New Certification: CompTIA PenTest+

245

Comments

  • tedjamestedjames Member Posts: 1,182 ■■■■■■■■□□
    Having just finished eJPT, I'm really tempted to sign up for this beta exam. However, I'm supposed to be using this time to get caught up on projects around the house that I neglected while preparing for eJPT. Do I really need Pentest+? Probably not. Argh! I could stand to live without a deadline for awhile. Must...resist...urge...to...test....again!
  • SaSkillerSaSkiller Member Posts: 337 ■■■□□□□□□□
    Just heard about this. I can't see it in the market out of DoD and like someone said, maybe some management positions.
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
  • atippettatippett Member Posts: 154
    I noticed on CompTIA's website that pass/fail information won't be available until Summer of 2018, but a numbered score will be given at the end of the exam. Can we assume that the passing number will be 750 like the CySA+?
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    atippett wrote: »
    I noticed on CompTIA's website that pass/fail information won't be available until Summer of 2018, but a numbered score will be given at the end of the exam. Can we assume that the passing number will be 750 like the CySA+?

    Take a look at the exam objectives pdf I posted earlier.

    On that note:
    "4.4: Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell)"

    Overlooked that one the first time. Looks like programming is on the exam.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • EnderWigginEnderWiggin Member Posts: 551 ■■■■□□□□□□
    Just got home from taking the beta. Obviously a multiple choice test will never outdo OSCP, but this one gets as close as it possibly can. Knowing the CEH material will not be enough to pass this, unless they make the cutting score incredibly low. There was a wide variety of technical topics, and you have to actually understand how the tools work to answer the questions. This test is going to make EC-Council irrelevant, which is amazing.



    atippett wrote: »
    I noticed on CompTIA's website that pass/fail information won't be available until Summer of 2018, but a numbered score will be given at the end of the exam. Can we assume that the passing number will be 750 like the CySA+?
    There is no numbered score given.
  • shochanshochan Member Posts: 1,014 ■■■■■■■■□□
    I signed up for late April, but for you TE folks that are certified PenTesters already, how did you prepare for OSCP/CEH/etc exams?

    Did you create a lab network at home, install several different OSes (XP/Vista/Server2003/200icon_cool.gif on old systems or VMs, managed switches, 2nd router, web server (IIS & Apache), secondary WAP? I guess you would want to do this so you can test some of the tools that are on the exam, right??

    Cheers & Hi5!
    CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
  • dizzy_kittydizzy_kitty Member Posts: 95 ■■■□□□□□□□
    Just got home from taking the beta. Obviously a multiple choice test will never outdo OSCP, but this one gets as close as it possibly can. Knowing the CEH material will not be enough to pass this, unless they make the cutting score incredibly low. There was a wide variety of technical topics, and you have to actually understand how the tools work to answer the questions. This test is going to make EC-Council irrelevant, which is amazing.




    There is no numbered score given.



    Oh. icon_sad.gif From their PenTest+ page:



    Passing Score
    ​Pass/fail information will not be available until summer 2018; candidates will be notified. Only a numbered score is issued at the end of the beta exam. No exam objectives appear in beta exam results.




    Would've been nice to compare scores for the hell of it. icon_razz.gif
  • ErtazErtaz Member Posts: 934 ■■■■■□□□□□
    Oh. icon_sad.gif From their PenTest+ page:



    Passing Score
    ​Pass/fail information will not be available until summer 2018; candidates will be notified. Only a numbered score is issued at the end of the beta exam. No exam objectives appear in beta exam results.




    Would've been nice to compare scores for the hell of it. icon_razz.gif

    I'm going at the end of April. I can't wait to get my score. Should be fun.
  • jwdk19jwdk19 Member Posts: 70 ■■■□□□□□□□
    Booked mine for March but will probably change that to April:D
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    750 points seems like a safe guess to me.
    750.jpg 70.5K
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • boxerboy1168boxerboy1168 Member Posts: 395 ■■■□□□□□□□
    if it's anything like the other CompTIA test it's mostly theory and headaches with no real substance

    after I finish the required CompTIA test for WGU I will not be taking anymore soft skill test
    Currently enrolling into WGU's IT - Security Program. Working on LPIC (1,2,3) and CCNA (and S) as long term goals and preparing for the Security+ and A+ as short term goals.
  • EANxEANx Member Posts: 1,077 ■■■■■■■■□□
    Ertaz wrote: »
    I'm going at the end of April. I can't wait to get my score. Should be fun.

