Failed Pentest+
Hi guys,
I humbly report that after watching Jason Deions highly rated Pentest+ training video, doing all the chapter questions in the Pentest+ Study Guide (Mike Chapple), and completing all the 600+ practice questions in the CompTIA Pentest+ Practice Tests (Crystal Panek, Rob Tracy) I still failed the exam steeply (588/1000). I was especially clueless when it came to constructing a Python script and identifying the Nmap commands when shown an Nmap scan result.
Do any of y'all have any constructive tips? Personally, I thought this place would be the best place for a first stop as I begin to re-strategize. Thanks in advance for suggestions, tips, an participation.
Summary of my study materials:
- Jason Deions highly rated Pentest+ training video
- Pentest+ Study Guide (Mike Chapple)
- 600+ practice questions in the CompTIA Pentest+ Practice Tests (Crystal Panek, Rob Tracy)
I humbly report that after watching Jason Deions highly rated Pentest+ training video, doing all the chapter questions in the Pentest+ Study Guide (Mike Chapple), and completing all the 600+ practice questions in the CompTIA Pentest+ Practice Tests (Crystal Panek, Rob Tracy) I still failed the exam steeply (588/1000). I was especially clueless when it came to constructing a Python script and identifying the Nmap commands when shown an Nmap scan result.
Do any of y'all have any constructive tips? Personally, I thought this place would be the best place for a first stop as I begin to re-strategize. Thanks in advance for suggestions, tips, an participation.
Summary of my study materials:
- Jason Deions highly rated Pentest+ training video
- Pentest+ Study Guide (Mike Chapple)
- 600+ practice questions in the CompTIA Pentest+ Practice Tests (Crystal Panek, Rob Tracy)
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Tagged:
Comments
-
JDMurray Admin Posts: 13,099 AdminI only took the Pentest+ beta exam, but I'd say the number of items requiring the ability to read code (Python, Ruby, Perl, etc.) probably surprises most exam takers. The only way you can learn to read code is by writing it. (Becoming a competent programmer is practice, practice, practice.) Command line arguments for the popular tools (nmap, hping3, etc.) were a weak point with me on both Pentest+ and the CEH. It sounds like you need to be more familiar with reading the output of popular tools as well.
-
Elitis Member Posts: 50 ■■■□□□□□□□I'd recommend labbing. Play around with nmap and other tools a bit. Write a script or two using Python, Powershell, Bash, etc. The sybex book (the one you're using) was very helpful to me when I took the exam as well. So maybe go after the chapters regarding scripting and drill those until you can at least make out a line or two in a script.
-
egrizzly Member Posts: 533 ■■■■■□□□□□Thanks guys. I actually plan on reading the book in it's entirety this second time around. I'll patiently take Udemy courses on Python, Pearl, Bash, Powershell scripting as well.B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
-
egrizzly Member Posts: 533 ■■■■■□□□□□It was the exact same situation for me @Aharrell . The certification preparation community should really seriously get simulated exam questions for Pentest+ that kinda sort of match the real exam questions. There's really none at all today besides those 75 questions from Jason Dion. Companies like Transcenders and Boson used to make some awesome simulated exam questions but for some reason they've omitted Pentest+
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+ -
Aharrell Member Posts: 18 ■■■□□□□□□□>make some awesome simulated
I wonder if the PenTest+ has a large enough market share to warrant someone producing content for it? I can see why CompTIA has it (for now)... but much like their old Health Care Technician cert - if the demand isn't there - they'll retire it. Junior PenTester, OSCP, or GPEN seem to be the leaders in that space. Does CompTIA publish numbers on how many holders of specific certs there are?M.Sc, CDPSE, CGEIT, CISA, CISM, CISSP, CISSP-ISSMP, CRISC, CySA+, HCISPP, ITIL, PenTest+, PMP, Project+, Sec+ -
egrizzly Member Posts: 533 ■■■■■□□□□□Aharrell said:>make some awesome simulated
I wonder if the PenTest+ has a large enough market share to warrant someone producing content for it? I can see why CompTIA has it (for now)... but much like their old Health Care Technician cert - if the demand isn't there - they'll retire it. Junior PenTester, OSCP, or GPEN seem to be the leaders in that space. Does CompTIA publish numbers on how many holders of specific certs there are?
I've since scouted the practice test resources for CEH. Both Boson and CyberVista (formerly Transcenders) have a serious simulation exam for the CEH unlike the Pentest+ that has zero tests from either of these two vendors. I'm therefore whole-heartedly zeroed in on this certification path.B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+ -
spiderjericho Registered Users, Member Posts: 896 ■■■■■□□□□□Aharrell said:>make some awesome simulated
I wonder if the PenTest+ has a large enough market share to warrant someone producing content for it? I can see why CompTIA has it (for now)... but much like their old Health Care Technician cert - if the demand isn't there - they'll retire it. Junior PenTester, OSCP, or GPEN seem to be the leaders in that space. Does CompTIA publish numbers on how many holders of specific certs there are?My advice is to look at the score report and review/brush up on your weak areas. It’s been two years since I took it, but you had to have a decent knowledge of code languages. Which was one of my issues the first time I took it. Best approach might be to lab it. Not sure if there are labs in the Sybex book (I felt like there were for the last iteration of CySA). -
JDMurray Admin Posts: 13,099 Admin
The CEH is one freaking-expensive exam for what you get. Is your employer paying for it? What kind of ROI do you expect to get for having it? -
JDMurray Admin Posts: 13,099 Adminspiderjericho said:
I’d ask that question for CASP. That was the first one they rolled out followed by CySA+ and Pentest+.
CASP was originally a security administrator's cert and was the first cert in CompTIA's new mid-level certification tier. CompTIA never released any other mid-level certs and ended up rebranding CASP with a "+". I assume this was in response to market trends/demands/competition and the recognition the "+" gives their brand (and may increase its ROI). If CompTIA ever again wants to create a new tier of certs they should come up with a completely unique certification naming convention that doesn't begin with "C" or end with "+". -
charismaticx Member Posts: 163 ■■■■□□□□□□The sybex CEH book covers a majority of the nmap switches. However, that may seem unrealistic or unfeasible to some. Have you thought about looking up the man pages go nmap? That would probably point you in the right direction.As for python, it may help you to find some old scripts. Even though python is “easy” to learn. It does take some time to get better at understanding the concepts.
Certs: Sec +, GSEC, GCED, GCIH, CEH, CySA, GSNA, CASP, PenTest + , GCIA, APTC, Linux +, AWS CCP, CISM, GPEN, GCWN, GSLC, GCCC, PCNSA, AWS Solutions Architect
Goals: PNPT; OSCP; GPYC; GSE