Questions
85
Time limit
165 min
Passing score
750 / 900
Format
MCQ + PBQs
CompTIA PenTest+ validates intermediate offensive-security skills. PT0-003 covers planning & scoping, information gathering & vulnerability scanning, attacks & exploits, reporting & communication, and tools & code analysis. Unlike OSCP, it emphasises the full engagement lifecycle — not just the attack.
Prerequisites
Network+ and Security+ recommended, plus 3–4 years of hands-on info-sec experience. Comfort with Linux, scripting (Python/Bash), and common pentest tools is required.
Career outcomes
Five focus areas with the weight each domain carries on the real exam. We have practice questions and PBQs for every domain.
Planning & Scoping
Rules of engagement, scope, legal/compliance, target prioritization.
Information Gathering & Vulnerability Scanning
OSINT, scanning, enumeration, vuln identification.
Attacks & Exploits
Network, app, social-engineering, wireless, physical attacks.
Reporting & Communication
Findings reports, remediation recommendations, stakeholder briefings.
Tools & Code Analysis
Nmap, Burp, Metasploit; Bash/Python script analysis.
Curated MCQs
Hundreds of PenTest+ MCQs aligned to every objective. Filter by domain, difficulty, or take a full timed exam.
6 PBQ simulation types
Firewall configs, log analysis, terminal investigations, network configs, drag-drops, troubleshoot wizards — exam-realistic.
Video lessons by domain
Walkthroughs for each PenTest+ domain. Watch, then quiz yourself.
AI tutor on every question
Stuck? Ask the AI tutor. It's grounded in this cert's objectives, not generic web answers.
Flashcards with spaced repetition
AI-generated decks for each domain. Review the cards you keep getting wrong.
Per-domain analytics
See exactly which PenTest+ domains need more work. Stop guessing what to study.
Based on what we've seen work for PenTest+ candidates. Adjust to your pace — most people land between 4 and 10 weeks.
Week 1
Planning & scoping + ROE templates. Often underestimated.
Week 2–3
Recon + vulnerability scanning. Get hands-on with Nmap, Nessus/OpenVAS.
Week 4–6
Attacks & exploits — the biggest and hardest domain. Lab heavily.
Week 7
Reporting + tool/code analysis + practice exams.
Is PenTest+ a substitute for OSCP?
Not directly — OSCP is a 24-hour hands-on practical exam. PenTest+ is multiple-choice + PBQs covering the full engagement lifecycle including reporting. They're complementary; many pros hold both.
Do I need scripting experience?
Some. PT0-003 tests reading/understanding short Bash and Python snippets. You don't need to write code from scratch.