    You late-March and April test-takers need to read closely:

    End Date: When 400 people have taken the beta or April 25, 2018.

    If you're planning on taking it in April, you have a pretty decent chance of having your testing fee refunded.
  • wd40wd40 Member Posts: 1,017 ■■■■□□□□□□
    EANx, People don't like to pay for Beta exams, so I think the Beta will be available until April.
  • fitzlopezfitzlopez Member Posts: 103 ■■■□□□□□□□
    EANx wrote: »
    You late-March and April test-takers need to read closely:

    End Date: When 400 people have taken the beta or April 25, 2018.

    If you're planning on taking it in April, you have a pretty decent chance of having your testing fee refunded.

    I read it that they close the sign up to the exam on April 25 or earlier if 400 people pony up their $50 dlls before the date.

    Cheers,
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    EANx wrote: »
    You late-March and April test-takers need to read closely:

    End Date: When 400 people have taken the beta or April 25, 2018.

    If you're planning on taking it in April, you have a pretty decent chance of having your testing fee refunded.

    I have heard the same thing. It seems that this may be one of their more popular beta exams.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • dizzy_kittydizzy_kitty Member Posts: 95 ■■■□□□□□□□
    if it's anything like the other CompTIA test it's mostly theory and headaches with no real substance

    after I finish the required CompTIA test for WGU I will not be taking anymore soft skill test


    What CompTIA soft skill test did you take? icon_confused.gif
  • EnderWigginEnderWiggin Member Posts: 551 ■■■■□□□□□□
    if it's anything like the other CompTIA test it's mostly theory and headaches with no real substance
    You would be wrong in that assumption.
  • atippettatippett Member Posts: 154
    Just got home from taking the beta. Obviously a multiple choice test will never outdo OSCP, but this one gets as close as it possibly can. Knowing the CEH material will not be enough to pass this, unless they make the cutting score incredibly low. There was a wide variety of technical topics, and you have to actually understand how the tools work to answer the questions. This test is going to make EC-Council irrelevant, which is amazing.




    There is no numbered score given.

    Just got done taking the Beta exam as well. I will have to agree with you, this exam was difficult. Although I don’t have a pentesting background, I have defensive cyber ops experience and thought I was going to do better than I did. Like said before, you have to fully understand the tools and how they work. Better have some scripting knowledge too. The CEH will be irrelevant and worthless once this certification becomes active and gains popularity.
  • dizzy_kittydizzy_kitty Member Posts: 95 ■■■□□□□□□□
    atippett wrote: »
    Just got done taking the Beta exam as well. I will have to agree with you, this exam was difficult. Although I don’t have a pentesting background, I have defensive cyber ops experience and thought I was going to do better than I did. Like said before, you have to fully understand the tools and how they work. Better have some scripting knowledge too. The CEH will be irrelevant and worthless once this certification becomes active and gains popularity.


    Interesting. Thanks for the feedback. Out of curiousity, does anyone know if you're allowed to purchase more than one beta exam if you don't feel like you did as well as you thought you did? Haven't taken mine yet but may ease the nerves.
  • EnderWigginEnderWiggin Member Posts: 551 ■■■■□□□□□□
    Interesting. Thanks for the feedback. Out of curiousity, does anyone know if you're allowed to purchase more than one beta exam if you don't feel like you did as well as you thought you did? Haven't taken mine yet but may ease the nerves.
    They have a limit of one attempt per person.
  • teezusteezus Registered Users Posts: 2 ■□□□□□□□□□
    EnderWiggin,

    Any chance you could share what you used to study or possible materials that would be beneficial to go over? Can't seem to find anything other than that pdf of the overview
  • shochanshochan Member Posts: 1,014 ■■■■■■■■□□
    ANY TE folks that are certified PenTesters already, how did you prepare for Pen Tester type of exams?

    Did you create a lab network at home, install several different OSes (XP/Vista/Server2003/2008 on old systems or VMs, managed switches, 2nd router, web server (IIS & Apache), secondary WAP? I guess you would want to do this so you can test some of the tools that are on the exam, right??




    Bueller, Bueller?? Anyone, Anyone??
    CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    shochan wrote: »
    ANY TE folks that are certified PenTesters already, how did you prepare for Pen Tester type of exams?
    Did you create a lab network at home, install several different OSes (XP/Vista/Server2003/2008 on old systems or VMs, managed switches, 2nd router, web server (IIS & Apache), secondary WAP? I guess you would want to do this so you can test some of the tools that are on the exam, right??

