CompTIA PenTest+

PenTest+ vs. CEH: Which certification is better? [2021 update]

February 3, 2022 by Daniel Brecht

When looking for a certification in the penetration testing realm, you’ll see that CompTIA’s PenTest+ and EC-Council’s CEH (Certified Ethical Hacker) certifications are somewhat similar to each other in terms of content as they both assess pentesting skills. They are also challenging and geared towards intermediate-level professionals with experience in a dedicated cybersecurity role.

Suppose you are preparing for a job in penetration testing, vulnerability assessment and management. In that case, you may be wondering whether one or both of these certifications will be worth pursuing.

The CompTIA PenTest+ objectives (domains) and CEH exam blueprint provide details on what the exam covers. “Objectives” and “blueprint” can be used interchangeably for exam content. Below are the details of the PenTest+ and CEH exams, along with the weight of each domain.

CompTIA PenTest+ (PTO-002) objectives

Domains Objectives Exam Percentage
1. Planning and Scoping Governance, risk and compliance concepts

Scoping and organizational/customer requirements

Professionalism and integrity

14%
2. Information Gathering and Vulnerability Scanning Perform passive reconnaissance

Perform active reconnaissance

Analyze the results of a reconnaissance

Perform vulnerability scanning

22%
3. Attacks and Exploits Research attack vectors and perform

  • network attacks
  • wireless attacks
  • application-based attacks
  • attacks on cloud technologies

Common attacks and vulnerabilities against specialized systems

Social engineering or physical attack

Post-exploitation techniques

30%
4. Reporting and Communication Important components of written reports

Analyze the findings and recommend the appropriate remediation

Importance of communication during penetration testing

Post-report delivery activities

18%
5. Tools and Code Analysis Scripting and software development

Analyze a script or code sample for use in a penetration test

Use of specific tools during penetration testing

16%
Total   100%

 

CEH exam blueprint v4.0

Domains Sub Domain & Description %Weight Number of Questions
1. Information Security and Ethical Hacking Overview Introduction to Ethical Hacking

  • Information Security Overview
  • Cyber Kill Chain Concepts 
  • Hacking Concepts
  • Ethical Hacking Concepts 
  • Information Security Controls
  • Information Security Laws and Standards
6% 8
2. Reconnaissance Techniques Footprinting and Reconnaissance

  • Footprinting Concepts
  • Footprinting Methodology
  • Footprinting through Search Engines
  • Footprinting through Web Service
  • Footprinting through Social Networking Sites
  • Website Footprinting
  • Email Footprinting
  • Whois Footprinting
  • DNS Footprinting
  • Network Footprinting
  • Footprinting through Social Engineering
  • Footprinting Tools
  • Footprinting Countermeasures

 Scanning Networks

  •  Network Scanning Concepts
  • Scanning Tool
  • Host Discovery
  • Port and Service Discovery
  • OS Discovery (Banner Grabbing/OS Fingerprinting)
  • Scanning Beyond IDS and Firewall
  • Draw Network Diagrams

Enumeration

  • Enumeration Concepts
  • NetBIOS Enumeration
  • SNMP Enumeration
  • LDAP Enumeration
  • NTP and NFS Enumeration
  • SMTP and DNS Enumeration
  • Other Enumeration Techniques (IPsec, VoIP, RPC, Unix/Linux, Telnet, FTP, TFTP, SMB, IPv6, and BGP enumeration)
  • Enumeration Countermeasures
21% 26
3. System Hacking Phases and Attack Techniques Vulnerability Analysis

  • Vulnerability Assessment Concepts
  • Vulnerability Classification and Assessment Types
  • Vulnerability Assessment Solutions and Tools
  • Vulnerability Assessment Reports

System Hacking

  • System Hacking Concepts
  • Gaining Access
  • Cracking Passwords
  • Vulnerability Exploitation
  • Escalating Privileges
  • Maintaining Access
  • Executing Applications
  • Hiding Files
  • Clearing Logs

Malware Threats

  • Malware Concepts
  • APT Concepts
  • Trojan Concepts
  • Virus and Worm Concepts
  • File-less Malware Concepts
  • Malware Analysis
  • Malware Countermeasures
  • Anti-Malware Software
17% 21
4. Network and Perimeter Hacking Sniffing

  • Sniffing Concepts
  • Sniffing Technique: MAC Attacks
  • Sniffing Technique: DHCP Attacks
  • Sniffing Technique: ARP Poisoning
  • Sniffing Technique: Spoofing Attacks
  • Sniffing Technique: DNS Poisoning
  • Sniffing Tools
  • Sniffing Countermeasures
  • Sniffing Detection Techniques

Social Engineering

  • Social Engineering Concepts
  • Social Engineering Techniques
  • Insider Threats
  • Impersonation on Social
  • Networking Sites
  • Identity Theft
  • Social Engineering Countermeasures

 Denial-of-Service

  • DoS/DDoS Concepts
  • DoS/DDoS Attack Techniques
  • Botnets
  • DDoS
  • Case Study
  • DoS/DDoS Attack Tools
  • DoS/DDoS Countermeasures
  • DoS/DDoS Protection Tools

Session Hijacking

  • Session Hijacking Concepts
  • Application Level Session Hijacking
  • Network Level Session Hijacking
  • Session Hijacking Tools
  • Session Hijacking Countermeasures

Evading IDS, Firewalls and Honeypots

  • IDS, IPS, Firewall, and Honeypot Concepts
  • IDS, IPS, Firewall, and Honeypot Solutions
  • Evading IDS
  • Evading Firewalls
  • IDS/Firewall Evading Tools
  • Detecting Honeypots
  • IDS/Firewall Evasion Countermeasures
14% 18
5. Web Application Hacking Hacking Web Servers

  • Web Server Concepts
  • Web Server Attacks
  • Web Server Attack Methodology
  • Web Server Attack Tools
  • Web Server Countermeasures
  • Patch Management
  • Web Server Security Tools

Hacking Web Application

  • Web App Concepts
  • Web App Threats
  • Web App Hacking Methodology
  • Footprint Web Infrastructure
  • Analyze Web Applications
  • Bypass Client-Side Controls
  • Attack Authentication Mechanism
  • Attack Authorization Schemes
  • Attack Access Controls
  • Attack Session Management Mechanism
  • Perform Injection Attacks
  • Attack Application Logic Flaws
  • Attack Shared Environments
  • Attack Database Connectivity
  • Attack Web App Client
  • Attack Web Services
  • Web API, Webhooks and Web Shell
  • Web App Security

SQL Injection

  • SQL Injection Concepts
  • Types of SQL Injection
  • SQL Injection Methodology
  • SQL Injection Tools
  • Evasion Techniques
  • SQL Injection Countermeasures
16% 20
6. Wireless Network Hacking Hacking Wireless Networks

  • Wireless Concepts
  • Wireless Encryption
  • Wireless Threats
  • Wireless Hacking Methodology
  • Wireless Hacking Tools
  • Bluetooth Hacking
  • Wireless Countermeasures
  • Wireless Security Tools
6% 8
7. Mobile Platform, IoT and OT Hacking Hacking Mobile Platforms

  • Mobile Platform Attack Vectors
  • Hacking Android OS
  • Hacking iOS
  • Mobile Device Management
  • Mobile Security Guidelines and Tools

IoT and OT Hacking

  • IoT Concepts
  • IoT Attacks
  • IoT Hacking Methodology
  • IoT Hacking Tools
  • IoT Countermeasures
  • OT Concepts
  • OT Attacks
  • OT Hacking Methodology
  • OT Hacking Tools
  • OT Countermeasures
8% 10
8. Cloud Computing Cloud Computing

  • Cloud Computing Concepts
  • Container Technology
  • Serverless Computing
  • Cloud Computing Threats
  • Cloud Hacking
  • Cloud Security
6% 7
9. Cryptography Cryptography

  • Cryptography Concepts
  • Encryption Algorithms
  • Cryptography Tools
  • Public Key Infrastructure (PKI)
  • Email Encryption
  • Disk Encryption
  • Cryptanalysis
  • Countermeasures
6% 7

What are the similarities between PenTest+ and CEH?

As previously mentioned, the content of both PenTest+ and CEH are somewhat similar. Both are valid for three years from the date of the exam. However, PenTest+ requires 60 CEUs (Continuing Education Units) to renew, while CEH requires 120 credits for this purpose.

The content of both exams is designed by highly skilled subject matter experts (SMEs), who are specialists in penetration testing and ethical hacking. In addition, the PenTest+ exam is partly based on industry-wide survey results.

Both certifications are included in DoD Directive 8570 and are important assets for professionals who want to progress in the field of pentesting or ethical hacking in the government’s information assurance workforce. In addition, each credential is ANSI/IEC/ISO 17024 accredited and is mapped to NICE’s Specialty Areas.

PenTest+ and CEH certifications are vendor-neutral, globally recognized and available in various countries.

How do PenTest+ and CEH differ?

Despite similarities, the certifications differ from each other in various perspectives. CEH is an entry-level cert, while Pentest+ is at an intermediate level. Typical job roles can also differ, as shown below.

