Pentest +
The CompTIA PenTest+ certification course will walk you through the process of performing a pentest. You'll also become familiar with many popular tools and scripting languages. Whether you're interested in becoming a pentester or simply curious about the profession, this course is for you. Not only will this course prepare you for the certification exam, but it will also arm you with the skills necessary for entering into the mysterious realm of pentesting.
- 4.9/5.0
- 2873 Eingeschrieben
- Zuletzt aktualisiert Jun 28, 2026

Kursübersicht
- The CompTIA PenTest+ certification is a globally recognized credential that validates the skills and knowledge required to perform advanced penetration testing and vulnerability management. It ensures that candidates are capable of assessing the security posture of networks, systems, and applications by identifying, exploiting, and managing vulnerabilities in a responsible and professional manner.
- This course provides comprehensive, hands-on training designed to develop the practical skills necessary for planning and scoping penetration tests, conducting vulnerability assessments, and performing real-world attacks on a variety of systems. Participants will also learn to analyse findings, prepare detailed reports, and communicate remediation strategies to both technical and non-technical audiences.
- The CompTIA PenTest+ certification goes beyond simple vulnerability scanning—it covers the full lifecycle of a penetration testing engagement, from initial reconnaissance and information gathering to exploitation, post-exploitation, and reporting. The course aligns with industry best practices, legal standards, and compliance frameworks to ensure ethical and responsible testing procedures.
- Through this program, learners gain not only technical expertise but also the analytical and communication skills necessary to work effectively as part of a cybersecurity team, helping organizations strengthen their security defences and reduce exposure to cyber threats.
Who This Course Is For
- Security Analysts who want to deepen their knowledge of offensive security and vulnerability management.
- Penetration Testers seeking to validate and expand their professional skills with a globally respected certification.
- Vulnerability Testers who wish to enhance their ability to identify, exploit, and remediate security flaws.
- Network Security Operations Personnel responsible for maintaining and defending network infrastructures against attacks.
- Application Security Vulnerability Testers who want to specialize in testing and securing web and mobile applications.
Kursübersicht
Module 1 — Planning & Scoping Penetration Tests
- Overview: Establish the
legal, contractual, and technical foundation for a safe, repeatable penetration
test.
Learning objectives: define scope, legal/ethical boundaries, success criteria; create test plans and rules of engagement; select tools and assessment types.
Key topics: client intake & scoping questionnaires; authorization, non-disclosure agreements, and laws; risk assessment and impact analysis; test types (black/grey/white box); scheduling, rollback & contingency planning; resource & tool selection.
Practical work / labs: write a sample rules-of-engagement document; build a risk-based test plan for a fictional organization; create a scoping questionnaire.
Skills gained: professional test planning, legal/compliance awareness, stakeholder communication.
Module 2 — Conducting Passive Reconnaissance
- Overview: Collect publicly
available intelligence without directly interacting with target systems.
Learning objectives: map digital footprint, identify attack surface, harvest metadata and public exposures, discover third-party risks.
Key topics: OSINT techniques (search engines, social media, public registries), WHOIS/DNS/Passive DNS, public code repositories, metadata analysis, cloud and third-party exposure discovery, data aggregation & correlation.
Practical work / labs: OSINT exercise on a mock company; extract and analyze metadata from documents; build an attack surface inventory.
Skills gained: efficient data collection, correlation of disparate public data, building reconnaissance reports.
Module 3 — Performing Non-Technical Tests
- Overview: Test human and
organizational weaknesses that technology alone won’t reveal.
Learning objectives: design and run social-engineering campaigns, assess physical security, evaluate policy and process adherence.
Key topics: phishing and vishing concepts, social-engineering frameworks, pretexting, physical access assessments, insider threat scenarios, security awareness measurement, policy review techniques.
Practical work / labs: craft a simulated phishing email (non-malicious), conduct a reception/visitor procedure audit, create a security awareness scorecard.
Skills gained: social-engineering planning, human vulnerability assessment, organizational control evaluation.
Module 4 — Conducting Active Reconnaissance
- Overview: Use direct
interaction to discover live hosts, services, and configuration details while
minimizing detection and impact.
Learning objectives: perform network discovery, service enumeration, banner grabbing, fingerprinting and mapping of infrastructure.
Key topics: TCP/UDP scanning strategies, network mapping, service and OS fingerprinting, application discovery, IDS/IPS awareness, scanning ethics and throttling.
