CertPath
Browse Certs
CompTIAPT0-003

CompTIA PenTest+ in Nairobi

Hands-on penetration testing certification covering planning, scoping, vulnerability scanning, and reporting.

Salary uplift
+$14k
Exam cost
$404
Duration
165 min
Passing score
750
Difficulty
intermediate
View recommended courses
◆ 01 / About

What is CompTIA PenTest+?

CompTIA PenTest+ (PT0-003) is a vendor-neutral, intermediate-level certification that validates your ability to plan, scope, and execute penetration tests across networks, applications, and cloud environments. It covers the full pentest lifecycle — from reconnaissance and exploitation to reporting and remediation. In Nairobi, where financial institutions, telecoms, and fast-growing tech firms are rapidly expanding their security teams, a recognized pentesting credential signals serious technical credibility. Kenya's digital economy is accelerating, and organizations like Safaricom, KCB, and a surge of fintech startups are actively seeking professionals who can proactively identify vulnerabilities before attackers do. PenTest+ sits at the right level to get you into those roles.

With an average IT salary of around $18,000 per year in Nairobi, the $404 exam fee is a straightforward investment. Certified pentesters in Kenya's market command a salary uplift of approximately $14,000 annually — meaning the cert can pay for itself within weeks of landing a new role or negotiating a raise. Nairobi's cybersecurity talent gap is real: demand consistently outpaces supply, giving certified candidates genuine leverage. PenTest+ is also renewable every three years, keeping your credential current without constant re-examination. For mid-career IT professionals in Nairobi looking to move from general networking or security roles into dedicated offensive security, PT0-003 offers one of the clearest and most cost-effective paths forward.

◆ 02 / Exam details

Exam details

Exam cost
$404 USD
Duration
165 min
Passing score
750
Renewal
Every 3 yrs

Prerequisites: Network+, Security+, or 3-4 years hands-on experience

◆ 03 / Study plan

12-week study plan

1
Planning, Scoping, and ReconnaissanceWeeks 1–4
Study pentest engagement scoping, rules of engagement, and legal considerations covered in PT0-003 Domain 1Practice passive and active reconnaissance techniques using tools like theHarvester, Shodan, and Maltego in a lab environmentReview compliance frameworks relevant to East African financial and telecom sectors to contextualize scope discussions
2
Exploitation, Attacks, and Post-ExploitationWeeks 5–8
Work through network, application, and wireless attack techniques using Metasploit, Burp Suite, and Nmap in a controlled labPractice privilege escalation, lateral movement, and persistence techniques on platforms like Hack The Box or TryHackMeStudy cloud and hybrid environment attack vectors, which carry increased PT0-003 exam weight compared to the previous version
3
Reporting, Tools Mastery, and Exam ReadinessWeeks 9–12
Draft a sample pentest report covering findings, risk ratings, and remediation recommendations to reinforce Domain 5 objectivesRun timed practice exams focusing on performance-based questions — these simulate real tool usage and are heavily weighted on PT0-003Review all scripting basics (Python, Bash, PowerShell) tested in the exam and revisit any weak domains identified in practice tests
◆ 04 / Exam tips

Exam tips

Prioritize hands-on lab practice over passive reading — PT0-003 includes performance-based questions that present you with a simulated terminal or tool interface, and you cannot memorize your way through them.

Know your core pentest tools cold: Metasploit modules, Nmap scan types, Burp Suite's proxy and scanner, and basic Netcat usage are all fair game and frequently appear in scenario questions.

Study the pentest reporting domain seriously — PT0-003 tests your ability to interpret findings, assign CVSS scores correctly, and recommend prioritized remediation, not just identify that a vulnerability exists.

Practice reading and writing basic Python and Bash scripts for tasks like port scanning and file parsing — PT0-003 expects you to understand what a script does and identify errors or improvements in short code snippets.

When answering scenario questions, always filter choices through the pentest lifecycle phase described — an action that's valid during exploitation may be wrong during scoping, and CompTIA tests whether you know the difference.

◆ 05 / FAQ

Frequently asked questions

PenTest+ is rated intermediate difficulty and is genuinely challenging without hands-on experience. The PT0-003 update increased emphasis on cloud environments, active directory attacks, and scripting. Candidates with Security+ and at least a year of practical security work typically need 8–12 weeks of focused study. Performance-based questions require you to actually use tools, not just recognize terminology.
◆ 06 / Other certifications in Nairobi
CompTIA Security+CompTIA Network+CompTIA CySA+CISSPCEHCISMAWS Cloud PractitionerAWS Solutions Architect AssociateAzure FundamentalsAzure AdministratorGoogle Cloud Associate Cloud EngineerCAPMPMPPRINCE2 FoundationProfessional Scrum Master IPMI-ACPAWS AI PractitionerAzure AI FundamentalsCompTIA AI+AWS ML Engineer AssociateGoogle Cloud Professional ML Engineer