PenTest+ vs. CEH: Which certification is better? [2022 update]

When looking for a certification in the penetration testing realm, you’ll see that CompTIA’s PenTest+ and EC-Council’s CEH (Certified Ethical Hacker) certifications are somewhat similar to each other in terms of content as they both assess pentesting skills. They are also challenging and geared towards intermediate-level professionals with experience in a dedicated cybersecurity role.

Suppose you are preparing for a job in penetration testing, vulnerability assessment and management. In that case, you may be wondering whether one or both of these certifications will be worth pursuing.

The CompTIA PenTest+ objectives (domains) and CEH exam blueprint provide details on what the exam covers. “Objectives” and “blueprint” can be used interchangeably for exam content. Below are the details of the PenTest+ and CEH exams, along with the weight of each domain.

CompTIA PenTest+ (PTO-002) objectives

Domains	Objectives	Exam Percentage
1. Planning and Scoping	Governance, risk and compliance concepts Scoping and organizational/customer requirements Professionalism and integrity	14%
2. Information Gathering and Vulnerability Scanning	Perform passive reconnaissance Perform active reconnaissance Analyze the results of a reconnaissance Perform vulnerability scanning	22%
3. Attacks and Exploits	Research attack vectors and perform network attacks wireless attacks application-based attacks attacks on cloud technologies Common attacks and vulnerabilities against specialized systems Social engineering or physical attack Post-exploitation techniques	30%
4. Reporting and Communication	Important components of written reports Analyze the findings and recommend the appropriate remediation Importance of communication during penetration testing Post-report delivery activities	18%
5. Tools and Code Analysis	Scripting and software development Analyze a script or code sample for use in a penetration test Use of specific tools during penetration testing	16%
Total		100%

 

CEH exam blueprint v4.0

Domains	Sub Domain & Description	%Weight	Number of Questions
1. Information Security and Ethical Hacking Overview	Introduction to Ethical Hacking Information Security Overview Cyber Kill Chain Concepts  Hacking Concepts Ethical Hacking Concepts  Information Security Controls Information Security Laws and Standards	6%	8
2. Reconnaissance Techniques	Footprinting and Reconnaissance Footprinting Concepts Footprinting Methodology Footprinting through Search Engines Footprinting through Web Service Footprinting through Social Networking Sites Website Footprinting Email Footprinting Whois Footprinting DNS Footprinting Network Footprinting Footprinting through Social Engineering Footprinting Tools Footprinting Countermeasures  Scanning Networks  Network Scanning Concepts Scanning Tool Host Discovery Port and Service Discovery OS Discovery (Banner Grabbing/OS Fingerprinting) Scanning Beyond IDS and Firewall Draw Network Diagrams Enumeration Enumeration Concepts NetBIOS Enumeration SNMP Enumeration LDAP Enumeration NTP and NFS Enumeration SMTP and DNS Enumeration Other Enumeration Techniques (IPsec, VoIP, RPC, Unix/Linux, Telnet, FTP, TFTP, SMB, IPv6, and BGP enumeration) Enumeration Countermeasures	21%	26
3. System Hacking Phases and Attack Techniques	Vulnerability Analysis Vulnerability Assessment Concepts Vulnerability Classification and Assessment Types Vulnerability Assessment Solutions and Tools Vulnerability Assessment Reports System Hacking System Hacking Concepts Gaining Access Cracking Passwords Vulnerability Exploitation Escalating Privileges Maintaining Access Executing Applications Hiding Files Clearing Logs Malware Threats Malware Concepts APT Concepts Trojan Concepts Virus and Worm Concepts File-less Malware Concepts Malware Analysis Malware Countermeasures Anti-Malware Software	17%	21
4. Network and Perimeter Hacking	Sniffing Sniffing Concepts Sniffing Technique: MAC Attacks Sniffing Technique: DHCP Attacks Sniffing Technique: ARP Poisoning Sniffing Technique: Spoofing Attacks Sniffing Technique: DNS Poisoning Sniffing Tools Sniffing Countermeasures Sniffing Detection Techniques Social Engineering Social Engineering Concepts Social Engineering Techniques Insider Threats Impersonation on Social Networking Sites Identity Theft Social Engineering Countermeasures  Denial-of-Service DoS/DDoS Concepts DoS/DDoS Attack Techniques Botnets DDoS Case Study DoS/DDoS Attack Tools DoS/DDoS Countermeasures DoS/DDoS Protection Tools Session Hijacking Session Hijacking Concepts Application Level Session Hijacking Network Level Session Hijacking Session Hijacking Tools Session Hijacking Countermeasures Evading IDS, Firewalls and Honeypots IDS, IPS, Firewall, and Honeypot Concepts IDS, IPS, Firewall, and Honeypot Solutions Evading IDS Evading Firewalls IDS/Firewall Evading Tools Detecting Honeypots IDS/Firewall Evasion Countermeasures	14%	18
5. Web Application Hacking	Hacking Web Servers Web Server Concepts Web Server Attacks Web Server Attack Methodology Web Server Attack Tools Web Server Countermeasures Patch Management Web Server Security Tools Hacking Web Application Web App Concepts Web App Threats Web App Hacking Methodology Footprint Web Infrastructure Analyze Web Applications Bypass Client-Side Controls Attack Authentication Mechanism Attack Authorization Schemes Attack Access Controls Attack Session Management Mechanism Perform Injection Attacks Attack Application Logic Flaws Attack Shared Environments Attack Database Connectivity Attack Web App Client Attack Web Services Web API, Webhooks and Web Shell Web App Security SQL Injection SQL Injection Concepts Types of SQL Injection SQL Injection Methodology SQL Injection Tools Evasion Techniques SQL Injection Countermeasures	16%	20
6. Wireless Network Hacking	Hacking Wireless Networks Wireless Concepts Wireless Encryption Wireless Threats Wireless Hacking Methodology Wireless Hacking Tools Bluetooth Hacking Wireless Countermeasures Wireless Security Tools	6%	8
7. Mobile Platform, IoT and OT Hacking	Hacking Mobile Platforms Mobile Platform Attack Vectors Hacking Android OS Hacking iOS Mobile Device Management Mobile Security Guidelines and Tools IoT and OT Hacking IoT Concepts IoT Attacks IoT Hacking Methodology IoT Hacking Tools IoT Countermeasures OT Concepts OT Attacks OT Hacking Methodology OT Hacking Tools OT Countermeasures	8%	10
8. Cloud Computing	Cloud Computing Cloud Computing Concepts Container Technology Serverless Computing Cloud Computing Threats Cloud Hacking Cloud Security	6%	7
9. Cryptography	Cryptography Cryptography Concepts Encryption Algorithms Cryptography Tools Public Key Infrastructure (PKI) Email Encryption Disk Encryption Cryptanalysis Countermeasures	6%	7

