Copy/pasting from my private blog:
A little under three years have passed since I
last took the CompTIA Pentest+ exam. Like last time, I took the beta-version of the exam. Just like last time, I decided to go into the exam completely blank, only taking a glance at
the official objectives beforehand.
The
OnVue at-home testing experience offered by PearsonVue, like always, was decent. The tooling works well enough, the proctor was communicative, waiting times weren't too bad. The software feels kind of intrusive, as to what it wants to do on your laptop, but at least it didn't want me to install anything, nor does it require admin-level rights.
As to the exam itself, my experiences mirror what I felt back in 2018:
- It feels like there's an over-reliance on NMap and its flags. The objectives state that 30% of your score comes from Attacks & Exploits, with a further 16% coming from Tools and Code Analysis. In my test, it felt like NMap-related questions made up 10-15% of the total question base. That doesn't sit right with me, but of course my impressions could be wrong.
- A very small amount of questions were not good, from a test-taker perspective. Some were overly wordy, with long run-on sentences. Others either had zero correct answers (due to syntax mistakes), or made little sense logically.
- The PBQs (performance based questions) were similar to last time, with the one I disliked the most making a re-appearance. It's one where you have to both categorize and remediate 7-10 vulnerabilities, where in some cases all responses are sub-optimal.
I feel that the PT1-002 exam needs some polishing and a few corrections, but overall the level of difficulty and the type of questions asked
do in fact do a fairly good job at testing someone with 2-3 years of pentesting experience.
I'm curious whether I've passed! As was said: I went in without preparation and there's definitely a number of objective areas where I don't have experience.