CompTIA PenTest+

CompTIA PenTest+ certification exam: Overview of domains

Howard Poston
February 24, 2022 by
Howard Poston

PenTest+ is one of the advanced certifications on CompTIA's Cybersecurity Pathway. It is designed to test an applicant's knowledge of the processes, tools, and techniques used for penetration testing. Candidates are recommended to have 3-4 years of experience in pentesting, vulnerability assessments, and code analysis.

PenTest+ domain overview

PenTest+ is a 165-minute exam composed of a maximum of 85 multiple-choice and performance-based questions, and a passing score is a 750 on the range of 100-900. The PenTest+ exam is broken up into the following five domains.

Earn your PenTest+, guaranteed!

Earn your PenTest+, guaranteed!

Enroll in a PenTest+ Boot Camp and earn one of the industry’s most respected certifications — guaranteed.

Domain 1 — Planning and scoping

The first domain of the PenTest+ exam covers planning and scoping a penetration testing engagement. This domain makes up 14% of a candidate's overall score on the exam.

Domain 1 is broken up into three sections:

  1. Compare and contrast governance, risk and compliance concepts. This section discusses regulations that may affect the assessment process and legal concepts related to penetration testing contracts.
  2. Explain the importance of scoping and organizational/customer requirements. An effective penetration test is geared towards answering specific security questions about a target environment. This section tests resources and techniques for defining pentesting scope and strategy.
  3. Given a scenario, demonstrate an ethical hacking mindset by maintaining professionalism and integrity. This section tests the ethics of penetration testing and how to properly protect the client during an engagement.

Domain 2 — Information gathering and vulnerability scanning

Reconnaissance is a vital stage of the penetration testing process that provides valuable intelligence for identifying security weaknesses and developing a plan of attack. This domain accounts for 22% of the questions in the PenTest+ exam and is divided into three sections:

  1. Given a scenario, perform passive reconnaissance. This section tests a candidate's knowledge of passive reconnaissance or the use of public information sources to learn about a target without directly interacting with its systems.
  2. Given a scenario, perform active reconnaissance. Active reconnaissance questions discuss methods for performing enumeration, crafting network packets, detecting defenses, and other techniques that directly interact with target systems.
  3. Given a scenario, analyze the results of a reconnaissance exercise. This section tests a candidate's ability to extract useful intelligence from the output of reconnaissance tools and techniques.
  4. Given a scenario, perform vulnerability scanning. Vulnerability scanning is a vital part of reconnaissance, and this section tests how to perform and automate vulnerability scans under different scenarios.

Earn your PenTest+, guaranteed!

Earn your PenTest+, guaranteed!

Enroll in a PenTest+ Boot Camp and earn one of the industry’s most respected certifications — guaranteed.

Domain 3 — Attacks and exploits

Domain 3 is the largest in the PenTest+ exam, accounting for 30% of the examination's questions. The topics included in this section are far-ranging, covering potential attacks against any system that a penetration tester may encounter. The seven sections in this domain include:

  1. Given a scenario, research attack vectors and perform network attacks. This section tests attacks on system availability, network attacks (ARP poisoning, Kerberoasting etc.), and network attack tools.
  2. Given a scenario, research attack vectors and perform wireless attacks. This section explores attack methods, attack techniques and tools for testing wireless network security.
  3. Given a scenario, research attack vectors and perform application-based attacks. This section evaluates an applicant's knowledge of attacks and tools for web application and API security.
  4. Given a scenario, research attack vectors and perform attacks on cloud technologies. This section explores attack vectors and tools for testing the security of the cloud-based infrastructure.
  5. Explain common attacks and vulnerabilities against specialized systems. This section covers other types of systems that a penetration tester may encounter, such as mobile devices, Internet of Things (IoT) devices, ICS/SCADA systems and other specialized systems.
  6. Given a scenario, perform a social engineering or physical attack. Social engineering and physical attacks are effective but often out-of-scope techniques covered by this section.
  7. Given a scenario, perform post-exploitation techniques. This section discusses how a penetration tester can take advantage of their access after a successful exploit, such as lateral movement or performing additional discovery and enumeration.

Domain 4 — Reporting and communication

Reporting is an undervalued but vital part of the penetration testing process. If a customer can't understand and use the findings of a penetration test, then the effort put into detecting vulnerabilities and security issues are wasted. This domain accounts for 18% of the PenTest+ score and is composed of the following four sections:

  1. Compare and contrast important components of written reports. This section discusses key concepts for reporting, such as appropriately tailoring content to common audiences.
  2. Given a scenario, analyze the findings and recommend the appropriate remediation within a report. This section evaluates a candidate's ability to move from discovered vulnerabilities to concrete recommendations for addressing them.
  3. Explain the importance of communication during the penetration testing process. This section tests how to set up communication channels with a client and when and how to communicate.
  4. Explain post-report delivery activities. This section tests knowledge of post-engagement activities, such as cleaning up target systems and performing retrospectives on the engagement.

Earn your PenTest+, guaranteed!

Earn your PenTest+, guaranteed!

Enroll in a PenTest+ Boot Camp and earn one of the industry’s most respected certifications — guaranteed.

Domain 5 — Tools and code analysis

The ability to read and write code is essential to identifying vulnerabilities and developing tools for penetration testing. Domain 5 of the PenTest+ exam tests these skill sets and is responsible for 16% of a candidate's overall score. This domain has three sections, including:

  1. Explain the basic concepts of scripting and software development. This section tests knowledge of core concepts of software development, such as data structures, classes and functions.
  2. Given a scenario, analyze a script or code sample for use in a penetration test. This section covers shells, automation, programming language, and a pentester's ability to evaluate exploit code designed for different purposes.
  3. Explain use cases of the following tools during the phases of a penetration test. This section tests if a candidate knows when to use the various tools covered in domains 1-4.

For more information on the PenTest+ exam, see the full CompTIA PenTest+ (PT0-002) exam objectives.



Howard Poston
Howard Poston

Howard Poston is a copywriter, author, and course developer with experience in cybersecurity and blockchain security, cryptography, and malware analysis. He has an MS in Cyber Operations, a decade of experience in cybersecurity, and over five years of experience as a freelance consultant providing training and content creation for cyber and blockchain security. He is also the creator of over a dozen cybersecurity courses, has authored two books, and has spoken at numerous cybersecurity conferences. He can be reached by email at or via his website at