Practical work / labs: run scanning workflows against a lab network; correlate scan results to produce an asset inventory; tune scans to avoid service disruption.
Skills gained: safe active discovery, accurate host/service enumeration, reconnaissance report generation.
Module 5 — Analyzing Vulnerabilities
- Overview: Identify, verify,
and prioritize vulnerabilities in hosts, services, and applications.
Learning objectives: analyze scan output, validate findings, assess likelihood and impact, and prioritize remediation using risk models.
Key topics: vulnerability scanners and interpretation, false positive/negative handling, manual verification techniques, CVE/CWE mapping, risk scoring (CVSS), prioritization strategies.
Practical work / labs: triage scanner results from multiple tools; manually verify selected findings; map vulnerabilities to remediation actions.
Skills gained: critical analysis of automated results, vulnerability validation, remediation prioritization.
Module 6 — Penetrating Networks
- Overview: Exploit
network-level weaknesses to gain access to internal resources while maintaining
operational safety.
Learning objectives: execute network exploitation techniques, pivoting, and maintain stealth and persistence where appropriate for tests.
Key topics: network protocol weaknesses, misconfigurations (open shares, weak SMB), exploitation of services, man-in-the-middle techniques, tunneling and pivoting, use of proxies and pivot hosts.
Practical work / labs: perform controlled exploitation of vulnerable lab services; demonstrate pivoting from a compromised host to additional subnets; document containment steps.
Skills gained: practical exploitation of network weaknesses, lateral movement basics, safe escalation techniques.
Module 7 — Exploiting Host-Based Vulnerabilities
- Overview: Attack host
machines to escalate privileges, access sensitive data, and demonstrate impact.
Learning objectives: exploit host vulnerabilities, escalate privileges, bypass common protections, and cleanly document evidence.
Key topics: privilege escalation (Windows/Linux), service exploitation, credential harvesting, patch-level exploitation, anti-forensics considerations, endpoint security bypass methods (with legal/ethical limits).
Practical work / labs: exploit lab hosts to gain user and then admin/root access; capture and document proof-of-concepts; practice safe cleanup.
Skills gained: host exploitation, post-compromise evidence collection, responsible reporting of impact.
Module 8 — Testing Applications
- Overview: Identify and
exploit weaknesses in web, mobile, and API applications using secure testing
methodologies.
Learning objectives: test for common application vulnerabilities, chain bugs into exploits, and recommend secure remediations.
Key topics: OWASP Top 10 and beyond, input validation flaws, authentication/authorization issues, session management, server-side vulnerabilities, API testing, mobile app testing basics, secure coding remediation.
Practical work / labs: hands-on web app testing (SQLi, XSS, auth flaws), API fuzzing and exploitation, report secure fixes for discovered bugs.
Skills gained: systematic web/API testing, exploit chaining, developer-facing remediation guidance.
Module 9 — Completing Post-Exploit Tasks
- Overview: After gaining
access, perform controlled tasks to demonstrate impact while preserving
evidence and respecting scope.
Learning objectives: collect and analyze evidence, maintain minimal persistence only if authorized, exfiltrate sample data safely, and restore systems to original state.
Key topics: evidence preservation and chain-of-custody basics, credential and secret discovery, data discovery/exfiltration techniques (simulated), safe persistence strategies (for tests), cleanup procedures and rollback.
Practical work / labs: evidence capture exercises, simulated data discovery and secure reporting, restore lab systems to baseline.
Skills gained: ethical post-exploit operations, forensic mindfulness, responsible restoration.
Module 10 — Analyzing & Reporting Pen Test Results
- Overview: Turn technical
findings into clear, actionable, and prioritized reports for technical teams
and leadership.
Learning objectives: synthesize findings into remediation-focused reports, produce executive summaries, quantify business impact, and present results to stakeholders.
Key topics: report structure (exec summary, technical findings, PoC, remediation guidance), risk remediation plans, metrics/KPIs, presentation skills, creating repeatable delivery artifacts (templates, trackers), legal disclosure considerations.
Practical work / labs: produce a full pentest report from a previous lab engagement; prepare an executive slide deck; role-play presenting findings to technical and non-technical audiences.
Skills gained: professional reporting, stakeholder communication, remediation planning.
Final notes & suggested course add-ons
- Capstone project: a full-life-cycle pentest on a controlled lab that includes planning, reconnaissance, exploitation, post-exploit tasks, and final reporting.
- Assessments: practical labs, a written exam section, and a final report/presentation graded for clarity, accuracy, and remediation quality.
