Advance with confidence
- Get updates, insights, and exclusive offers to support your learning journey and career growth.
CompTIA Exam Syllabus
PT0-003 syllabus, skills measured, and exam topics
CompTIA PenTest+ validates your ability to identify, mitigate, and report system vulnerabilities. Covering all stages of penetration testing across attack surfaces like cloud, web apps, APIs, and IoT, it emphasizes hands-on skills such as vulnerability management and lateral movement. This certification equips you with the expertise to advance your career as a penetration tester or security consultant.
Skills measured by domain
Use the weighting table to decide where to spend the most study time.
| Domain | Weight |
|---|---|
| Engagement management | 13% |
| Reconnaissance and enumeration | 21% |
| Vulnerability discovery and analysis | 17% |
| Attacks and exploits | 35% |
| Post-exploitation and lateral movement | 14% |
What to know before you study
These sections explain the role, audience, and exam framing behind the outline.
Detailed outline
Scan each section as a working study checklist instead of one long wall of text.
Engagement management (13%)
- Planning and scoping: defining rules of engagement, testing windows, and target selection.
- Legal and ethical compliance: ensuring authorization letters, mandatory reporting, and adherence to regulations.
- Collaboration and communication: aligning with stakeholders through peer reviews, escalation paths, and risk articulation.
- Penetration test reports: creating reports with executive summaries, findings, and remediation recommendations.
Reconnaissance and enumeration (21%)
- Active and passive reconnaissance: gathering information using open-source intelligence (OSINT), network sniffing, and protocol scanning.
- Enumeration techniques: performing DNS enumeration, service discovery, and directory enumeration.
- Reconnaissance tools: using tools like Nmap, Wireshark, and Shodan for information gathering.
- Script modification: customizing Python, PowerShell, and Bash scripts for reconnaissance and enumeration.
Vulnerability discovery and analysis (17%)
- Vulnerability scans: conducting authenticated, unauthenticated, static application security testing (SAST) and dynamic application security testing (DAST).
- Result analysis: validating findings, troubleshooting configurations, and identifying false positives.
- Discovery tools: using tools like Nessus, Nikto, and OpenVAS for vulnerability discovery.
Attacks and exploits (35%)
- Network attacks: performing VLAN hopping, on-path attacks, and service exploitation.
- Authentication attacks: executing brute-force attacks, pass-the-hash, and credential stuffing.
- Host-based attacks: conducting privilege escalation, process injection, and credential dumping.
- Web application attacks: performing SQL injection, cross-site scripting (XSS), and directory traversal.
- Cloud-based attacks: exploiting container escapes, metadata service attacks, and identity and access management (IAM) misconfiguration.
- AI attacks: explaining prompt injection and model manipulation against artificial intelligence systems.
Post-exploitation and lateral movement (14%)
- Post-exploitation activities: establishing persistence, performing lateral movement, and cleaning up artifacts.
- Documentation: creating attack narratives and providing remediation recommendations.