CompTIA Pentest+ Exam 2025
Questions and Answers
Methodology - ANSWER✔✔-__ is a system of methods used in a particular area of study or
activity.
Pentest Methodology - ANSWER✔✔-__:
1. Planning & Scoping
2. Info Gathering & Vulnerability ID
3. Attacks & Exploits
4. Reporting & Communication
NIST SP 800-115 Methodology - ANSWER✔✔-__:
1. Planning
2. Discovery
3. Attack
4. Reporting
Planning a Penetration Test - ANSWER✔✔-__, Questions to ask:
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 1
,▪ Why Is Planning Important?
▪ Who is the Target Audience?
▪ Budgeting
▪ Resources and Requirements
▪ Communication Paths
▪ What is the End State?
▪ Technical Constraints
▪ Disclaimers
Planning a Penetration Test - Budgeting - ANSWER✔✔-__:
▪ Controls many factors in a test
▪ If you have a large budget, you can perform a more in-depth test
__● Increased timeline for testing
__● Increased scope
__● Increased resources (people, tech, etc.)
Planning a Penetration Test - Resources and Requirements - ANSWER✔✔-__:
▪ What resources will the assessment require?
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 2
,▪ What requirements will be met in the testing?
__● Confidentiality of findings
__● Known vs. unknown vulnerabilities
__● Compliance-based assessment
Planning a Penetration Test - Communication Paths - ANSWER✔✔-__:
▪ Who do we communicate with about the test?
▪ What info will be communicated and when?
▪ Who is a trusted agent if testing goes wrong?
Planning a Penetration Test - What is the End State? - ANSWER✔✔-__:
▪ What kind of report will be provided after test?
▪ Will you provide an estimate of how long remediations would take?
Planning a Penetration Test - Technical Constraints - ANSWER✔✔-__:
▪ What constraints limited your ability to test?
▪ Provide the status in your report
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 3
, __● Tested
__● Not Tested
__● Can't Be Tested
Planning a Penetration Test - Disclaimers - ANSWER✔✔-__:
▪ Point-in-Time Assessment
__● Results were accurate when the pentest occurred
▪ Comprehensiveness
__● How complete was the test?
__● Did you test the entire organization or only specific objectives?
Rules of Engagement (RoE) - ANSWER✔✔-__ are detailed guidelines and constraints regarding the
execution of information security testing.
The __ is established before the start of a security test, and gives the test team authority to conduct
defined activities without the need for additional permissions.
Rules of Engagement (RoE) Overview - ANSWER✔✔-__:
▪ Timeline
▪ Locations
▪ Time restrictions
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 4
Questions and Answers
Methodology - ANSWER✔✔-__ is a system of methods used in a particular area of study or
activity.
Pentest Methodology - ANSWER✔✔-__:
1. Planning & Scoping
2. Info Gathering & Vulnerability ID
3. Attacks & Exploits
4. Reporting & Communication
NIST SP 800-115 Methodology - ANSWER✔✔-__:
1. Planning
2. Discovery
3. Attack
4. Reporting
Planning a Penetration Test - ANSWER✔✔-__, Questions to ask:
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 1
,▪ Why Is Planning Important?
▪ Who is the Target Audience?
▪ Budgeting
▪ Resources and Requirements
▪ Communication Paths
▪ What is the End State?
▪ Technical Constraints
▪ Disclaimers
Planning a Penetration Test - Budgeting - ANSWER✔✔-__:
▪ Controls many factors in a test
▪ If you have a large budget, you can perform a more in-depth test
__● Increased timeline for testing
__● Increased scope
__● Increased resources (people, tech, etc.)
Planning a Penetration Test - Resources and Requirements - ANSWER✔✔-__:
▪ What resources will the assessment require?
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 2
,▪ What requirements will be met in the testing?
__● Confidentiality of findings
__● Known vs. unknown vulnerabilities
__● Compliance-based assessment
Planning a Penetration Test - Communication Paths - ANSWER✔✔-__:
▪ Who do we communicate with about the test?
▪ What info will be communicated and when?
▪ Who is a trusted agent if testing goes wrong?
Planning a Penetration Test - What is the End State? - ANSWER✔✔-__:
▪ What kind of report will be provided after test?
▪ Will you provide an estimate of how long remediations would take?
Planning a Penetration Test - Technical Constraints - ANSWER✔✔-__:
▪ What constraints limited your ability to test?
▪ Provide the status in your report
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 3
, __● Tested
__● Not Tested
__● Can't Be Tested
Planning a Penetration Test - Disclaimers - ANSWER✔✔-__:
▪ Point-in-Time Assessment
__● Results were accurate when the pentest occurred
▪ Comprehensiveness
__● How complete was the test?
__● Did you test the entire organization or only specific objectives?
Rules of Engagement (RoE) - ANSWER✔✔-__ are detailed guidelines and constraints regarding the
execution of information security testing.
The __ is established before the start of a security test, and gives the test team authority to conduct
defined activities without the need for additional permissions.
Rules of Engagement (RoE) Overview - ANSWER✔✔-__:
▪ Timeline
▪ Locations
▪ Time restrictions
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 4