- Duration guidance (optional): each module typically fits a 1–2 day workshop; combine into a 3–5 week bootcamp or a semester-length course depending on depth.
Kursziele
- Successful
candidates will have the intermediate-level skills required to customize and
adapt various assessment frameworks in order to conduct comprehensive
penetration tests effectively. They will learn how to plan, execute, and manage
penetration testing projects while ensuring that all activities comply with
legal and organizational standards.
- Additionally, candidates will gain the ability to perform detailed vulnerability assessments, identify and exploit system weaknesses, and demonstrate real-world attack techniques in controlled environments. They will also develop the capacity to analyze and interpret data collected during tests to accurately evaluate an organization’s security posture.
- Candidates will master the best practices for documenting and communicating findings, including how to create clear and actionable reports for both technical teams and executive stakeholders. They will learn how to recommend remediation strategies and mitigation techniques to reduce identified risks and strengthen overall network defenses.
- Finally, candidates will acquire the skills to collaborate effectively with cross-functional security teams, provide post-assessment guidance, and continuously improve IT security processes through evidence-based recommendations.
Kursvoraussetzungen
- To
successfully undertake the CompTIA PenTest+ certification, candidates should
possess a minimum of 3–4 years of practical, hands-on experience in information
security or related IT fields. This ensures that participants have a solid
understanding of core networking, system administration, and security concepts
before diving into advanced penetration testing techniques.
Additional recommended prerequisites include:
- Strong foundational knowledge of networks and protocols, including TCP/IP, DNS, HTTP, and VPN technologies.
- Experience with operating systems such as Windows, Linux, and macOS, with a focus on command-line tools and system configurations.
- Understanding of vulnerability management processes, including identifying, analyzing, and mitigating security risks.
- Basic scripting or programming experience in languages such as Python, Bash, or PowerShell to automate security tasks and exploit analysis.
- Familiarity with security frameworks and compliance standards, such as NIST, ISO 27001, and GDPR.
- It is also highly recommended (though not mandatory) that candidates have earned the CompTIA Security+ certification or possess equivalent knowledge before attempting the PenTest+ exam.
- These prerequisites help ensure that learners are well-prepared to understand advanced penetration testing methodologies, effectively use penetration testing tools, and produce professional, actionable security assessment reports.
Kursplan
| Datum | Tage übrig | Schulungsort | |
|---|---|---|---|
Keine Termine verfügbar | |||
Kursprüfungsinformationen
- The
CompTIA
PenTest+ exam is a performance-based certification exam that
assesses the candidate’s ability to plan, conduct, analyze, and report on
penetration tests and vulnerability assessments. It validates
intermediate-level cybersecurity skills used by penetration testers,
vulnerability assessment analysts, and security consultants.
- Exam
Code: PT0-002
Exam Format: Multiple-choice and performance-based questions
Number of Questions: Maximum of 85 questions
Type of Questions: Multiple choice (single and multiple response) and hands-on, performance-based simulations
Exam Duration: 165 minutes (2 hours and 45 minutes)
Passing Score: 750 (on a scale of 100–900)
Languages Available: English, Japanese, Portuguese, Thai, and Spanish
Testing Provider: Pearson VUE (Online Testing or In-Person at Testing Centers)
Key Skills Measured:
- Planning and scoping penetration testing engagements
- Conducting information gathering and vulnerability identification
- Performing attacks and exploiting vulnerabilities
- Managing post-exploitation activities and reporting results
- Understanding legal, compliance, and ethical considerations in penetration testing
Recommended
Experience:
Before taking the PenTest+ exam, candidates are recommended to have:
- CompTIA Security+ certification or equivalent knowledge
- Minimum of 3–4 years of hands-on experience in information security or related field
- Strong understanding of networking, security tools, and vulnerability management
- Renewal
and Continuing Education:
The PenTest+ certification is valid for three years from the date of certification. It can be renewed through the CompTIA Continuing Education (CE) program by earning CEUs (Continuing Education Units) through approved activities, training, or higher-level certifications.
- Exam Domains (Objectives):
- Planning and Scoping (14%)
- Information Gathering and Vulnerability Identification (22%)
- Attacks and Exploits (30%)
- Reporting and Communication (18%)
- Tools and Code Analysis (16%)
Bewertungen unserer Kunden
4.9
(*)(*)(*)(*)(*)
Excellent
(*)(*)(*)(*)(*)
(*)(*)(*)(*)( )
( )( )( )( )( )
( )( )( )( )( )
( )( )( )( )( )
Jeroen Van Dijk
If you’ve ever wanted to break into ethical hacking, this is the place to start. It’s practical, challenging, and pushes you to think like an attacker. I finally get why iExperts emphasizes hands-on cybersecurity training.
