Cybersecurity cert-prep add-on

CompTIA PenTest+ Exam Prep Add-On

Convert DevSecOps Fundamentals into a PenTest+ (PT0-003) ramp covering the full engagement lifecycle.

$147 add-on55h additional studyTarget exam: CompTIA PenTest+Exam fee: $404

What the add-on ships

++Four domain reviews mapped to the official CompTIA PenTest+ PT0-003 exam objectives
++Four full-length 85-question mock exams in PBQ format
++Engagement scoping and rules-of-engagement worked documents
++Reporting templates that align with what enterprise customers expect
++Direct link to the official CompTIA exam blueprint as the canonical reference

Built on the parent course

++DevSecOps Fundamentals seven-module curriculum grounded in NIST SSDF, OWASP ASVS, SLSA, CIS Benchmarks
++Application security, container security, and CI/CD hardening practice from the parent course that maps to PenTest+ application-attack scenarios

Parent course: devsecops fundamentals

Best for

++Junior penetration testers transitioning from DevSecOps work into offensive security
++Security engineers preparing for the OSCP track who want a softer-landing exam first
++DoD 8140 Vulnerability Assessment Analyst role assignment candidates

Practice surface

++Four PBQ-format mock exams in CompTIA's engagement-scenario style
++Scoping and rules-of-engagement worked documents
++Targeted weak-area question drilling per PenTest+ exam objective

Buy the add-on

$147 on top of the devsecops fundamentals parent course. Lifetime access to the practice materials, mock exams, and exam-day worksheets.

See the parent course

Exam summary

CompTIA PenTest+ (PT0-003) covers the full penetration-testing engagement lifecycle. Four domains: planning and scoping, information gathering and vulnerability scanning, attacks and exploits, and reporting and communication. 85 PBQ-style multiple-choice and performance-based questions, 165 minutes, passing score 750 on a scaled 100-900 scale.

Domain reviews

Planning and Scoping

14%

Rules of engagement, target scoping, legal and compliance considerations.

++Statement of Work, Rules of Engagement, Master Service Agreement
++Authorization scope: included assets, excluded assets, testing window
++Compliance: PCI DSS, HIPAA, GDPR effects on penetration testing scope
++Threat-actor emulation: APT, insider, opportunistic

Primary sources:

Information Gathering and Vulnerability Scanning

22%

Reconnaissance (passive and active), scanning, and vulnerability identification.

++Passive recon: WHOIS, DNS, public OSINT, social media
++Active recon: port scanning, service enumeration, banner grabbing
++Vulnerability scanning: Nessus, OpenVAS, Nikto, Burp Suite
++Cloud-specific recon: enumeration of S3 buckets, GitHub leaks, Shodan

Primary sources:

NIST SP 800-115 Technical Guide to Security Testing

Attacks and Exploits

32%

The largest domain by weight. Network, application, wireless, cloud, mobile, and social engineering attacks.

++Network attacks: relaying, MITM, AD attacks (Kerberoasting, AS-REP roasting, DCSync)
++Application attacks: OWASP Top 10 (SQLi, XSS, SSRF, IDOR, broken auth)
++Wireless attacks: rogue APs, Evil Twin, WPA cracking
++Cloud attacks: IAM privilege escalation, metadata service abuse
++Social engineering: phishing, vishing, pretexting, physical
++Post-exploitation: lateral movement, persistence, credential access

Primary sources:

Reporting and Communication

32%

Tied for largest domain. Reporting findings, communicating with stakeholders, post-engagement activities.

++Report structure: executive summary, methodology, findings, recommendations, appendices
++Severity classification (CVSS-based) and remediation prioritization
++Stakeholder communication: developers, management, audit, legal
++Post-engagement: retest, remediation validation, lessons learned

Primary sources:

PTES Reporting

Practice scenarios (6)

Practice scenarios are scenario-based learning, not exam-question mimicry. Each scenario maps to a specific exam domain and includes a worked explanation plus a primary-source citation. Reproducing actual exam items would violate the cert body's NDA; the format here exercises the same underlying concepts under different surface phrasing.

Preview scenario 1 of 6 · Planning and Scopingfree preview

A penetration tester is reviewing the Statement of Work. The client wants Active Directory testing but not testing of the cloud production environment. The cloud environment shares some authentication with on-premises AD. What is the appropriate scoping action?

A. Test the cloud environment quietly because it is connected to AD
B. Document the AD-to-cloud trust relationship in the Rules of Engagement, confirm with the client whether cross-trust attacks against the cloud are in scope, and stop AD testing at any cloud boundary if the answer is no
C. Refuse the engagement because the scope is unclear
D. Test everything and report afterward

Answer: B

Scope ambiguity at boundaries is the most common SoW issue in penetration testing. The correct action is to document the trust relationship, confirm the client's intent in writing, and abide by the documented scope. Testing out-of-scope assets exposes the tester to legal liability under the Computer Fraud and Abuse Act.

