Passed Pentest+

spiderjerichospiderjericho Registered Users, Member Posts: 896 ■■■■■□□□□□

All,

Just wanted to share with the community that I took and passed the Pentest+ exam today.

Background: I took the Pentest+ Beta exam back in May. I honestly didn't study for it. I ended up failing with a score of 711. I was pretty disappointed and swore I'd retake the exam.

Study Resources: Used the Mike Chapple book published by Sybex.

https://www.amazon.com/CompTIA-PenTest-Study-Guide-PT0-001/dp/1119504228/ref=sr_1_1?ie=UTF8&qid=1542305792&sr=8-1&keywords=pentest+&dpID=51FhqdzAoUL&preST=_SX218_BO1,204,203,200_QL40_&dpSrc=srch

Admittedly, I read the book in about five days, which didn't allow me to develop a study guide or practice the labs.

Without remembering the exam much, I felt confident I could take and pass the exam based on the material in the book.

It's snowing in the DMV today.

The testing center!! It was a bit unprofessional. I handed them my wallet and keys and they threw it in a file cabinet drawer. There was someone sitting directly behind me taking a test. But I'm not the Pearson Vue/Prometric police. I just hope there's not any errant charges on my credit card, etc.


The exam: It followed the same format as current CompTIA exams. Simulations then multiple choice questions.

And that's when the worry started. Without breaking NDA, I had concerns over the simulations. They were web site/application or scripting related. These were definitely my weak areas. I only completed two out of the five and submitted to just guessing the other three.

The multiple-choice questions were the usual CompTIA fare. Two far-fetched wrong answers, one right and one sort of okay answer.


Since I didn't really spend much time on the simulations, I breezed through the questions.

Didn't feel confident when I hit the submit button but surprisingly I passed with a 781. Not as high as I wanted but I definitely had some glaring weak areas.

If anyone uses the Chapple book, I would supplement your web site/application, scripting, false positive/true positive, Ghost (I think this a Linux thing). My point is review the test objectives/topics, ensure you either do research or have supplemental. Labbing is probably a plus. Kali, metasploitable 2/3, Windows eval, etc.

Pondering the CGEIT next then Linux+ then GCIH/GPEN.

Comments

  • coffeeluvrcoffeeluvr Member Posts: 734 ■■■■■□□□□□
    Congratulations on the pass!!
    "Something feels funny, I must be thinking too hard. - Pooh"
  • spiderjerichospiderjericho Registered Users, Member Posts: 896 ■■■■■□□□□□
    edited November 2018
    Still getting used to the site. I wanted to add that the test is legit.

    obviously my only Pentesting examination gauge are CEH and GPEN. 

    You definitely have to know your stuff (from a high novice/low intermediate level). I feel like CEH was port, TCP communication and attack memorization. This test deals more with the pentesting process, actual knowledge of the tools, exploits and attacks.

    Again, I’d recommend maybe adding a video course and practice test toyour studying. 

    Despite the poor reputation, CASP, CYSA+ and Pentest+ exams and content are quality. Maybe not OFFSEC or SANS quality but very solid.
  • ThePawofRizzoThePawofRizzo Member Posts: 389 ■■■■□□□□□□
    Congrats.  This one is on my list.
  • DntH8MeDntH8Me Member Posts: 73 ■■■□□□□□□□
    Congrats, this is definitely on my list. I scheduled the beta as well but didn't go sit for it (which I regret). At the time I felt it would have been a waist of time since I hadn't studied, but I should have at least attempted. I guess I'lll put it on the schedule for early next year :neutral:  
    2019 Certification Goals: ​CEH | PenText + | CISM? | stop procrastinating
  • securitychopssecuritychops Member Posts: 52 ■■■□□□□□□□
    a pass is a pass, congratulations!  :)
    Current Certs   : OSCE, OSCP, CISSP, Pentest+, Security+, SLAE, SLAE64
    Goals for 2019 : OSEE
    Goals for 2020 : OSWE
  • COBOL_DOS_ERACOBOL_DOS_ERA Member Posts: 205 ■■■■■□□□□□
    Congrats on the pass!! a pass is a pass.
    CISM, CRISC, CGEIT, PMP, PMI-ACP, SEC+, ITIL V3, A-CSM. And Many More.
  • NavyMooseCCNANavyMooseCCNA Member Posts: 544 ■■■■□□□□□□
    Congrats on the pass. I just got Chapple's book and I'm reading it. I'm working on a Kali course on Udemy, a Metasploit course on Cybrary, and this weekend I'm going to binge watch IT ProTV's Pentest+ course.

