CompTIA PenTest+
PenTest+ is the only offensive-security cert on the DoD 8570 / 8140 baseline for the CSSP-Analyst, CSSP-IR and CSSP-Auditor roles, which makes it the federal-procurement counterpart to CEH and OSCP. CompTIA's vendor-neutral framing and inclusion of planning, scoping and reporting (areas OSCP under-tests) makes it a useful complement to a hands-on cert. It is the cert that proves you can run an engagement end-to-end on paper.
Harder than Security+, far easier than OSCP. The performance-based items are short and rubric-graded; the value is its scoping/reporting coverage, not exploitation depth.
Cost, hours and exam shape.
- Vendor
- CompTIA
- Level
- Associate
- Exam style
- Multiple-choice + simulations
- Prep hours (median)
- ~140 hours
- Exam cost (USD)
- $404
- Difficulty
- 3/5
Pursue this if…
- You are in the US federal market and need an offensive cert on the DoD baseline (CSSP-Analyst/IR/Auditor).
- You want to round out an OSCP with formal scoping, rules-of-engagement and reporting coverage.
- You are pivoting from SOC into penetration testing and want a structured, end-to-end engagement framing.
- You are stacking CompTIA certs and want one that auto-recertifies Security+ and Network+.
What you actually sit.
PT0-002 exam: up to 85 multiple-choice and performance-based questions, 165 minutes, scaled score of 750/900. Performance-based questions cover real shell output, Nmap scans and code-review snippets.
Where you should be before you book.
- →Network+ and Security+ or equivalent knowledge
- →Three to four years of hands-on information-security or penetration-testing experience (recommended)
What is on the exam.
A study plan you can actually follow.
- Cover the five objective domains
Work the official CompTIA PenTest+ (PT0-002) study guide. Pay extra attention to planning/scoping and reporting — they are over-represented relative to OSCP-style prep.
- Get comfortable reading tool output
The performance-based items show real Nmap, shell and code-review snippets. Practise interpreting Bash/Python and Metasploit output rather than memorising flags.
- Lab the attack categories
Run a TryHackMe / HackTheBox path covering network, wireless, web and cloud post-exploitation so the categories are familiar, not abstract.
- Drill the question bank and book
Use a PT0-002 question bank to acclimate to the format, then schedule via Pearson VUE.
Where this cert opens doors.
From the operator side of the desk.
We track PenTest+ for federal-adjacent work and as a reporting / scoping reinforcement for OSCP-holding operators. The exam's emphasis on rules of engagement, written authorisation, scope creep and remediation guidance maps directly to the discipline gaps we see in OSCP-only candidates. We do not require it, but we recognise it as evidence the operator has thought about more than the exploit chain.
Questions people ask before booking.
PenTest+ vs OSCP — which is more valuable?+
OSCP is more valuable for delivering paid penetration tests — it is the hands-on cert clients and CREST recognise. PenTest+ is more valuable for getting through federal procurement and for proving you understand scoping, rules of engagement and reporting. They complement each other. If you can only do one and you intend to be a working pentester, OSCP. If you are in the US federal market or moving into pentest from a SOC role, PenTest+.
How hard is PenTest+ compared to OSCP?+
PenTest+ is significantly easier than OSCP. The performance-based questions are short, contained, and graded against a rubric. OSCP is 24 hours of free-form exploitation against a chained environment with a mandatory written report. PenTest+ proves you understand the concepts; OSCP proves you can execute them.
Does PenTest+ help with bug bounty?+
Minimally. PenTest+ is broad (network, wireless, cloud, app) but shallow. Bug bounty success comes from depth in a specific surface (web apps, mobile, source-code review) and a thousand hours on real targets. Use PenTest+ to round out your understanding of scoping and reporting; use Burp Suite practice, PortSwigger Academy and CVE deep-dives for bounty income.
Will employers in India recognise PenTest+?+
Less than OSCP, less than CEH, but recognised at MNCs, US-headquartered firms and any organisation with US federal exposure. Most Indian VAPT vendors and BFSI procurement specifically list CEH and OSCP; PenTest+ is treated as a 'nice to have' rather than a gate.
What is the maintenance cost?+
Three-year validity. Renewal through CompTIA's CertMaster CE programme (50 CEUs), higher-level certs that auto-renew (CASP+), training, authorship or conferences. PenTest+ recertifies Security+ and Network+ automatically, which is useful if you are stacking CompTIA certs.
Relevant AxVeil services and field notes.
Sibling certifications worth comparing.
Need a qualified team to deliver the engagement?
We can field operators with CompTIA PenTest+ (and the rest of the stack — OSCP, OSEP, CISSP, CISM) on engagements in 5 to 10 working days. Letter of Attestation includes the lead-tester credentials so your auditor can verify.