    Bueller, Bueller?? Anyone, Anyone??

    Unlicensed pentester here. :)
    Judging from the two feedbacks so far (thanks EnderWiggin and Atippet), I'm personally going to take this exam more seriously now.

    I've been involved in a few pentests at work. For the exam, whatever I'm not familiar with, I'll lab. I don't get much value out of memorizing tool names and what they're for flash card style.

    For example, I see the tool Responder is on the objectives. For me, I recall one engagement where a person on my team snuck into the target's building and plugged a device into their network successfully. Because of that, when I see the term Responder, I associate it with responder.py, which we used to grab ntlmv2 hashes for offline cracking using Hashcat and different masks, which also was a success.

    It would be a real challenge to recreate and lab out every single tool in the objectives I think.

    So I'm labbing, but only to fill in the 40% missing experience on tools I have never happened to use yet. I've used Medusa, Hydra, John the Ripper, but never Cewl so I'll lab that one. By labbing I mean virtualbox and whatever VMs appropriate to the scenario.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • dizzy_kittydizzy_kitty Member Posts: 95 ■■■□□□□□□□
    shochan wrote: »
    ANY TE folks that are certified PenTesters already, how did you prepare for Pen Tester type of exams?

    Did you create a lab network at home, install several different OSes (XP/Vista/Server2003/2008 on old systems or VMs, managed switches, 2nd router, web server (IIS & Apache), secondary WAP? I guess you would want to do this so you can test some of the tools that are on the exam, right??




    Bueller, Bueller?? Anyone, Anyone??

    Hey Shochan,

    A combination of EC-Council bootcamp and undergrad/graduate lab assignments and lectures helped me prep for CEH. If that's not an option for you I would consider purchasing a Udemy course (purchased one to brush up on a few topics). Much more affordable than the boot camp (company paid for it) and there are quite a few that provide quality review material/practice exams. I'd also play around with a few commands/network scanner. Consider looking at Nmap tutorials. There are a few Youtube videos that should help you to grasp commands and the types of scans/how and why they're used. Review:

    -Cryptography/Asymmetric & Symmetric Keys and Algorithms, Hashing,
    -Recognize Attack Methods
    -Recognize Famous Attacks
    -Regulations
    -Tools
    -Ports
    -Testing Methods

    I'm sure there's more to add to that list but I don't recall at the moment. May sound overwhelming but it really isn't. Like I said there are Udemy courses you can take to supplement your studies.
  • EnderWigginEnderWiggin Member Posts: 551 ■■■■□□□□□□
    teezus wrote: »
    EnderWiggin,

    Any chance you could share what you used to study
    Of course! I signed up for it last week, and spent no time studying for it whatsoever. I relied entirely on my existing knowledge base of work experience and at-home lab exercises I've done for fun.
  • teezusteezus Registered Users Posts: 2 ■□□□□□□□□□
    Haha glad that worked for you, any points of emphasis that helped or just too broad to specify? I work as a pen tester but just trying to gain a grasp of what I should be going over so I don't go flop.
  • atippettatippett Member Posts: 154
    Interesting. Thanks for the feedback. Out of curiousity, does anyone know if you're allowed to purchase more than one beta exam if you don't feel like you did as well as you thought you did? Haven't taken mine yet but may ease the nerves.

    The print out that you get after the exam says you can only take it 1 time. I will say, if I don’t pass, this will be one certification that I will DEFINITELY go after once it is out of Beta.
  • josephandrejosephandre Member Posts: 315 ■■■■□□□□□□
    shochan wrote: »
    ANY TE folks that are certified PenTesters already, how did you prepare for Pen Tester type of exams?

    Did you create a lab network at home, install several different OSes (XP/Vista/Server2003/2008 on old systems or VMs, managed switches, 2nd router, web server (IIS & Apache), secondary WAP? I guess you would want to do this so you can test some of the tools that are on the exam, right??




    Bueller, Bueller?? Anyone, Anyone??


    hackthebox, vulnhub, overthewire, metasploitable etc etc
  • shochanshochan Member Posts: 1,014 ■■■■■■■■□□
    CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP
  • EnderWigginEnderWiggin Member Posts: 551 ■■■■□□□□□□
    teezus wrote: »
    Haha glad that worked for you, any points of emphasis that helped or just too broad to specify? I work as a pen tester but just trying to gain a grasp of what I should be going over so I don't go flop.
    Points of emphasis would be penetration testing and vulnerability analysis. icon_wink.gif
Sign In or Register to comment.