.4 Perform vulnerability scanning.

3.0 Attacks and Exploits – 30%

This is the largest domain and includes conducting various types of attacks on networks, wireless systems, applications, cloud environments, and specialized devices. It also includes social engineering and post-exploitation tasks.

• 3.1 Perform network attacks.
• 3.2 Perform wireless attacks.
• 3.3 Perform application-based attacks.
• 3.4 Perform attacks on cloud technologies.
• 3.5 Explain common attacks and vulnerabilities against specialized systems.
• 3.6 Perform a social engineering or physical attack.
• 3.7 Perform post-exploitation techniques.

4.0 Reporting and Communication – 18%

After testing, professionals must communicate results clearly. This domain covers report writing, explaining findings, recommending remediation, and following up appropriately with clients.

• 4.1 Compare and contrast important components of written reports.
• 4.2 Analyze findings and recommend remediation within a report.
• 4.3 Explain the importance of communication during the penetration testing process.
• 4.4 Explain post-report delivery activities.

5.0 Tools and Code Analysis – 16%

This domain covers tools commonly used during penetration testing and how to analyze and interpret simple scripts and code to understand exploits and vulnerabilities.

Be familiar with scripting, tool usage, and code analysis techniques relevant to penetration testing.

For more information, visit the official CompTIA PenTest+ exam objectives .