PENTEST+ Cheat Sheet 2026
The 30 highest-yield PENTEST+ facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.
90 questions
165 min time limit
83.00% to pass
- What is 'Kerberoasting' used for in Active Directory environments? → Requesting service tickets for SPNs and extracting their hashes for offline cracking
- Which tool is commonly used for maintaining persistent access and post-exploitation activities after initial compromise? → Metasploit Meterpreter
- When testing REST APIs during a pentest, which technique helps identify endpoints that are not documented but may be accessible? → Fuzzing with wordlists of common API paths
- What is 'pivoting' in the context of penetration testing? → Using a compromised host as a relay to reach other network segments
- What does token impersonation allow an attacker to do in a Windows post-exploitation scenario? → Assume the identity and privileges of another logged-in user
- Which metric best measures the success of a phishing simulation campaign during a pentest engagement? → Click-through rate and credential submission rate
- What tool is commonly used for information gathering during a penetration test? → Nmap and Netcat
- A PHP application includes files based on a `page` parameter: `include($_GET['page'] . '.php')`. How could a tester exploit Local File Inclusion (LFI)? → Using path traversal sequences like `../../../etc/passwd%00`
- Which vulnerability is exploited when an attacker injects an external entity into an XML document to read local files from the server? → XXE Injection
- How should a PenTest+ professional manager address underperformance within their team? → Provide timely, specific feedback with support and a clear improvement plan
- What is the MOST effective way for new PenTest+ professionals to build competency in their field? → Combining formal education, mentored practice, and ongoing professional development
- Which HTTP security header specifically prevents a web page from being embedded in an iframe to mitigate clickjacking attacks? → X-Frame-Options
- What is the role of reconnaissance in penetration testing? → Gathering information to identify attack vectors
- What is 'tailgating' (piggybacking) in physical security penetration testing? → Following an authorized person through a secured door without presenting credentials
- What is 'shoulder surfing' as a physical security attack? → Observing someone's screen or keyboard to capture PINs, passwords, or sensitive data
- Which tool is commonly used to exploit network vulnerabilities? → Metasploit
- Why is reporting important in penetration testing? → To provide actionable recommendations for improving security
- What should be done after identifying vulnerabilities in a penetration test? → Report and assess risk for further testing
- A tester discovers that a web application renders user input inside a Jinja2 template. Submitting `{{7*7}}` returns `49`. What vulnerability is present? → Server-Side Template Injection (SSTI)
- What is a zero-day attack? → An attack targeting an unpatched, unknown vulnerability
- Which technique abuses Windows scheduled tasks to maintain persistence after an initial compromise? → Using schtasks.exe to register a recurring malicious payload
- What is the first step in the planning phase of a penetration test? → Defining the test scope and objectives
- What is vulnerability identification in the context of penetration testing? → Scanning and identifying potential vulnerabilities in the systems
- Which social engineering influence principle exploits a target's sense of obligation after receiving something of value? → Reciprocity
- What is the PRIMARY purpose of obtaining PenTest+ certification in CompTIA PenTest+ Certification? → To demonstrate verified competency and adherence to professional standards
- Which foundational principle is MOST important for success in the CompTIA PenTest+ Certification profession? → Commitment to continuous learning, ethical practice, and quality outcomes
- Why is information gathering critical for successful penetration testing? → It helps identify attack vectors and prioritize testing
- Which tool is widely used to extract plaintext passwords and NTLM hashes from Windows LSASS memory? → Mimikatz
- What is the main goal of exploiting a vulnerability? → To evaluate and exploit security weaknesses
- What is the first step in information gathering during a penetration test? → Gathering OSINT information about the target
Turn these facts into recall: