I started my journey immediately after earning my CompTIA CySA+ certification and began researching on Reddit to gather information from other people that passed PenTest+. All of the knowledge I gained from CySA+ crossed over into PenTest+ so the information was not foreign. I highly recommend taking CySA+ first before jumping into PenTest+. CySA+ was solid exam and the knowledge you obtain from the study material is second to none.
Once I gathered enough intel, I went to my always trusted source for his video courses, Jason Dion at Dion Training Solutions. I began with his Anatomy of a Cyber Attack course and then his PenTest+ course. I recommend these courses because it gives you a solid foundation on penetration testing. Afterwards, I used the Sybex CompTIA PenTest+ Study Guide and Practice Tests for a deeper dive into the subjects from Jason’s courses. The Sybex guides are a great resource because the authors does a great job with the flow of information and provides awesome snippets of tools, scripts, vulnerabilities, etc.
I also made index cards for topics that were in the Sybex Guide and reviewed the material during my free time. I also reviewed a lot of sites for cheat sheets that were very valuable for exam preparation. Honestly, I really should have spent more time with the cheat sheets, like I did for CySA+ prep.
Test Day: 65 Questions 4 Simulators (Drag and Drop) Your results may vary.
My Testing Taking Method:
Skimmed through the simulators and flagged them.
Skipped over questions that were verbose and flagged them for later.
Answered questions that were simple. There were a lot of questions on this exam that came from the Sybex Practice Tests Book (Highly Recommended)
Went back to review the flagged questions.
Went back to the simulators.
Start time 10:00, completed at 11:00
Key Areas to Focus On:
IKEscan (VPN Presence)
Identify XSS in code
Remediation priority
Metasploit output
Coding language - make a small chart of the four languages (Perl, Bash, Python, and Powershell)
Identify command execution
Understand coding flow
How to setup a reverse shell in Bash, Powershell, Perl, and Python
How to upgrade a Shell in Python
SOCKS Proxy
nmap, nmap, nmap - know your switches
Study Resources:
Jason Dion’s Anatomy of a Cyber Attack (my only time firing up Kali for hands on practice)
Jason Dion’s CompTIA Pentest+ Course
Sybex CompTIA Pentest+ Study Guide
Sybex CompTIA Pentest+ Practice Tests (Online)
Online Resources:
SSH/Reverse Shell Cheat Sheet
Active Directory Cheat Sheet
Pentesting Tool Cheat Sheets
Final Thoughts
Use more than one book and get some hands on practice. Get on Hack The Box, Over the Wire, VulnHub, and work, work, work!! This is my only regret for my preparation. It is highly recommended to know the basics of coding. I knew how to identify key components of a line of code and just that little bit of knowledge greatly assisted with the coding questions on the exam.