CompTIA PenTest+ (PT0-003) Practice Questions & Study Guide
Hands-on offensive security certification covering engagement scoping, reconnaissance, vulnerability discovery, attacks and exploits, and post-exploitation.
What's included
Every PenTest+ question includes a worked explanation and hints. Question formats mirror the real exam: multiple choice, multiple select, short answer and drag-and-drop matching. A full timed final exam reports per-domain analytics so you know exactly where you stand before test day.
A sample PenTest+ lesson
Rules of Engagement and Scope Definition
Rules of Engagement (ROE) define the boundaries within which a penetration test is authorized to operate, specifying in-scope and out-of-scope systems, permitted techniques, test windows, and emergency halt procedures. Clearly documented ROE protect both the testing team and the client organization from legal exposure and unintended service disruption.
Purpose and legal function of the ROE
The Rules of Engagement document is the contractual and operational foundation of any penetration test. It translates the client's business objectives into precise technical boundaries, ensuring every action taken by the testing team is explicitly authorized. Without a signed ROE, activities that would otherwise constitute unauthorized computer access — even if performed at a client's verbal request — may expose practitioners to criminal liability under statutes such as the U.S. Computer Fraud and Abuse Act (CFAA, 18 U.S.C. § 1030) or the UK Computer Misuse Act 1990. NIST Special Publication 800-115, Technical Guide to Information Security Testing and Assessment, identifies the authorization and scope definition phase as the first required step of any security assessment.
The ROE must be signed by an individual with organizational authority to authorize testing — typically a CISO, CTO, or equivalent. Verbal authorization is insufficient. Many engagements also require co-signatures from third-party service providers whose infrastructure is in scope, such as cloud platform providers or co-location facilities. Testing against shared infrastructure without the hosting provider's permission violates the provider's acceptable use policy and may constitute unauthorized access regardless of the client's own authorization.
This is one of 50 concept lessons in the full PenTest+ track.
Exam facts
- Exam codePT0-003
- VendorCompTIA
- FormatUp to 90 questions · 165 minutes
- Passing score750 / 900
- Exam cost$404 USD
- Renewal3 years (renew with CEUs)
Pricing
Your first foundational certification is free when you sign up — no card required.
PenTest+ FAQ
- How much does the CompTIA PenTest+ exam cost?
- The official CompTIA PT0-003 exam voucher is $404 USD. CyberStudy is separate, affordable practice and is not the exam voucher.
- How many questions are on the PenTest+ exam?
- The PT0-003 exam is Up to 90 questions · 165 minutes.
- What score do I need to pass PenTest+?
- The passing score is 750 / 900.
- How long is PenTest+ valid?
- CompTIA PenTest+ is valid for 3 years (renew with ceus).
- How much PenTest+ practice does CyberStudy include?
- 150 exam-style practice questions across every domain plus a full timed mock exam with analytics, and 50 concept lessons.