PT0-003 cheat sheet

A one-page reference for the CompTIA PenTest+ (PT0-003) exam: the format, how the domains are weighted, and the glossary terms for this exam.

Exam at a glance

Vendor
CompTIA
Level
Intermediate
Questions
90
Time
165 min
Mock pass mark
75%
Domains
5
Practice Qs
175
Code
PT0-003

Domain weightings

How much of the exam each domain covers. Spend your study time in proportion — the heavier the domain, the more questions you'll see.

Key terms

Rules of engagement
Rules of engagement (RoE) are the agreed constraints of a penetration test — scope, timing, targets, and permitted techniques. PenTest+ covers RoE and authorization in engagement management.
Scope
Scope defines exactly which systems, networks, and applications are authorized targets of a penetration test. PenTest+ covers scoping and authorization as pre-engagement activities.
Statement of work
A statement of work (SOW) is the document that defines the deliverables, timeline, and terms of a penetration testing engagement. PenTest+ covers the SOW and contracts in engagement management.
OSINT
OSINT (Open-Source Intelligence) is information gathered from publicly available sources during reconnaissance. PenTest+ covers OSINT as a passive reconnaissance technique.
Reconnaissance
Reconnaissance is the phase of gathering information about a target using passive and active techniques. PenTest+ covers passive and active reconnaissance in its second domain.
Enumeration
Enumeration is the active process of extracting details such as hosts, services, users, and shares from a target. PenTest+ covers enumeration techniques and tooling in reconnaissance.
Nmap
Nmap is an open-source network scanner used to discover hosts, ports, and services. PenTest+ covers Nmap and interpreting its output during reconnaissance and enumeration.
Vulnerability scanning
Vulnerability scanning is the use of automated tools to identify security weaknesses in targets. PenTest+ covers scanning and analyzing results in vulnerability discovery and analysis.
Metasploit
Metasploit is a widely used exploitation framework for developing and executing exploit code against targets. PenTest+ covers Metasploit and other tools in the attacks-and-exploits domain.
SQL injection
SQL injection is a web attack that inserts malicious SQL into a query to read or modify a database. PenTest+ covers it among web application attacks in the attacks-and-exploits domain.
Social engineering
Social engineering is the manipulation of people into revealing information or performing actions that aid an attack. PenTest+ covers social-engineering and physical attacks in exploitation.
Privilege escalation
Privilege escalation is the act of gaining higher permissions than initially granted on a compromised system. PenTest+ covers Windows and Linux privilege escalation in post-exploitation.
Lateral movement
Lateral movement is the technique of moving from one compromised system to others within a network. PenTest+ covers lateral movement and pivoting in the post-exploitation domain.
Persistence
Persistence is the establishment of continued access to a compromised system that survives reboots or credential changes. PenTest+ covers persistence in post-exploitation and lateral movement.