🔒

Prove you can run a pen test end to end with CompTIA PenTest+ (PT0-002)

A hands-on, vendor-neutral cert that tests the full engagement: scoping the work, finding the holes, exploiting them, and writing the report your client actually reads.

Questions
Max 85
Time Limit
165 minutes
Passing Score
750 / 900
Question Types
Multiple choice + PBQs
Version note: PT0-002 is the fourth edition of PenTest+. CompTIA has released a newer version (PT0-003), and the PT0-002 exam has been retired from delivery. If you are scheduling a new attempt, confirm the active version on CompTIA's site before you buy a voucher. Most of the skills below carry over, but the published objectives and domain weights differ between versions.

Is PenTest+ worth it?

PenTest+ is an offensive-security certification. Where Security+ asks you to defend and configure, PenTest+ puts you on the attacking side: scoping an engagement, gathering intel, scanning for weaknesses, exploiting them across networks, web apps, wireless, and cloud, then communicating what you found and how to fix it. It sits at an intermediate level, roughly after a year or two of hands-on security work.

It is worth most to people who want a junior-to-mid penetration tester, red team, or vulnerability analyst role and need a credential that survives an HR keyword filter. Because it is vendor-neutral and DoD 8140 / 8570-aligned, it also clears requirements for many government and defense-contractor positions where a specific cert is mandatory.

How it compares. Against OSCP, PenTest+ is broader but shallower: OSCP is a 24-hour, fully hands-on exploitation exam that proves you can actually pop boxes, while PenTest+ uses multiple-choice plus performance-based questions and also covers the parts of the job OSCP ignores, like scoping, legal/compliance, and reporting. Against CEH, PenTest+ leans more practical and is usually cheaper, whereas CEH carries more brand recognition with some recruiters and HR systems. A common path is PenTest+ to demonstrate the full methodology, then OSCP to prove deep exploitation skill.

It is not the right starting point if you have never touched a command line or a vulnerability scanner. Build a foundation with Network+ and Security+ first, then come back. And no certificate, this one included, guarantees a job or a passing score. It opens doors; the hands-on practice you do is what walks you through them.

What's on the PT0-002 exam

The exam delivers up to 85 multiple-choice and performance-based questions in 165 minutes, scored on a 100–900 scale with a passing mark of 750. The performance-based questions (PBQs) are the part most people underestimate: they drop you into a simulated scenario where you select tools, interpret output, or order the steps of an engagement, so rote memorization alone will not carry you. CompTIA splits the objectives across five domains:

Attacks and Exploits
30%

The largest domain. Network, wireless, application-based, cloud, and host attacks, plus social engineering and post-exploitation. Described conceptually: you should understand what a SQL injection, password attack, or privilege-escalation technique does and when to use it, not just recite payloads.

Information Gathering & Vuln Scanning
22%

Active and passive reconnaissance, enumeration, and running and interpreting vulnerability scans. Knowing how to read scanner output and prioritize findings matters as much as launching the scan.

Reporting and Communication
18%

Writing findings, recommending remediation, scoping follow-up, and communicating with the client. The domain people skip and then lose points on. A pen test that nobody can act on has no value.

Tools and Code Analysis
16%

Recognizing common pentest tools and reading short scripts in Bash, Python, PowerShell, and Ruby. You do not have to be a developer, but you must be able to tell what a snippet does.

Planning and Scoping
14%

Governance, risk, compliance, rules of engagement, legal agreements, and scoping the assessment. Small percentage, easy points if you study it, because the answers are rules-based rather than technical.

Always check the current exam objectives PDF on CompTIA's site before your sitting; weights and sub-objectives can change between exam revisions.

Exam at a glance

Exam code PT0-002
Number of questions Maximum of 85
Question format Multiple choice and performance-based questions (PBQs)
Time limit 165 minutes
Passing score 750 on a scale of 100–900
Exam cost Approximately $404 USD (confirm current pricing on CompTIA's site)
Recommended experience Network+, Security+, or equivalent, plus 3–4 years of hands-on security work
Delivery Pearson VUE, online-proctored or at a testing center
Vendor CompTIA

How to study for PenTest+

PenTest+ rewards methodology over trivia. Anchor your study to the standard engagement flow (plan and scope, gather information, scan, attack and exploit, then report), and learn where each tool and technique fits in that flow. The PBQs reward exactly this kind of process knowledge.

