New Certification: CompTIA PenTest+
Comments
-
tedjames Member Posts: 1,182 ■■■■■■■■□□Having just finished eJPT, I'm really tempted to sign up for this beta exam. However, I'm supposed to be using this time to get caught up on projects around the house that I neglected while preparing for eJPT. Do I really need Pentest+? Probably not. Argh! I could stand to live without a deadline for awhile. Must...resist...urge...to...test....again!
-
SaSkiller Member Posts: 337 ■■■□□□□□□□Just heard about this. I can't see it in the market out of DoD and like someone said, maybe some management positions.OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
-
atippett Member Posts: 154I noticed on CompTIA's website that pass/fail information won't be available until Summer of 2018, but a numbered score will be given at the end of the exam. Can we assume that the passing number will be 750 like the CySA+?
-
yoba222 Member Posts: 1,237 ■■■■■■■■□□I noticed on CompTIA's website that pass/fail information won't be available until Summer of 2018, but a numbered score will be given at the end of the exam. Can we assume that the passing number will be 750 like the CySA+?
Take a look at the exam objectives pdf I posted earlier.
On that note:
"4.4: Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell)"
Overlooked that one the first time. Looks like programming is on the exam.A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
EnderWiggin Member Posts: 551 ■■■■□□□□□□Just got home from taking the beta. Obviously a multiple choice test will never outdo OSCP, but this one gets as close as it possibly can. Knowing the CEH material will not be enough to pass this, unless they make the cutting score incredibly low. There was a wide variety of technical topics, and you have to actually understand how the tools work to answer the questions. This test is going to make EC-Council irrelevant, which is amazing.
I noticed on CompTIA's website that pass/fail information won't be available until Summer of 2018, but a numbered score will be given at the end of the exam. Can we assume that the passing number will be 750 like the CySA+?
-
shochan Member Posts: 1,014 ■■■■■■■■□□I signed up for late April, but for you TE folks that are certified PenTesters already, how did you prepare for OSCP/CEH/etc exams?
Did you create a lab network at home, install several different OSes (XP/Vista/Server2003/200 on old systems or VMs, managed switches, 2nd router, web server (IIS & Apache), secondary WAP? I guess you would want to do this so you can test some of the tools that are on the exam, right??
Cheers & Hi5!CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP -
dizzy_kitty Member Posts: 95 ■■■□□□□□□□EnderWiggin wrote: »Just got home from taking the beta. Obviously a multiple choice test will never outdo OSCP, but this one gets as close as it possibly can. Knowing the CEH material will not be enough to pass this, unless they make the cutting score incredibly low. There was a wide variety of technical topics, and you have to actually understand how the tools work to answer the questions. This test is going to make EC-Council irrelevant, which is amazing.
There is no numbered score given.
Oh. From their PenTest+ page:
Passing Score
Pass/fail information will not be available until summer 2018; candidates will be notified. Only a numbered score is issued at the end of the beta exam. No exam objectives appear in beta exam results.
Would've been nice to compare scores for the hell of it. -
Ertaz Member Posts: 934 ■■■■■□□□□□dizzy_kitty wrote: »Oh. From their PenTest+ page:
Passing Score
Pass/fail information will not be available until summer 2018; candidates will be notified. Only a numbered score is issued at the end of the beta exam. No exam objectives appear in beta exam results.
Would've been nice to compare scores for the hell of it.
I'm going at the end of April. I can't wait to get my score. Should be fun. -
yoba222 Member Posts: 1,237 ■■■■■■■■□□750 points seems like a safe guess to me.A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
boxerboy1168 Member Posts: 395 ■■■□□□□□□□if it's anything like the other CompTIA test it's mostly theory and headaches with no real substance
after I finish the required CompTIA test for WGU I will not be taking anymore soft skill testCurrently enrolling into WGU's IT - Security Program. Working on LPIC (1,2,3) and CCNA (and S) as long term goals and preparing for the Security+ and A+ as short term goals. -
EANx Member Posts: 1,077 ■■■■■■■■□□I'm going at the end of April. I can't wait to get my score. Should be fun.
You late-March and April test-takers need to read closely:
End Date: When 400 people have taken the beta or April 25, 2018.
