CompTIA has updated its PenTest+ exam, expanding its coverage of the latest cyberattack surfaces and putting emphasis on vulnerability management skills.
New and updated areas of emphasis in the exam include the ability to perform pen-testing for the latest attack surfaces, including the cloud, hybrid environments, and web applications, along with traditional desktops and servers; and proficiency in vulnerability management skills used to plan, scope and manage weaknesses, a spokesperson for CompTIA told IT World Canada.
Developed by CompTIA, the provider of vendor-neutral skills certifications and education for technology workers, the CompTIA PenTest+ exam is designed for intermediate skills level cybersecurity professionals who are responsible for hands-on penetration testing and vulnerability assessment. The company says penetration tester, security consultant, cloud penetration tester, cloud security specialist, web app penetration tester, security analyst, network and security specialist and information security engineer are some of the job roles that can benefit from becoming CompTIA PenTest+ certified.
The new exam content aligns with the cybersecurity skills that many organizations have identified as areas for improvement, according to the recent CompTIA report, State of Cybersecurity 2021. For example, 93 per cent of respondents cited application security as an area where moderate or significant improvement is needed in their organization. Endpoint security (93 per cent), network security (92 per cent) and threat knowledge (91 per cent) are also on the list, the company noted.
“The updated exam requires IT pros to demonstrate their ability and knowledge to perform pen testing techniques for the latest attack surfaces, including the cloud, hybrid environments and web applications, along with traditional desktops and servers,” said Patrick Lane, director of product management at CompTIA. “We’ve also placed greater emphasis on proficiency in vulnerability management skills used to plan, scope and manage weaknesses. This is accomplished through a mix of performance-based and knowledge-based exam questions.”
In addition to the launch of the new exam, the company has released a comprehensive selection of CompTIA learning products to help with preparation for CompTIA PenTest+. These include:
- CompTIA CertMaster Learn, a comprehensive, self-paced eLearning environment that uses videos, assessments and performance-based questions.
- CompTIA CertMaster Practice, an adaptive knowledge assessment tool that determines what a learner has already mastered and what they still need to learn to improve confidence and increase retention.
- Official CompTIA Study Guides to help learners understand the material for their certification exam.
- CompTIA CertMaster Labs to help learners gain hands-on experience configuring a wide range of technologies in a self-paced, pre-configured browser-based environment (to be available late November).
CompTIA PenTest+ is compliant with ISO 17024 standards and approved by the U.S. Department of Defense (DoD) to meet directive 8140/8570.01-M requirements for DoD information assurance workers who work with sensitive data. It also maps to several cybersecurity jobs roles identified in the cyber workforce frameworks created by the DoD and the National Initiative for Cybersecurity Education (NICE).