    In case you don't know; this weekend IT ProTV will have free CompTIA video courses

    'My dear you are ugly, but tomorrow I shall be sober and you will still be ugly' Winston Churchil

  • Johnhe0414Johnhe0414 Registered Users Posts: 191 ■■■■■□□□□□
    Congrats! This is one certification that i would like to study for.
    Current: Network+ | Project+ 
    Working on: PMP
  • MooseboostMooseboost Member Posts: 778 ■■■■□□□□□□
    Congrats on the pass!
  • spiderjerichospiderjericho Registered Users, Member Posts: 896 ■■■■■□□□□□
    Congrats! This is one certification that i would like to study for.
    I would definitely recommend studying Pentest+ after CySa+. There is some overlap.
  • NavyMooseCCNANavyMooseCCNA Member Posts: 544 ■■■■□□□□□□
    At this point I'm not sure I can recommend Chapple's book. The screenshots have an incredibly small font and even with my reading glasses I can't read most of them. I downloaded the PPT files that go along with the book and the screenshots were not shown. I sent Chapple an email asking if the screenshots are available as a download and I am still waiting for a response.

    'My dear you are ugly, but tomorrow I shall be sober and you will still be ugly' Winston Churchil

  • charismaticxcharismaticx Member Posts: 163 ■■■■□□□□□□
    How would you rate the difficulty for the exam? I plan on using the Jason Dion Udemy course to prep for the exam. 

    Certs: Sec +, GSEC, GCED, GCIH, CEH, CySA, GSNA, CASP, PenTest + , GCIA, APTC, Linux +, AWS CCP, CISM, GPEN, GCWN, GSLC, GCCC, PCNSA, AWS Solutions Architect

    Goals: PNPT; OSCP; GPYC; GSE
  • spiderjerichospiderjericho Registered Users, Member Posts: 896 ■■■■■□□□□□
    edited December 2018
    That’s actually a good question.

    Maybe a 6-7.5/10. Maybe. It’s definitely an intermediate exam in difficulty.

    The bar is set high enough, 750, and you can’t not know the material and pass the exam either.

    Ive faked the funk on CISSP by having a manager mentality, and at the time, a semi decent security knowledge. And passed many of the ISACA based on low passing scores.

    I failed this exam with a 711 on my first attempt. And I’d say my mastery of the material today is still hazy on Scripts/Websites.

    I really don’t know what the reputation of CompTIA is at the moment. But I feel like CySa+, Pentest+ and CASP are all legit cybersecurity exams. 
  • charismaticxcharismaticx Member Posts: 163 ■■■■□□□□□□
    I took CySA the beginning of the year because I had my eye on it after it came out. I will say it it has an intermediate difficulty but compared to GCIH it wasn’t too bad. CASP wasn’t too bad either but it did require some level of experience to answer those questions. I have the opportunity to work with the pen testing team at my work so I’m trying to prep up. Pentest + has really caught my eye but not too many people talk about it. 

    Certs: Sec +, GSEC, GCED, GCIH, CEH, CySA, GSNA, CASP, PenTest + , GCIA, APTC, Linux +, AWS CCP, CISM, GPEN, GCWN, GSLC, GCCC, PCNSA, AWS Solutions Architect

    Goals: PNPT; OSCP; GPYC; GSE
  • spiderjerichospiderjericho Registered Users, Member Posts: 896 ■■■■■□□□□□
    edited December 2018
    Well, all of CompTIA’s intermediate exams reputation is pretty low outside of contractors/federal/military pursuing DoD 8570/8140 compliance.

    There is is no demand for them.

    SANS has the reputation of being highly sought, quality training. OFFSEC has reverence for being difficult, hands on certifications. CISSP for whatever reason has been popular for two decades and gold standard for infosec. :/

    The easy answer is to pursue eCCPT or OSCP for Pentesting validation. Or attend GPEN and GXPN if your job is willing to pay for it. 

    Pentest+ offers a cheap avenue to learn semi intermediate pen testing skills. Buy book(s), download Kali, Metasploitable 2/3, Windows, etc.

    I enjoyed the Chapple book (though it wasn’t complete) and what I learned. The test validated that.
  • ahardinjrahardinjr Member Posts: 37 ■■■□□□□□□□
    Congrats!
    WGU MS:IT - Network Management
    MBA - Information Assurance Mgmt
  • charismaticxcharismaticx Member Posts: 163 ■■■■□□□□□□
    edited April 2019
    For now I will work on CISM and I have my eyes set GCIA. Maybe I can find a way to take GPEN. 

    Certs: Sec +, GSEC, GCED, GCIH, CEH, CySA, GSNA, CASP, PenTest + , GCIA, APTC, Linux +, AWS CCP, CISM, GPEN, GCWN, GSLC, GCCC, PCNSA, AWS Solutions Architect

    Goals: PNPT; OSCP; GPYC; GSE
Sign In or Register to comment.