PENTEST+ Cheat Sheet 2026

The 30 highest-yield PENTEST+ facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

90 questions
165 min time limit
83.00% to pass
  1. What is 'Kerberoasting' used for in Active Directory environments? Requesting service tickets for SPNs and extracting their hashes for offline cracking
  2. Which tool is commonly used for maintaining persistent access and post-exploitation activities after initial compromise? Metasploit Meterpreter
  3. When testing REST APIs during a pentest, which technique helps identify endpoints that are not documented but may be accessible? Fuzzing with wordlists of common API paths
  4. What is 'pivoting' in the context of penetration testing? Using a compromised host as a relay to reach other network segments
  5. What does token impersonation allow an attacker to do in a Windows post-exploitation scenario? Assume the identity and privileges of another logged-in user
  6. Which metric best measures the success of a phishing simulation campaign during a pentest engagement? Click-through rate and credential submission rate
  7. What tool is commonly used for information gathering during a penetration test? Nmap and Netcat
  8. A PHP application includes files based on a `page` parameter: `include($_GET['page'] . '.php')`. How could a tester exploit Local File Inclusion (LFI)? Using path traversal sequences like `../../../etc/passwd%00`
  9. Which vulnerability is exploited when an attacker injects an external entity into an XML document to read local files from the server? XXE Injection
  10. How should a PenTest+ professional manager address underperformance within their team? Provide timely, specific feedback with support and a clear improvement plan
  11. What is the MOST effective way for new PenTest+ professionals to build competency in their field? Combining formal education, mentored practice, and ongoing professional development
  12. Which HTTP security header specifically prevents a web page from being embedded in an iframe to mitigate clickjacking attacks? X-Frame-Options
  13. What is the role of reconnaissance in penetration testing? Gathering information to identify attack vectors
  14. What is 'tailgating' (piggybacking) in physical security penetration testing? Following an authorized person through a secured door without presenting credentials
  15. What is 'shoulder surfing' as a physical security attack? Observing someone's screen or keyboard to capture PINs, passwords, or sensitive data
  16. Which tool is commonly used to exploit network vulnerabilities? Metasploit
  17. Why is reporting important in penetration testing? To provide actionable recommendations for improving security
  18. What should be done after identifying vulnerabilities in a penetration test? Report and assess risk for further testing
  19. A tester discovers that a web application renders user input inside a Jinja2 template. Submitting `{{7*7}}` returns `49`. What vulnerability is present? Server-Side Template Injection (SSTI)
  20. What is a zero-day attack? An attack targeting an unpatched, unknown vulnerability
  21. Which technique abuses Windows scheduled tasks to maintain persistence after an initial compromise? Using schtasks.exe to register a recurring malicious payload
  22. What is the first step in the planning phase of a penetration test? Defining the test scope and objectives
  23. What is vulnerability identification in the context of penetration testing? Scanning and identifying potential vulnerabilities in the systems
  24. Which social engineering influence principle exploits a target's sense of obligation after receiving something of value? Reciprocity
  25. What is the PRIMARY purpose of obtaining PenTest+ certification in CompTIA PenTest+ Certification? To demonstrate verified competency and adherence to professional standards
  26. Which foundational principle is MOST important for success in the CompTIA PenTest+ Certification profession? Commitment to continuous learning, ethical practice, and quality outcomes
  27. Why is information gathering critical for successful penetration testing? It helps identify attack vectors and prioritize testing
  28. Which tool is widely used to extract plaintext passwords and NTLM hashes from Windows LSASS memory? Mimikatz
  29. What is the main goal of exploiting a vulnerability? To evaluate and exploit security weaknesses
  30. What is the first step in information gathering during a penetration test? Gathering OSINT information about the target