Passed Pentest+

All,

Just wanted to share with the community that I took and passed the Pentest+ exam today.

Background: I took the Pentest+ Beta exam back in May. I honestly didn't study for it. I ended up failing with a score of 711. I was pretty disappointed and swore I'd retake the exam.

Study Resources: Used the Mike Chapple book published by Sybex.

https://www.amazon.com/CompTIA-PenTest-Study-Guide-PT0-001/dp/1119504228/ref=sr_1_1?ie=UTF8&qid=1542305792&sr=8-1&keywords=pentest+&dpID=51FhqdzAoUL&preST=_SX218_BO1,204,203,200_QL40_&dpSrc=srch

Admittedly, I read the book in about five days, which didn't allow me to develop a study guide or practice the labs.

Without remembering the exam much, I felt confident I could take and pass the exam based on the material in the book.

It's snowing in the DMV today.

The testing center!! It was a bit unprofessional. I handed them my wallet and keys and they threw it in a file cabinet drawer. There was someone sitting directly behind me taking a test. But I'm not the Pearson Vue/Prometric police. I just hope there's not any errant charges on my credit card, etc.

The exam: It followed the same format as current CompTIA exams. Simulations then multiple choice questions.

And that's when the worry started. Without breaking NDA, I had concerns over the simulations. They were web site/application or scripting related. These were definitely my weak areas. I only completed two out of the five and submitted to just guessing the other three.

The multiple-choice questions were the usual CompTIA fare. Two far-fetched wrong answers, one right and one sort of okay answer.

Since I didn't really spend much time on the simulations, I breezed through the questions.

Didn't feel confident when I hit the submit button but surprisingly I passed with a 781. Not as high as I wanted but I definitely had some glaring weak areas.

If anyone uses the Chapple book, I would supplement your web site/application, scripting, false positive/true positive, Ghost (I think this a Linux thing). My point is review the test objectives/topics, ensure you either do research or have supplemental. Labbing is probably a plus. Kali, metasploitable 2/3, Windows eval, etc.

Pondering the CGEIT next then Linux+ then GCIH/GPEN.

Find more posts tagged with

Comments

coffeeluvr

Congratulations on the pass!!

spiderjericho

Still getting used to the site. I wanted to add that the test is legit.

obviously my only Pentesting examination gauge are CEH and GPEN.

You definitely have to know your stuff (from a high novice/low intermediate level). I feel like CEH was port, TCP communication and attack memorization. This test deals more with the pentesting process, actual knowledge of the tools, exploits and attacks.

Again, I’d recommend maybe adding a video course and practice test toyour studying.

Despite the poor reputation, CASP, CYSA+ and Pentest+ exams and content are quality. Maybe not OFFSEC or SANS quality but very solid.

ThePawofRizzo

Congrats. This one is on my list.

DntH8Me

Congrats, this is definitely on my list. I scheduled the beta as well but didn't go sit for it (which I regret). At the time I felt it would have been a waist of time since I hadn't studied, but I should have at least attempted. I guess I'lll put it on the schedule for early next year

securitychops

a pass is a pass, congratulations!

COBOL_DOS_ERA

Congrats on the pass!! a pass is a pass.

NavyMooseCCNA

Congrats on the pass. I just got Chapple's book and I'm reading it. I'm working on a Kali course on Udemy, a Metasploit course on Cybrary, and this weekend I'm going to binge watch IT ProTV's Pentest+ course.

In case you don't know; this weekend IT ProTV will have free CompTIA video courses

Johnhe0414

Congrats! This is one certification that i would like to study for.

Mooseboost

Congrats on the pass!

spiderjericho

Johnhe0414 said:

Congrats! This is one certification that i would like to study for.

I would definitely recommend studying Pentest+ after CySa+. There is some overlap.

NavyMooseCCNA

At this point I'm not sure I can recommend Chapple's book. The screenshots have an incredibly small font and even with my reading glasses I can't read most of them. I downloaded the PPT files that go along with the book and the screenshots were not shown. I sent Chapple an email asking if the screenshots are available as a download and I am still waiting for a response.

charismaticx

How would you rate the difficulty for the exam? I plan on using the Jason Dion Udemy course to prep for the exam.

spiderjericho

That’s actually a good question.

Maybe a 6-7.5/10. Maybe. It’s definitely an intermediate exam in difficulty.

The bar is set high enough, 750, and you can’t not know the material and pass the exam either.

Ive faked the funk on CISSP by having a manager mentality, and at the time, a semi decent security knowledge. And passed many of the ISACA based on low passing scores.

I failed this exam with a 711 on my first attempt. And I’d say my mastery of the material today is still hazy on Scripts/Websites.

I really don’t know what the reputation of CompTIA is at the moment. But I feel like CySa+, Pentest+ and CASP are all legit cybersecurity exams.

charismaticx

I took CySA the beginning of the year because I had my eye on it after it came out. I will say it it has an intermediate difficulty but compared to GCIH it wasn’t too bad. CASP wasn’t too bad either but it did require some level of experience to answer those questions. I have the opportunity to work with the pen testing team at my work so I’m trying to prep up. Pentest + has really caught my eye but not too many people talk about it.

spiderjericho

Well, all of CompTIA’s intermediate exams reputation is pretty low outside of contractors/federal/military pursuing DoD 8570/8140 compliance.

There is is no demand for them.

SANS has the reputation of being highly sought, quality training. OFFSEC has reverence for being difficult, hands on certifications. CISSP for whatever reason has been popular for two decades and gold standard for infosec.

The easy answer is to pursue eCCPT or OSCP for Pentesting validation. Or attend GPEN and GXPN if your job is willing to pay for it.

Pentest+ offers a cheap avenue to learn semi intermediate pen testing skills. Buy book(s), download Kali, Metasploitable 2/3, Windows, etc.

I enjoyed the Chapple book (though it wasn’t complete) and what I learned. The test validated that.

ahardinjr

Congrats!

charismaticx

For now I will work on CISM and I have my eyes set GCIA. Maybe I can find a way to take GPEN.