Learn the tool categories, not 50 flags

Know which tool does what and why: Nmap for discovery and scanning, Burp Suite for web app testing, the Metasploit Framework for exploitation, Hashcat or John for password attacks, Wireshark for traffic analysis. The exam tests recognition and selection more than exact syntax.

Build a home lab

Stand up a safe, isolated lab and practice on systems you own or are authorized to test. Vulnerable VMs and intentionally insecure web apps let you see real scanner and exploit output, which makes the PBQs feel familiar instead of foreign.

Read short scripts out loud

Practice tracing what a few lines of Bash, Python, PowerShell, or Ruby actually do. You are not writing exploits from scratch; you are proving you can read a snippet and predict its behavior under the Tools and Code Analysis domain.

Do not skip scoping and reporting

Together these domains are nearly a third of the exam and they are the easiest points to earn. Memorize the legal documents, rules of engagement, and how to structure a findings report with clear remediation.

Ethics and authorization first. Every technique on this exam is legal only against systems you own or have explicit written permission to test. Running scans or exploits against anything else is a crime in most jurisdictions. PenTest+ tests this on purpose, because authorization is the line between a pen tester and an attacker.

Why practice questions matter

Reading a study guide tells you whether you recognize a concept. Practice questions tell you whether you can apply it under exam conditions, which is a different and harder skill. For a scenario-heavy exam like PenTest+, that gap is where most failed attempts live.

Working through questions does three things a textbook cannot. It surfaces the topics you only think you know, so you stop wasting review time on material you have already mastered. It trains your pacing, so 85 questions in 165 minutes feels like a rhythm rather than a sprint. And it teaches you to dissect CompTIA's question style, where two answers are technically true but only one is the best choice for the scenario.

GetMyCert's PenTest+ questions are original items written to mirror the structure and difficulty of the real domains, each with a plain-language explanation of why the right answer is right and why the tempting distractors are wrong. They are study aids, not copies of live exam content.

Official resources

Always cross-check exam details against CompTIA directly before you book:

Official certification page
CompTIA's overview, current exam version, pricing, and objectives for PenTest+
Visit →
Exam objectives (PDF)
Download the detailed objectives to confirm domains, weights, and sub-topics
Learn →
Practice on GetMyCert
Original PenTest+ practice questions with explanations, free to start
Practice →

PenTest+ (PT0-002) FAQ

How many questions are on the PT0-002 exam?
Up to 85 questions, a mix of multiple-choice and performance-based questions (PBQs).
What is the passing score for PenTest+ PT0-002?
750 on a scale of 100 to 900. There is no fixed percentage; the scaled score accounts for question difficulty.
How long is the PT0-002 exam?
165 minutes. With up to 85 questions, that is roughly two minutes each, but PBQs take longer, so budget your time and flag tough items to revisit.
What are the five PT0-002 domains and their weights?
Attacks and Exploits (30%), Information Gathering and Vulnerability Scanning (22%), Reporting and Communication (18%), Tools and Code Analysis (16%), and Planning and Scoping (14%).
How much does the PenTest+ exam cost?
Approximately $404 USD for a single voucher at the time of writing. Pricing varies by region and over time, so confirm the current price on CompTIA's site before purchasing.
PenTest+ vs OSCP, which should I take?
PenTest+ is broader and covers scoping, compliance, and reporting alongside exploitation, using multiple-choice and PBQs. OSCP is a deep, fully hands-on 24-hour exploitation exam. Many testers do PenTest+ first for the full methodology, then OSCP to prove practical depth.
Do I need experience before taking PenTest+?
It is intermediate-level. CompTIA recommends Network+ and Security+ knowledge plus three to four years of hands-on information-security experience. Beginners should build that foundation first.
Is PT0-002 still the current version?
CompTIA has released a newer version (PT0-003), and PT0-002 has been retired from delivery. Confirm the active exam version on CompTIA's site before scheduling. The underlying skills overlap heavily, but the published objectives and weights differ between versions.

Related Study Guides

CompTIA PenTest+ Certification: Penetration Testing Career Path
Read the guide →

Practice the way the exam actually tests you

Original PenTest+ practice questions with clear explanations. Start free, see where you stand, and close the gaps before exam day.

Start Practicing Free

Study CompTIA PenTest+ (PT0-002) by exam domain & topic →