A little under three years have passed since I last took the CompTIA Pentest+ exam. Like last time, I took the beta-version of the exam. Just like last time, I decided to go into the exam completely blank, only taking a glance at the official objectives beforehand.

The OnVue at-home testing experience offered by PearsonVue, like always, was decent. The tooling works well enough, the proctor was communicative, waiting times weren't too bad. The software feels kind of intrusive, as to what it wants to do on your laptop, but at least it didn't want me to install anything, nor does it require admin-level rights.

As to the exam itself, my experiences mirror what I felt back in 2018:

It feels like there's an over-reliance on NMap and its flags. The objectives state that 30% of your score comes from Attacks & Exploits, with a further 16% coming from Tools and Code Analysis. In my test, it felt like NMap-related questions made up 10-15% of the total question base. That doesn't sit right with me, but of course my impressions could be wrong.
A very small amount of questions were not good, from a test-taker perspective. Some were overly wordy, with long run-on sentences. Others either had zero correct answers (due to syntax mistakes), or made little sense logically.
The PBQs (performance based questions) were similar to last time, with the one I disliked the most making a re-appearance. It's one where you have to both categorize and remediate 7-10 vulnerabilities, where in some cases all responses are sub-optimal.

I feel that the PT1-002 exam needs some polishing and a few corrections, but overall the level of difficulty and the type of questions asked do in fact do a fairly good job at testing someone with 2-3 years of pentesting experience.

I'm curious whether I've passed! As was said: I went in without preparation and there's definitely a number of objective areas where I don't have experience.

EDIT:

A forum acquaintance reminded me of the following:

"You see a preponderance of exam items referring the same concept because the vendor is attempting to determine which of those (experimental) items to include in the (production) exam item pool. ... When taking a beta exam, you are helping to create the exam item pool for the initial public release of the exam, not taking the initial public release of the exam itself."

kilala.nl tags: work, studies,

View or add comments (curr. 1)

2021-04-23 10:11:00

Posted by Tess

Oh right! The click-and-drag on MacOS still doesn't work well with OnVue.

On some of the PBQs you have to click-and-hold for two seconds before dragging things around.

All content, with exception of "borrowed" blogpost images, or unless otherwise indicated, is copyright of Tess Sluijter. The character Kilala the cat-demon is copyright of Rumiko Takahashi and used here without permission.

Kilala.nl - Personal website of Tess Sluijter

About me

Blog archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

> Weblog

> Sysadmin articles

> Maths teaching

CompTIA PT1-002 Pentest+ beta