CompTIA · 2026 Edition
A complete preparation guide written by CompTIA-certified engineers. Covers the exam format,all 5 blueprint domains, a week-by-week study plan, and proven tips for passing first time.
2–3 months
Prep time
Intermediate
Difficulty
85
Exam questions
750/1000
Pass mark
Exam code
PT0-002
Full name
CompTIA PenTest+
Vendor
CompTIA
Duration
165 minutes
Questions
85 items
Passing score
750/1000 (scaled)
Domains covered
5 blueprint domains
Recommended experience
Security+ and Network+ or 3–4 years of hands-on security and networking experience
Typical prep time
2–3 months
PenTest+ is the only vendor-neutral penetration testing certification with both knowledge-based and performance-based questions. It satisfies DoD 8570 requirements and validates the hands-on skills required for offensive security roles.
Job roles this opens
Domain percentage weights are not currently available for this exam. The checklist below is still useful for planning your study.
Weeks 1–2
Planning and Scoping: engagement types, legal considerations, scope definition
Tip: Rules of engagement, scope documents, and written authorisation are non-negotiable on PT0-002 — questions about what a tester should do before starting always have an answer involving verifying written permission. This is never ambiguous.
Weeks 3–4
Information Gathering and Vulnerability Scanning: passive/active recon, scan types
Tip: Know the tools by name and what they do: Nmap (port/service discovery), Shodan (passive OSINT), theHarvester (email/DNS harvesting), Maltego (relationship mapping), Nessus/OpenVAS (vulnerability scanning). Questions name a tool and ask what phase it belongs to or what output to expect.
Weeks 5–7
Attacks and Exploits: network, application, wireless, social engineering attacks
Tip: Attacks and Exploits carries 30% of the exam. Cover SQL injection, XSS, buffer overflow concepts, pass-the-hash, Kerberoasting, and wireless attacks (WPA2 cracking, evil twin). You need to recognise these by description and name the correct technique.
Weeks 8–10
Reporting, Communication, Tools, and Code Analysis
Tip: Report writing is tested on PT0-002. Know the components of a penetration test report: executive summary (for stakeholders), technical findings (for engineers), risk ratings (CVSS or custom), and remediation recommendations.
PT0-002 has performance-based questions involving command output interpretation. Know how to read Nmap output (ports, states, service versions) and basic exploit frameworks (Metasploit module structure) without running them live.
Post-exploitation techniques are tested: privilege escalation (local exploit, misconfigurations), persistence (scheduled tasks, registry run keys, cron jobs), lateral movement (PsExec, WMI, Pass-the-Hash), and pivoting (SSH tunnels, Metasploit routing).
OWASP Top 10 is directly testable. Know what each vulnerability is, what it looks like in a web request, and how to test for it. SQLi, XSS, IDOR, and SSRF are the most common question subjects.
Wireless attack tools: Aircrack-ng suite (packet capture, WEP/WPA cracking), Kismet (passive wireless discovery), and Wireshark (packet analysis). Know the difference between a deauthentication attack (forcing WPA handshake capture) and an evil twin attack.
Common scripting used in penetration testing: Bash one-liners for port sweeps, Python for custom exploit scripts, PowerShell for Windows post-exploitation. You will not write full scripts on the exam but will need to interpret short snippets.
Apply everything in this guide with adaptive practice questions, detailed answer explanations, and domain analytics.
Deep-dive explanations of the key topics tested on PT0-002 — with exam key points and common misconceptions.