If you're planning on taking it in April, you have a pretty decent chance of having your testing fee refunded. -
wd40 Member Posts: 1,017 ■■■■□□□□□□EANx, People don't like to pay for Beta exams, so I think the Beta will be available until April.
-
fitzlopez Member Posts: 103 ■■■□□□□□□□You late-March and April test-takers need to read closely:
End Date: When 400 people have taken the beta or April 25, 2018.
If you're planning on taking it in April, you have a pretty decent chance of having your testing fee refunded.
I read it that they close the sign up to the exam on April 25 or earlier if 400 people pony up their $50 dlls before the date.
Cheers, -
stryder144 Member Posts: 1,684 ■■■■■■■■□□You late-March and April test-takers need to read closely:
End Date: When 400 people have taken the beta or April 25, 2018.
If you're planning on taking it in April, you have a pretty decent chance of having your testing fee refunded.
I have heard the same thing. It seems that this may be one of their more popular beta exams.The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia
Connect With Me || My Blog Site || Follow Me -
dizzy_kitty Member Posts: 95 ■■■□□□□□□□boxerboy1168 wrote: »if it's anything like the other CompTIA test it's mostly theory and headaches with no real substance
after I finish the required CompTIA test for WGU I will not be taking anymore soft skill test
What CompTIA soft skill test did you take? -
EnderWiggin Member Posts: 551 ■■■■□□□□□□boxerboy1168 wrote: »if it's anything like the other CompTIA test it's mostly theory and headaches with no real substance
-
atippett Member Posts: 154EnderWiggin wrote: »Just got home from taking the beta. Obviously a multiple choice test will never outdo OSCP, but this one gets as close as it possibly can. Knowing the CEH material will not be enough to pass this, unless they make the cutting score incredibly low. There was a wide variety of technical topics, and you have to actually understand how the tools work to answer the questions. This test is going to make EC-Council irrelevant, which is amazing.
There is no numbered score given.
Just got done taking the Beta exam as well. I will have to agree with you, this exam was difficult. Although I don’t have a pentesting background, I have defensive cyber ops experience and thought I was going to do better than I did. Like said before, you have to fully understand the tools and how they work. Better have some scripting knowledge too. The CEH will be irrelevant and worthless once this certification becomes active and gains popularity. -
dizzy_kitty Member Posts: 95 ■■■□□□□□□□Just got done taking the Beta exam as well. I will have to agree with you, this exam was difficult. Although I don’t have a pentesting background, I have defensive cyber ops experience and thought I was going to do better than I did. Like said before, you have to fully understand the tools and how they work. Better have some scripting knowledge too. The CEH will be irrelevant and worthless once this certification becomes active and gains popularity.
Interesting. Thanks for the feedback. Out of curiousity, does anyone know if you're allowed to purchase more than one beta exam if you don't feel like you did as well as you thought you did? Haven't taken mine yet but may ease the nerves. -
EnderWiggin Member Posts: 551 ■■■■□□□□□□dizzy_kitty wrote: »Interesting. Thanks for the feedback. Out of curiousity, does anyone know if you're allowed to purchase more than one beta exam if you don't feel like you did as well as you thought you did? Haven't taken mine yet but may ease the nerves.
-
teezus Registered Users Posts: 2 ■□□□□□□□□□EnderWiggin,
Any chance you could share what you used to study or possible materials that would be beneficial to go over? Can't seem to find anything other than that pdf of the overview -
shochan Member Posts: 1,014 ■■■■■■■■□□ANY TE folks that are certified PenTesters already, how did you prepare for Pen Tester type of exams?
Did you create a lab network at home, install several different OSes (XP/Vista/Server2003/2008 on old systems or VMs, managed switches, 2nd router, web server (IIS & Apache), secondary WAP? I guess you would want to do this so you can test some of the tools that are on the exam, right??
Bueller, Bueller?? Anyone, Anyone??CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP -
yoba222 Member Posts: 1,237 ■■■■■■■■□□ANY TE folks that are certified PenTesters already, how did you prepare for Pen Tester type of exams?
Did you create a lab network at home, install several different OSes (XP/Vista/Server2003/2008 on old systems or VMs, managed switches, 2nd router, web server (IIS & Apache), secondary WAP? I guess you would want to do this so you can test some of the tools that are on the exam, right??