What are the similarities between PenTest+ and CEH?

As previously mentioned, the content of both PenTest+ and CEH are somewhat similar. Both are valid for three years from the date of the exam. However, PenTest+ requires 60 CEUs (Continuing Education Units) to renew, while CEH requires 120 credits for this purpose.

The content of both exams is designed by highly skilled subject matter experts (SMEs), who are specialists in penetration testing and ethical hacking. In addition, the PenTest+ exam is partly based on industry-wide survey results.

Both certifications are included in DoD Directive 8570 and are important assets for professionals who want to progress in the field of pentesting or ethical hacking in the government’s information assurance workforce. In addition, each credential is ANSI/IEC/ISO 17024 accredited and is mapped to NICE’s Specialty Areas.

PenTest+ and CEH certifications are vendor-neutral, globally recognized and available in various countries.

How do PenTest+ and CEH differ?

Despite similarities, the certifications differ from each other in various perspectives. CEH is an entry-level cert, while Pentest+ is at an intermediate level. Typical job roles can also differ, as shown below.

PenTest+ Job Roles	CEH Job Roles
Penetration tester	Jr Penetration tester
Security analyst (II)	Ethical hacker
Vulnerability tester	Auditor
Network security operations	Site administrator
Vulnerability assessment analyst	Vulnerability assessment analyst
Application security vulnerability	Network security engineer
Cloud security specialist	Information security manager
Network & security specialist	Security consultant

The difference in eligibility requirements

CompTIA recommends candidates of the PenTest+ exam have CompTIA Security+, Network+ or equivalent knowledge, in addition to a minimum of three to four years of hands-on experience in the information security or related domain. The PenTest+ exam is intended to follow CompTIA Security+, adding a technical, hands-on focus.

EC-Council’s CEH differs in that it requires a candidate to attend official network security training organized by the EC-Council’s Authorized Training Center (ATC) or meet other requirements. Below is a list of some accepted training solutions:

• Web-based training (WBT)
• Computer-based training (CBT)
• Instructor-led training (ILT)
• Academic learning

If a candidate doesn’t receive official training, they must meet the following requirements:

1. Have two (2) years of work experience in the information security field
2. Pay a non-refundable application fee of $100
3. Submit a completed exam eligibility application

The difference in exam details

To earn CompTIA PenTest+, candidates need to pass an exam available at Pearson VUE testing centers and online that covers hands-on, performance-based simulations as well as multiple-choice questions.

To earn EC-Council’s CEH certification, candidates must pass an exam available at Pearson VUE (in-person or remotely proctored) or EC-Council (ECC) test centers. The test only includes multiple-choice questions.

