CertPath
Browse Certs
CompTIAPT0-003

CompTIA PenTest+ in London

Hands-on penetration testing certification covering planning, scoping, vulnerability scanning, and reporting.

Salary uplift
+$14k
Exam cost
$404
Duration
165 min
Passing score
750
Difficulty
intermediate
View recommended courses
◆ 01 / About

What is CompTIA PenTest+?

CompTIA PenTest+ (PT0-003) is an intermediate-level certification validating your ability to plan, scope, and execute penetration testing engagements across networks, applications, and cloud environments. It's one of the few vendor-neutral certs that covers the full pen test lifecycle — from reconnaissance and exploitation to reporting and remediation recommendations. In London, where financial institutions, law firms, and tech scale-ups are under constant pressure to meet cyber resilience standards like Cyber Essentials Plus and DORA, employers are actively seeking certified pentesters. The PT0-003 update aligns testing objectives with modern attack surfaces, making it directly relevant to the threat landscape London-based security teams face daily.

At $404 for the exam, PenTest+ is one of the more affordable routes into offensive security — and the return in London's job market is hard to ignore. With the average IT salary sitting around $85,000/yr in the city, a certified pentester can realistically push past $99,000/yr, representing a $14,000 annual uplift. London hosts a dense concentration of FTSE 100 companies, global banks, and government contractors — all of whom need regular penetration testing to satisfy regulators and insurers. That demand keeps salaries competitive and consultant day rates high. Renewing every three years ensures your skills stay current, which matters in a market where hiring managers can afford to be selective.

◆ 02 / Exam details

Exam details

Exam cost
$404 USD
Duration
165 min
Passing score
750
Renewal
Every 3 yrs

Prerequisites: Network+, Security+, or 3-4 years hands-on experience

◆ 03 / Study plan

12-week study plan

1
Foundations: Scoping, Recon, and PlanningWeeks 1–4
Study PT0-003 exam objectives and map them to your existing knowledge gaps from Network+ or Security+Learn rules of engagement, legal considerations, and how to structure a penetration testing scope documentPractice passive and active reconnaissance techniques using tools like Maltego, theHarvester, and Shodan
2
Exploitation: Vulnerabilities, Attacks, and Post-ExploitationWeeks 5–8
Work through vulnerability scanning with Nessus and OpenVAS, then practice manual exploitation using Metasploit on lab environments like Hack The Box or TryHackMeStudy web application attacks including SQLi, XSS, and broken authentication as covered in PT0-003 objectivesPractice privilege escalation, lateral movement, and persistence techniques in isolated Windows and Linux lab environments
3
Reporting, Review, and Exam ReadinessWeeks 9–12
Write at least two full mock penetration test reports, practising how to communicate findings to both technical and executive audiencesComplete timed practice exams focusing on performance-based questions, which are heavily weighted in PT0-003Review cloud, IoT, and OT attack surfaces added in PT0-003 and drill any weak domain areas using CompTIA's CertMaster practice tool
◆ 04 / Exam tips

Exam tips

Performance-based questions in PT0-003 often ask you to interpret tool output — practice reading Nmap, Burp Suite, and Metasploit results quickly rather than just running the tools

The reporting domain is more heavily weighted than candidates expect; know how to classify findings by CVSS score and articulate remediation steps clearly for non-technical stakeholders

For the scripting objectives, focus on being able to read and modify Python and Bash scripts used in exploitation and enumeration — you won't write code from scratch, but you will need to understand what a script does

Study the rules of engagement and scoping questions carefully — PT0-003 includes scenario questions where the correct answer depends on legal and contractual boundaries, not just technical ability

Cloud attack techniques are new in PT0-003 and frequently tested — make sure you understand IAM privilege escalation, S3 bucket misconfigurations, and serverless function abuse in AWS and Azure environments

◆ 05 / FAQ

Frequently asked questions

PenTest+ is rated intermediate difficulty. It's more practical than Security+ and requires hands-on knowledge of exploitation techniques and reporting. PT0-003 introduced tougher performance-based questions simulating real pen test tasks. Candidates with 2–3 years of hands-on security experience typically find it manageable with 8–12 weeks of focused preparation. Those coming straight from Security+ without lab experience often struggle.
◆ 06 / Other certifications in London
CompTIA Security+CompTIA Network+CompTIA CySA+CISSPCEHCISMAWS Cloud PractitionerAWS Solutions Architect AssociateAzure FundamentalsAzure AdministratorGoogle Cloud Associate Cloud EngineerCAPMPMPPRINCE2 FoundationProfessional Scrum Master IPMI-ACPAWS AI PractitionerAzure AI FundamentalsCompTIA AI+AWS ML Engineer AssociateGoogle Cloud Professional ML Engineer