Intermediate CompTIA · Exam PT0-003

CompTIA PenTest+ (PT0-003) Study Guide

CompTIA PenTest+ is the hands-on penetration testing certification. Exam PT0-003 validates the full offensive-security workflow: planning and scoping an engagement, reconnaissance, exploitation, post-exploitation, and reporting—the work of a professional ethical hacker.

Overview

Level

Intermediate

Vendor

CompTIA

Audience

Aspiring penetration testers, red teamers, vulnerability analysts, and security pros moving from defensive into offensive security. Best with Security+ level knowledge and hands-on practice.

Why get PenTest+

PenTest+ proves you can actually run a penetration test end to end—not just understand attacks in theory, but plan an engagement, find and exploit vulnerabilities, move laterally, and write the report that makes it useful. It's one of the few pentest certs that is both hands-on and vendor-neutral, and the PT0-003 version added current topics like cloud, API, and AI/ML attack techniques. It carries DoD 8140 approval for offensive-security workforce roles. For someone targeting a penetration testing, red team, or vulnerability-analyst role, PenTest+ is a recognized way to validate practical offensive skill.

Salary expectations

Typical salary range

$90,000 – $140,000

Offensive security pays well. Entry-level penetration testers and junior red teamers commonly start around $80K–$100K, with experienced pentesters reaching $110K–$140K and senior/red-team and consulting roles going higher. PenTest+ is most valuable backed by demonstrable hands-on skill—lab work, write-ups, and a portfolio matter as much as the cert.

When to get PenTest+

Get PenTest+ once you have Security+ level fundamentals and some hands-on practice with attacking tools and lab environments. CompTIA recommends Network+/Security+ plus 3–4 years of hands-on security experience. If you're newer, build a foundation with Security+ and practice on platforms like TryHackMe and Hack The Box first. It pairs well with CySA+ (the defensive counterpart) for a rounded security profile.

Exam details

Exam Quick Reference

Exam Code
PT0-003
Vendor
CompTIA
Level
Intermediate
Duration
165 minutes
Format
Up to 90 questions: multiple choice and performance-based. Passing score: 750 (on a scale of 100–900).
Questions
Up to 90 questions
Official exam page Verify current pricing

Renewal: Valid for 3 years. Renew through CompTIA's Continuing Education (CE) program by earning CEUs, or by passing a higher-level CompTIA exam. PenTest+ also renews lower CompTIA certs.

Skills covered

Engagement Management (13%)

  • Pre-engagement: scoping, rules of engagement, and legal concepts
  • Governance, risk, and compliance considerations
  • Communication and collaboration during an engagement
  • Professionalism and ethical conduct
  • Managing the testing process and deliverables

Reconnaissance & Enumeration (21%)

  • Passive recon and open-source intelligence (OSINT)
  • Active scanning with Nmap and similar tools
  • Enumeration of hosts, services, and users
  • Network, host, and application discovery
  • Documenting and prioritizing findings

Vulnerability Discovery & Analysis (17%)

  • Running and interpreting vulnerability scans
  • Analyzing code and configurations for weaknesses
  • Identifying network, web, wireless, and cloud vulnerabilities
  • Validating findings to remove false positives
  • Tooling: Nessus, Burp Suite, and analysis utilities

Attacks & Exploits (35%)

  • Exploiting network, web application, and wireless targets
  • Cloud, API, and IoT/OT attack techniques
  • AI/ML and supply-chain attack concepts
  • Social engineering and physical attacks
  • Using Metasploit and exploitation frameworks

Post-exploitation & Reporting (14%)

  • Lateral movement, persistence, and privilege escalation
  • Pivoting and maintaining access
  • Cleanup and covering the engagement responsibly
  • Writing clear, actionable penetration-test reports
  • Recommending remediation and communicating risk

Step-by-step study path

This sequence reflects what consistently works. Follow it in order—don't skip ahead.

  1. 1

    Download the PT0-003 exam objectives

    Get the official PenTest+ PT0-003 objectives from CompTIA. They follow the real engagement lifecycle—planning through reporting—so they double as a mental model for the whole exam.

  2. 2

    Confirm your security and networking base

    PenTest+ assumes Security+ level knowledge plus networking comfort. If TCP/IP, common services, or core security concepts are shaky, shore them up first—exploitation builds on understanding how systems work.