(*)(*)(*)(*)(*)
Dimitris Nikidis
I wanted to give you my feedback regarding the security training you did to us. First of all, I want to thank you for all the valuable information you shared. For sure I can tell that my objectives for this training were fulfilled. The best part of the session was the hands-on session (even though I didn’t have laptop :)). The only thing that I would like to have more is to do some kind of penetration in the mobile environment. Last but not least, your way of presenting is very nice. There wasn’t any moment that I was tired. Keep on the beautiful work! I will follow you also on Twitter to get the latest information. We will keep in touch!
(*)(*)(*)(*)(*)
Sarah Roberts
Enthusiastic and knowledgeable presentation style Approachable / flexible
(*)(*)(*)(*)(*)
Dieser Kurs beinhaltet
- Dauer40 Std.
- AnbieterCompTIA
- KategorieCyber Security
- ZertifikatJa
Kursprofil
Kursquiz
Testen Sie Ihr Wissen mit unserem Kursquiz! Beantworten Sie eine Reihe von Fragen zu Pentest +.
Ähnliche Kurse
Security + 701
CompTIA Security+ is a globally recognized certification that validates the foundational skills required for IT security roles. It confirms your ability to perform core security functions and apply best practices across various systems. The course covers essential topics such as threat management, risk mitigation, and incident response. It equips you with knowledge of network security, cryptography, identity management, and access control. Security+ 701 ensures you understand how to protect devices, data, and infrastructure from modern cyber threats. The certification serves as a stepping stone for advanced security certifications and career growth in cybersecurity. By completing this course, you demonstrate to employers that you have the practical skills and knowledge to secure IT environments effectively.
- 40 Std. 4.8 (2933)
Cyber Security Analyst (CySA +)
CompTIA Cybersecurity Analyst (CySA+) is a globally recognized certification designed for cybersecurity professionals responsible for protecting and defending organizational networks. The certification focuses on threat detection, prevention, and response through continuous security monitoring. It validates the skills needed to analyze data, identify vulnerabilities, and implement effective security solutions to safeguard systems and applications against modern cyber threats. This course prepares learners to apply behavioral analytics to networks and devices to prevent, detect, and combat cybersecurity threats through real-time monitoring and incident response techniques. It bridges the gap between the foundational security knowledge of Security+ and the advanced expertise of CompTIA PenTest+.
- 40 Std. 4.7 (2633)
Advanced Security Practitioner (CASP +)
The CompTIA Advanced Security Practitioner (CASP+) certification focuses on the technical knowledge and skills necessary to design, engineer, integrate, and implement secure solutions in complex environments. It emphasizes supporting a resilient enterprise while addressing governance, risk, and compliance requirements. This exam does not use a scaled score system and is evaluated on a pass/fail basis.
- 40 Std. 4.8 (2364)
CompTIA A +
The CompTIA A+ Core Series requires candidates to pass two exams: Core 1 (220-1101) and Core 2 (220-1102). These exams cover the latest content and emphasize the technologies and skills IT professionals need to effectively support a hybrid workforce. This certification validates foundational IT skills across various areas such as hardware, networking, mobile devices, operating systems, troubleshooting, and security. It prepares learners to manage and maintain modern computing environments, ensuring smooth technical support in both on-site and remote work settings. Earning the CompTIA A+ certification demonstrates that you have the practical knowledge and problem-solving abilities required for entry-level IT support roles, making it a globally recognized starting point for a successful career in information technology.
- 40 Std. 4.8 (2354)
CompTIA Cloud +
CompTIA Cloud+ validates the skills needed to deploy and automate secure cloud environments that support the high availability of business systems and data. It covers key concepts in cloud architecture, virtualization, and storage. The course also emphasizes cloud security, risk management, and compliance best practices. Participants learn how to manage and optimize cloud resources effectively. It provides practical knowledge for troubleshooting and resolving cloud infrastructure issues. The certification ensures readiness to support hybrid and multi-cloud environments. Overall, Cloud+ prepares professionals to maintain efficient, reliable, and secure cloud operations.
- 40 Std. 4.9 (2976)
Das könnte Ihnen auch gefallen
Entdecken Sie die beliebtesten 🔥 Kurse auf dem Markt