Reference: PTES Pre-engagement Interactions

Unlock the rest

5 more practice scenarios with full explanations and primary-source citations

The remaining scenarios cover every exam domain at the same depth as the preview above. Includes the exam-day strategy guide and additional study resources. $147 one-time, lifetime access.

Exam-day strategy

++Read each scenario's scope language carefully. PenTest+ tests scope discipline as much as exploitation knowledge.
++Watch for ethical / legal traps. Many distractors are technically correct exploitation steps but exceed scope or break the law.
++On PBQs, identify the engagement phase (planning, recon, exploitation, post-exploitation, reporting) first; that often narrows the right answer immediately.
++Memorize MITRE ATT&CK technique IDs for the major AD attacks (T1558 Kerberoasting, T1003 Credential Dumping, T1078 Valid Accounts) and OWASP Top 10 categories.
++Pace at roughly 1 minute 50 seconds per question. Flag heavy-PBQ items and return.

Additional resources

Sources

Official CompTIA PenTest+ exam page (certifying body)

Exam fee and blueprint last verified 2026-05-22. Confirm current values with the certifying body before scheduling the exam.

What the add-on ships

++Four domain reviews mapped to the official CompTIA PenTest+ PT0-003 exam objectives

++Four full-length 85-question mock exams in PBQ format

++Engagement scoping and rules-of-engagement worked documents

++Reporting templates that align with what enterprise customers expect

++Direct link to the official CompTIA exam blueprint as the canonical reference

Exam summary

Domain reviews

Planning and Scoping

14%

Rules of engagement, target scoping, legal and compliance considerations.

++Statement of Work, Rules of Engagement, Master Service Agreement
++Authorization scope: included assets, excluded assets, testing window
++Compliance: PCI DSS, HIPAA, GDPR effects on penetration testing scope
++Threat-actor emulation: APT, insider, opportunistic

Primary sources:

Information Gathering and Vulnerability Scanning

22%

Reconnaissance (passive and active), scanning, and vulnerability identification.

++Passive recon: WHOIS, DNS, public OSINT, social media
++Active recon: port scanning, service enumeration, banner grabbing
++Vulnerability scanning: Nessus, OpenVAS, Nikto, Burp Suite
++Cloud-specific recon: enumeration of S3 buckets, GitHub leaks, Shodan

Primary sources:

NIST SP 800-115 Technical Guide to Security Testing

Attacks and Exploits

32%

The largest domain by weight. Network, application, wireless, cloud, mobile, and social engineering attacks.

++Network attacks: relaying, MITM, AD attacks (Kerberoasting, AS-REP roasting, DCSync)
++Application attacks: OWASP Top 10 (SQLi, XSS, SSRF, IDOR, broken auth)
++Wireless attacks: rogue APs, Evil Twin, WPA cracking
++Cloud attacks: IAM privilege escalation, metadata service abuse
++Social engineering: phishing, vishing, pretexting, physical
++Post-exploitation: lateral movement, persistence, credential access

Primary sources:

Reporting and Communication

32%

Tied for largest domain. Reporting findings, communicating with stakeholders, post-engagement activities.

++Report structure: executive summary, methodology, findings, recommendations, appendices
++Severity classification (CVSS-based) and remediation prioritization
++Stakeholder communication: developers, management, audit, legal
++Post-engagement: retest, remediation validation, lessons learned

Primary sources:

PTES Reporting

Practice scenarios (6)

Preview scenario 1 of 6 · Planning and Scopingfree preview

A. Test the cloud environment quietly because it is connected to AD
B. Document the AD-to-cloud trust relationship in the Rules of Engagement, confirm with the client whether cross-trust attacks against the cloud are in scope, and stop AD testing at any cloud boundary if the answer is no
C. Refuse the engagement because the scope is unclear
D. Test everything and report afterward

Answer: B

Reference: PTES Pre-engagement Interactions

Unlock the rest

5 more practice scenarios with full explanations and primary-source citations

The remaining scenarios cover every exam domain at the same depth as the preview above. Includes the exam-day strategy guide and additional study resources. $147 one-time, lifetime access.

Exam-day strategy

++Read each scenario's scope language carefully. PenTest+ tests scope discipline as much as exploitation knowledge.

++Watch for ethical / legal traps. Many distractors are technically correct exploitation steps but exceed scope or break the law.

++On PBQs, identify the engagement phase (planning, recon, exploitation, post-exploitation, reporting) first; that often narrows the right answer immediately.

++Memorize MITRE ATT&CK technique IDs for the major AD attacks (T1558 Kerberoasting, T1003 Credential Dumping, T1078 Valid Accounts) and OWASP Top 10 categories.

++Pace at roughly 1 minute 50 seconds per question. Flag heavy-PBQ items and return.