  3. 3

    Work through a primary video course

    Choose one comprehensive PT0-003 course and complete it end to end. Jason Dion's PenTest+ course on Udemy covers all five domains with tool demos. See the paid resources section.

  4. 4

    Read the official study guide

    The Sybex PenTest+ Study Guide (PT0-003) by Chapple, Shimonski & Seidl is the standard written reference. Use it to deepen the attacks-and-exploits domain, which is 35% of the exam.

  5. 5

    Practice on hands-on hacking platforms

    Offensive skill comes from doing. Work through TryHackMe and Hack The Box machines, learn Nmap, Burp Suite, and Metasploit by using them. Build a home lab and attack it. This is the single highest-value activity.

  6. 6

    Drill performance-based questions

    PenTest+ is heavy on PBQs—analyzing tool output, choosing the right command, interpreting a scan. Practice them specifically. Knowing a tool conceptually is different from using it correctly under time pressure.

  7. 7

    Take timed practice exams

    Use full-length PT0-003 practice exams. Aim to score consistently above 85% before booking. Review every miss and reproduce the technique in your lab to truly understand it.

  8. 8

    Schedule and sit the exam

    Register through Pearson VUE for the 165-minute exam (test center or online proctored). Book about two weeks out to set a deadline. Pace yourself—PBQs take longer than multiple-choice.

Ready for a structured course?

A top-rated course covers every PenTest+ exam domain in order. See the paid resources section below for options and pricing.

View course options →

Free resources

Official Documentation CompTIA PenTest+ PT0-003 Exam Objectives (Official)

The official PT0-003 objectives across all five domains. Your study roadmap—start here.
Hands-on Labs TryHackMe – Jr Penetration Tester Path

Guided, browser-based offensive-security labs covering recon, exploitation, and reporting. The most accessible free way to build PenTest+ hands-on skill.
Hands-on Labs Hack The Box – Free Machines & Academy

Real vulnerable machines to practice the full attack chain. The free tier plus HTB Academy modules map well to the attacks-and-exploits domain.
Video Course TCM Security / The Cyber Mentor (YouTube)

Free, practical ethical-hacking content on tools and techniques—great for building the offensive intuition the exam rewards.
Community r/CompTIA on Reddit

Active community with PenTest+ study advice and recent PT0-003 pass reports. Search the PenTest+ flair before posting.

Vouchers & exam cost

Buy PenTest+ Exam Voucher – CompTIA Store

The PT0-003 exam runs about $404–$425 USD. Verify current pricing on the official CompTIA store before purchasing; voucher + retake bundles are sometimes available.

Frequently asked questions

Is CompTIA PenTest+ worth it?

For offensive-security roles, yes. PenTest+ is hands-on, vendor-neutral, and DoD-8140 approved for penetration-testing workforce roles. It's most valuable backed by demonstrable lab skill—employers want to see you can actually do the work.

PenTest+ or CEH — which is better?

PenTest+ is more hands-on and performance-based; CEH is broader and more theory-heavy with stronger brand recognition in some HR filters. PenTest+ tends to better reflect real pentesting ability. Many people choose based on which their target employers list.

Is PenTest+ good for beginners?

It's intermediate, not entry-level. There's no formal prerequisite, but PenTest+ assumes Security+ level knowledge and real comfort with attacking tools. Newcomers should build a foundation with Security+ and lab practice (TryHackMe, Hack The Box) first.

How hard is the PT0-003 exam?

It's a challenging, hands-on exam. The attacks-and-exploits domain alone is 35%, and performance-based questions require real tool fluency. Candidates who put serious time into hands-on labs find it fair; those who only watch videos often struggle.

How long does it take to study for PenTest+?

Most candidates spend 3 to 6 months, much of it on hands-on practice. Those already doing security work may move faster. Lab time on platforms like TryHackMe and Hack The Box is the highest-value preparation.

Should I take CySA+ before PenTest+?

Not required, but they complement each other—CySA+ is the defensive (blue team) analyst cert, PenTest+ is the offensive (red team) one. Doing both gives a rounded security profile. Order depends on whether you lean defensive or offensive.

Does PenTest+ expire?

Yes. PenTest+ is valid for three years. Renew through CompTIA's Continuing Education program by earning CEUs or passing a higher-level CompTIA exam. Renewing PenTest+ also renews lower CompTIA certs.

Ready to study?

Start with the free resources above, then add a top-rated course and practice exams when you're ready to test yourself.

Udemy View recommended course
Explore more CompTIA certs