PENTEST+ Study Guide 2026

Everything you need to pass the PENTEST+ exam in one place: the exam format, every topic to study, real practice questions with explanations, flashcards, and full-length practice tests. Free, no sign-up needed.

📋 PENTEST+ Exam Format at a Glance

90
Questions
165 min
Time Limit
83.00%
Passing Score

📚 PENTEST+ Topics to Study (20)

✍️ Sample PENTEST+ Questions & Answers

1. Which set of DNS records is critical for organizations to configure to defend against email spoofing used in phishing?
SPF, DKIM, and DMARC records

SPF validates sending IP addresses, DKIM adds cryptographic signatures to emails, and DMARC enforces policy — together they significantly reduce domain spoofing in phishing.

2. What is 'shoulder surfing' as a physical security attack?
Observing someone's screen or keyboard to capture PINs, passwords, or sensitive data

Shoulder surfing involves physically positioning close enough to observe a target's screen, keyboard input, or documents to capture sensitive information without any technical tools.

3. What does token impersonation allow an attacker to do in a Windows post-exploitation scenario?
Assume the identity and privileges of another logged-in user

Token impersonation steals authentication tokens from other logged-in users to assume their privileges without needing their plaintext password.

4. What distinguishes a CompTIA PenTest+ Certification certified professional from a non-certified practitioner?
Certification validates competency through standardized assessment against established benchmarks

Certification provides objective validation of competency through standardized assessment. While non-certified practitioners may be skilled, certification offers verified evidence that a professional meets established benchmarks for knowledge and performance.

5. What is 'Pass-the-Hash' (PtH) and how does it enable lateral movement?
Using captured NTLM hashes directly for authentication without knowing the plaintext password

Pass-the-Hash exploits the NTLM authentication protocol by using a captured password hash directly to authenticate, enabling lateral movement without cracking the hash.

6. How should a PenTest+ professional manager address underperformance within their team?
Provide timely, specific feedback with support and a clear improvement plan

Addressing underperformance requires timely intervention with specific, objective feedback about the performance gap. Providing support resources and a clear improvement plan with defined expectations and timelines gives the individual a fair opportunity to improve.

🎯 Free PENTEST+ Practice Tests

📖 PENTEST+ Guides & Articles

Your PENTEST+ Study Path
1. Learn with Flashcards → 2. Drill Practice Tests → 3. Take the Full Exam Simulation