Friday, 2 February 2018

PenTest+ Your Guide to CompTIA's New Penetration Testing Certification

Pentest+ Penetration Testing Certification Guide

This summer, CompTIA will introduce the PenTest+ certification, a new intermediate level cyber security qualification and exam to complement their existing security portfolio.

During CompTIA’s partner webinar, Firebrand Training got the first-look at this exciting cyber security certification. This is what we found out about the PenTest+ certification.

Why should you get the PenTest+ certification?

The PenTest+ is designed for professionals that launch penetration tests to find, exploit, report and manage vulnerabilities on a network. This certification also provides IT security beginners with a clear route into a career in penetration testing (also known as ethical hacking).

This brand-new CompTIA certification builds and assesses the most-up-to-date penetration testing, vulnerability assessment and management skills. You’ll also study cloud, mobile device and Internet of Things penetration testing.

To pass the PenTest+ exam, you must be able to customise assessment frameworks, collaborate on report findings and communicate recommended strategies to improve the state of IT security for your organisation or client.

The CompTIA PenTest+ exam domains are:

  1. Planning and Scoping – 15%
  2. Information Gathering and Vulnerability Identification – 22%
  3. Attacks and Exploits – 30%
  4. Penetration Testing Tools – 17%
  5. Reporting and Communication – 15%

Unlike other penetration testing certifications, such as GPEN, the PenTest+ focuses on vulnerability management. IT professionals are not only taught to find and exploit vulnerabilities, they’ll also build team work and management skills.

These skills are crucial for penetration testers that must work closely with a client or department to set up a testing environment, define permissions and untangle the legal requirements of a project.

When will the PenTest+ exam be released?

The PenTest+ exam launched in beta on January 31st 2018. Pass and fail information will not be available until the beta period ends in summer 2018. During the beta only a numbered score will be issued at the end of the exam.

The CompTIA PenTest+ beta exam is open and candidates can register now through Pearson Vue.

Once the beta period concludes, the full PenTest+ exam will be launched on July 31 2018. Additional exam details are as follows:

  • Exam code: PT1-001
  • Number of questions: Maximum of 110 items
  • Type of questions: Multiple choice and performance based
  • Length of test: 165 minutes
  • Exam provider: Pearson Vue
  • Language: English
  • Price: $50

The PenTest+ exam is performance-based and includes hands-on simulations in addition to multiple-choice questions, requiring you to perform penetration testing and vulnerability assessment tasks.

To prepare for these assessment, CompTIA recommend that candidates train with official providers that incorporate open-source penetration testing tools within their curriculum.

What are the PenTest+ prerequisites?

CompTIA recommend you have achieved the Network+ and Security+ certification or hold equivalent knowledge. You should also possess a minimum 2-3 years of hands-on information security or related work experience.

What job roles is the PenTest+ aimed at?

The PenTest+ is ideal for Penetration Tester and Vulnerability Tester roles. It also certifies skills relevant to roles like: Application Security Engineer, Security Analyst, Network Security Operations and Application Security Vulnerability professionals.

PenTest+ or the CySa+?

While CySa+ certification focuses on defence through incident detection and response, the PenTest+ teaches professionals how to launch attacks on systems, discover vulnerabilities and manage them effectively.

The PenTest+ sits alongside the CySA+ at the intermediate level of CompTIA’s cybersecurity career pathway (shown below). The PenTest+ and CySA+ can be attempted in any order, but CompTIA recommend candidates achieve the Security+ first.

PenTest+ certification pathway

While these two exams teach different skills, they are dependent on one another, state CompTIA. The most well-rounded cyber security professionals will hold both offensive and defensive skills, and will have achieved both the CySA+ and PenTest+.

How can I get PenTest+ certified?

Students aiming to attain the PenTest+ certification can choose to self-study and schedule the exam themselves or opt to train with official and unofficial training providers.

Firebrand Training is a CompTIA Platinum Partner and provides official CompTIA training. Achieve your PenTest+ certification with Firebrand and you'll study the most up-to-date curriculum, sit your exam just steps from the classroom and train 30% faster than traditional training.