top of page
  • Writer's pictureKdotWill

My CompTIA PenTest+ Study Guide


I started my journey immediately after earning my CompTIA CySA+ certification and began researching on Reddit to gather information from other people that passed PenTest+. All of the knowledge I gained from CySA+ crossed over into PenTest+ so the information was not foreign. I highly recommend taking CySA+ first before jumping into PenTest+. CySA+ was solid exam and the knowledge you obtain from the study material is second to none.


Once I gathered enough intel, I went to my always trusted source for his video courses, Jason Dion at Dion Training Solutions. I began with his Anatomy of a Cyber Attack course and then his PenTest+ course. I recommend these courses because it gives you a solid foundation on penetration testing. Afterwards, I used the Sybex CompTIA PenTest+ Study Guide and Practice Tests for a deeper dive into the subjects from Jason’s courses. The Sybex guides are a great resource because the authors does a great job with the flow of information and provides awesome snippets of tools, scripts, vulnerabilities, etc.

I also made index cards for topics that were in the Sybex Guide and reviewed the material during my free time. I also reviewed a lot of sites for cheat sheets that were very valuable for exam preparation. Honestly, I really should have spent more time with the cheat sheets, like I did for CySA+ prep.


Test Day: 65 Questions 4 Simulators (Drag and Drop) Your results may vary.

My Testing Taking Method:

  1. Skimmed through the simulators and flagged them.

  2. Skipped over questions that were verbose and flagged them for later.

  3. Answered questions that were simple. There were a lot of questions on this exam that came from the Sybex Practice Tests Book (Highly Recommended)

  4. Went back to review the flagged questions.

  5. Went back to the simulators.

  6. Start time 10:00, completed at 11:00

Key Areas to Focus On:

  • IKEscan (VPN Presence)

  • Identify XSS in code

  • Remediation priority

  • Metasploit output

  • Coding language - make a small chart of the four languages (Perl, Bash, Python, and Powershell)

  • Identify command execution

  • Understand coding flow

  • How to setup a reverse shell in Bash, Powershell, Perl, and Python

  • How to upgrade a Shell in Python

  • SOCKS Proxy

  • nmap, nmap, nmap - know your switches

Study Resources:

  1. Jason Dion’s Anatomy of a Cyber Attack (my only time firing up Kali for hands on practice)

  2. Jason Dion’s CompTIA Pentest+ Course

  3. Sybex CompTIA Pentest+ Study Guide

  4. Sybex CompTIA Pentest+ Practice Tests (Online)


Online Resources:


SSH/Reverse Shell Cheat Sheet


Active Directory Cheat Sheet


Pentesting Tool Cheat Sheets


Final Thoughts

Use more than one book and get some hands on practice. Get on Hack The Box, Over the Wire, VulnHub, and work, work, work!! This is my only regret for my preparation. It is highly recommended to know the basics of coding. I knew how to identify key components of a line of code and just that little bit of knowledge greatly assisted with the coding questions on the exam.

Recent Posts

See All

Comments


Post: Blog2 Post
bottom of page