PT0-003 cheat sheet
A one-page reference for the CompTIA PenTest+ (PT0-003) exam: the format, how the domains are weighted, and the glossary terms for this exam.
Exam at a glance
Vendor
CompTIA
Level
Intermediate
Questions
90
Time
165 min
Mock pass mark
75%
Domains
5
Practice Qs
175
Code
PT0-003
Domain weightings
How much of the exam each domain covers. Spend your study time in proportion — the heavier the domain, the more questions you'll see.
Key terms
- Rules of engagement
- Rules of engagement (RoE) are the agreed constraints of a penetration test — scope, timing, targets, and permitted techniques. PenTest+ covers RoE and authorization in engagement management.
- Scope
- Scope defines exactly which systems, networks, and applications are authorized targets of a penetration test. PenTest+ covers scoping and authorization as pre-engagement activities.
- Statement of work
- A statement of work (SOW) is the document that defines the deliverables, timeline, and terms of a penetration testing engagement. PenTest+ covers the SOW and contracts in engagement management.
- OSINT
- OSINT (Open-Source Intelligence) is information gathered from publicly available sources during reconnaissance. PenTest+ covers OSINT as a passive reconnaissance technique.
- Reconnaissance
- Reconnaissance is the phase of gathering information about a target using passive and active techniques. PenTest+ covers passive and active reconnaissance in its second domain.
- Enumeration
- Enumeration is the active process of extracting details such as hosts, services, users, and shares from a target. PenTest+ covers enumeration techniques and tooling in reconnaissance.
- Nmap
- Nmap is an open-source network scanner used to discover hosts, ports, and services. PenTest+ covers Nmap and interpreting its output during reconnaissance and enumeration.
- Vulnerability scanning
- Vulnerability scanning is the use of automated tools to identify security weaknesses in targets. PenTest+ covers scanning and analyzing results in vulnerability discovery and analysis.
- Metasploit
- Metasploit is a widely used exploitation framework for developing and executing exploit code against targets. PenTest+ covers Metasploit and other tools in the attacks-and-exploits domain.
- SQL injection
- SQL injection is a web attack that inserts malicious SQL into a query to read or modify a database. PenTest+ covers it among web application attacks in the attacks-and-exploits domain.
- Social engineering
- Social engineering is the manipulation of people into revealing information or performing actions that aid an attack. PenTest+ covers social-engineering and physical attacks in exploitation.
- Privilege escalation
- Privilege escalation is the act of gaining higher permissions than initially granted on a compromised system. PenTest+ covers Windows and Linux privilege escalation in post-exploitation.
- Lateral movement
- Lateral movement is the technique of moving from one compromised system to others within a network. PenTest+ covers lateral movement and pivoting in the post-exploitation domain.
- Persistence
- Persistence is the establishment of continued access to a compromised system that survives reboots or credential changes. PenTest+ covers persistence in post-exploitation and lateral movement.