Bueller, Bueller?? Anyone, Anyone??
Unlicensed pentester here.
Judging from the two feedbacks so far (thanks EnderWiggin and Atippet), I'm personally going to take this exam more seriously now.
I've been involved in a few pentests at work. For the exam, whatever I'm not familiar with, I'll lab. I don't get much value out of memorizing tool names and what they're for flash card style.
For example, I see the tool Responder is on the objectives. For me, I recall one engagement where a person on my team snuck into the target's building and plugged a device into their network successfully. Because of that, when I see the term Responder, I associate it with responder.py, which we used to grab ntlmv2 hashes for offline cracking using Hashcat and different masks, which also was a success.
It would be a real challenge to recreate and lab out every single tool in the objectives I think.
So I'm labbing, but only to fill in the 40% missing experience on tools I have never happened to use yet. I've used Medusa, Hydra, John the Ripper, but never Cewl so I'll lab that one. By labbing I mean virtualbox and whatever VMs appropriate to the scenario.A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
dizzy_kitty Member Posts: 95 ■■■□□□□□□□ANY TE folks that are certified PenTesters already, how did you prepare for Pen Tester type of exams?
Did you create a lab network at home, install several different OSes (XP/Vista/Server2003/2008 on old systems or VMs, managed switches, 2nd router, web server (IIS & Apache), secondary WAP? I guess you would want to do this so you can test some of the tools that are on the exam, right??
Bueller, Bueller?? Anyone, Anyone??
Hey Shochan,
A combination of EC-Council bootcamp and undergrad/graduate lab assignments and lectures helped me prep for CEH. If that's not an option for you I would consider purchasing a Udemy course (purchased one to brush up on a few topics). Much more affordable than the boot camp (company paid for it) and there are quite a few that provide quality review material/practice exams. I'd also play around with a few commands/network scanner. Consider looking at Nmap tutorials. There are a few Youtube videos that should help you to grasp commands and the types of scans/how and why they're used. Review:
-Cryptography/Asymmetric & Symmetric Keys and Algorithms, Hashing,
-Recognize Attack Methods
-Recognize Famous Attacks
-Regulations
-Tools
-Ports
-Testing Methods
I'm sure there's more to add to that list but I don't recall at the moment. May sound overwhelming but it really isn't. Like I said there are Udemy courses you can take to supplement your studies. -
EnderWiggin Member Posts: 551 ■■■■□□□□□□EnderWiggin,
Any chance you could share what you used to study -
teezus Registered Users Posts: 2 ■□□□□□□□□□Haha glad that worked for you, any points of emphasis that helped or just too broad to specify? I work as a pen tester but just trying to gain a grasp of what I should be going over so I don't go flop.
-
atippett Member Posts: 154dizzy_kitty wrote: »Interesting. Thanks for the feedback. Out of curiousity, does anyone know if you're allowed to purchase more than one beta exam if you don't feel like you did as well as you thought you did? Haven't taken mine yet but may ease the nerves.
The print out that you get after the exam says you can only take it 1 time. I will say, if I don’t pass, this will be one certification that I will DEFINITELY go after once it is out of Beta. -
josephandre Member Posts: 315 ■■■■□□□□□□ANY TE folks that are certified PenTesters already, how did you prepare for Pen Tester type of exams?
Did you create a lab network at home, install several different OSes (XP/Vista/Server2003/2008 on old systems or VMs, managed switches, 2nd router, web server (IIS & Apache), secondary WAP? I guess you would want to do this so you can test some of the tools that are on the exam, right??
Bueller, Bueller?? Anyone, Anyone??
hackthebox, vulnhub, overthewire, metasploitable etc etc -
shochan Member Posts: 1,014 ■■■■■■■■□□I found this out on the interwebs
37 Powerful Penetration Testing Tools For Every Penetration Tester — Software Testing HelpCompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP -
EnderWiggin Member Posts: 551 ■■■■□□□□□□Haha glad that worked for you, any points of emphasis that helped or just too broad to specify? I work as a pen tester but just trying to gain a grasp of what I should be going over so I don't go flop.