	PenTest+	CEH
Number of questions	Maximum of 85	Total of 125
Test format	Multiple choice and performance-based	Multiple-choice
Test duration	165 minutes	240 minutes
Passing score	750 (On a scale of 100-900)	60% to 85% (depending on which exam question bank is used)
Price	$370	$1,199

Benefits of CompTIA PenTest+

According to CompTIA, a PenTest+ certification provides professionals with three times more employability. As per the NICE Cybersecurity Workforce Framework, CompTIA PenTest+ covers two more job roles — namely, vulnerability management and vulnerability assessment — in addition to penetration testing. It also reports that, according to Indeed.com, there are approximately three times more vulnerability management and assessment jobs in the U.S. than penetration testing jobs.

Unlike several other pentesting certifications, PenTest+ provides a more comprehensive overview of what a penetration tester should know, from project planning and scoping to project reporting and communication.

CompTIA PenTest+ encourages cybersecurity pros to think offensively with an investigative mindset that can help them assess a modern network’s resiliency against cyberattacks, identify vulnerabilities and mitigate risks before something bad happens. Thinking like a penetration tester can help organizations discover weaknesses in security systems.

CompTIA PenTest+ certification validates technical skills and soft ones related to business processes, best practices and professionalism in penetration testing. These skills match the demand and needs of employers and, in the end, provide IT security practitioners with opportunities to earn a good salary and have several job prospects.

CEH benefits

In the words of EC-Council: “To beat a hacker, you need to think like one!” This is what the CEH exam and certification is all about: preparing professionals to apply the same knowledge and tools as malicious hackers, but lawfully and legitimately.

According to EC-Council, the CEH program concentrates on ethical hacking, defined as a comprehensive term to encompass a series of functions, including penetration testing.

The CEH certification enables ethical hackers to implement a proactive security approach offensively. This is in addition to the reactive security approach, which is more defensive. Ethical hackers use advanced tools and techniques to perform penetration testing on their computers using a proactive security defense. They act like real hackers, albeit ethical ones, to look for weaknesses and vulnerabilities in targeted systems; in this way, they help their clients keep their networks and data safe against ever-evolving threats.

The credential can provide a career path to IT professionals who have the right mindset that is interesting, stimulating and financially rewarding. The average salary earned by a CEH is $83,591 per annum in 2021.

PenTest+ versus CEH: Which certification is right for me?

CompTIA PenTest+ certification suits highly skilled security professionals who perform penetration testing and vulnerability assessments on the targeted systems. This exam also incorporates management skills for planning, scope, management and exploitation of weaknesses. PenTest+-certified professionals can perform penetration testing in various IT environments such as mobile, cloud, desktops, and servers. They identify possible entry points for breaches, weaknesses in systems and organizational structures, and deficiencies in policies and training while protecting the organizational security infrastructure from malicious hackers.

Suppose you already have three or four years of experience in information security and are looking for a career in the penetration realm. In that case, pursuing this credential may be right for you.

EC-Council’s CEH certification suits highly skilled security professionals who are well-versed in understanding and knowing the weaknesses and vulnerabilities in targeted systems. In roles as “white-hat hackers,” professionals keep corporate networks and data safe against the ever-evolving threats of the Internet by using the same tools and techniques as attackers, but in a lawful manner.

If you already have at least two years of work experience in the information security domain, then pursuing this credential may be right for you.

The bottom line

In this article, we looked closely at the PenTest+ and CEH certifications. Both credentials primarily focus on penetration skills. However, PenTest+ covers other areas of vulnerability management and assessment. At the same time, CEH concentrates more on a proactive approach which allows ethical hackers to perform a pentest using the same tools and techniques that the hackers do. PenTest+ requires three to four years of experience in information security, while CEH needs two years of experience in the same field.

Do you have two to three years of penetration testing or information security experience? If yes, then why not apply for both PenTest+ and CEH? Due to the same practice areas and somewhat similar exam content. Both certifications prepare you for different aspects of the ethical hacking world. They can complement each other in a way that can provide you a competitive edge over other candidates and give you peace of mind on interview day and the job.

Sources

• Certified Ethical Hacker Certification, EC-Council
• CompTIA PenTest+ Exam Code PT0-002, CompTIA
• CEH Candidate Handbook v6.0, EC-Council
• Ethical Hacking: Choosing the Right Pathway, EC-Council
• The NEW CompTIA PenTest+: Your Questions Answered, CompTIA
• CompTIA PenTest+ vs. CEH: Which Is the Best Fit for You?, CompTIA
• CEH vs. CompTIA PenTest+: Thoughts from a Penetration Tester, CompTIA
• 5 Reasons Cybersecurity Experts Love CompTIA PenTest+, CompTIA