PenTest+ Job Roles CEH Job Roles
Penetration tester Jr Penetration tester
Security analyst (II) Ethical hacker
Vulnerability tester Auditor
Network security operations Site administrator
Vulnerability assessment analyst Vulnerability assessment analyst
Application security vulnerability Network security engineer
Cloud security specialist Information security manager
Network & security specialist Security consultant

The difference in eligibility requirements

CompTIA recommends candidates of the PenTest+ exam have CompTIA Security+, Network+ or equivalent knowledge, in addition to a minimum of three to four years of hands-on experience in the information security or related domain. The PenTest+ exam is intended to follow CompTIA Security+, adding a technical, hands-on focus.

EC-Council’s CEH differs in that it requires a candidate to attend official network security training organized by the EC-Council’s Authorized Training Center (ATC) or meet other requirements. Below is a list of some accepted training solutions:

  • Web-based training (WBT)
  • Computer-based training (CBT)
  • Instructor-led training (ILT)
  • Academic learning

If a candidate doesn’t receive official training, they must meet the following requirements:

  1. Have two (2) years of work experience in the information security field
  2. Pay a non-refundable application fee of $100
  3. Submit a completed exam eligibility application

The difference in exam details

To earn CompTIA PenTest+, candidates need to pass an exam available at Pearson VUE testing centers and online that covers hands-on, performance-based simulations as well as multiple-choice questions.

To earn EC-Council’s CEH certification, candidates must pass an exam available at Pearson VUE (in-person or remotely proctored) or EC-Council (ECC) test centers. The test only includes multiple-choice questions.

PenTest+ CEH
Number of questions Maximum of 85 Total of 125
Test format Multiple choice and performance-based Multiple-choice
Test duration 165 minutes 240 minutes
Passing score 750 (On a scale of 100-900) 60% to 85% (depending on which exam question bank is used)
Price $370  $1,199 

Benefits of CompTIA PenTest+

According to CompTIA, a PenTest+ certification provides professionals with three times more employability. As per the NICE Cybersecurity Workforce Framework, CompTIA PenTest+ covers two more job roles — namely, vulnerability management and vulnerability assessment — in addition to penetration testing. It also reports that, according to Indeed.com, there are approximately three times more vulnerability management and assessment jobs in the U.S. than penetration testing jobs.

Unlike several other pentesting certifications, PenTest+ provides a more comprehensive overview of what a penetration tester should know, from project planning and scoping to project reporting and communication.

CompTIA PenTest+ encourages cybersecurity pros to think offensively with an investigative mindset that can help them assess a modern network’s resiliency against cyberattacks, identify vulnerabilities and mitigate risks before something bad happens. Thinking like a penetration tester can help organizations discover weaknesses in security systems.

CompTIA PenTest+ certification validates technical skills and soft ones related to business processes, best practices and professionalism in penetration testing. These skills match the demand and needs of employers and, in the end, provide IT security practitioners with opportunities to earn a good salary and have several job prospects.

CEH benefits

In the words of EC-Council: “To beat a hacker, you need to think like one!” This is what the CEH exam and certification is all about: preparing professionals to apply the same knowledge and tools as malicious hackers, but lawfully and legitimately.

According to EC-Council, the CEH program concentrates on ethical hacking, defined as a comprehensive term to encompass a series of functions, including penetration testing.

The CEH certification enables ethical hackers to implement a proactive security approach offensively. This is in addition to the reactive security approach, which is more defensive. Ethical hackers use advanced tools and techniques to perform penetration testing on their computers using a proactive security defense. They act like real hackers, albeit ethical ones, to look for weaknesses and vulnerabilities in targeted systems; in this way, they help their clients keep their networks and data safe against ever-evolving threats.

The credential can provide a career path to IT professionals who have the right mindset that is interesting, stimulating and financially rewarding. The average salary earned by a CEH is $83,591 per annum in 2021.

PenTest+ versus CEH: Which certification is right for me?

CompTIA PenTest+ certification suits highly skilled security professionals who perform penetration testing and vulnerability assessments on the targeted systems. This exam also incorporates management skills for planning, scope, management and exploitation of weaknesses. PenTest+-certified professionals can perform penetration testing in various IT environments such as mobile, cloud, desktops, and servers. They identify possible entry points for breaches, weaknesses in systems and organizational structures, and deficiencies in policies and training while protecting the organizational security infrastructure from malicious hackers.

Suppose you already have three or four years of experience in information security and are looking for a career in the penetration realm. In that case, pursuing this credential may be right for you.

EC-Council’s CEH certification suits highly skilled security professionals who are well-versed in understanding and knowing the weaknesses and vulnerabilities in targeted systems. In roles as “white-hat hackers,” professionals keep corporate networks and data safe against the ever-evolving threats of the Internet by using the same tools and techniques as attackers, but in a lawful manner.

If you already have at least two years of work experience in the information security domain, then pursuing this credential may be right for you.

The bottom line

In this article, we looked closely at the PenTest+ and CEH certifications. Both credentials primarily focus on penetration skills. However, PenTest+ covers other areas of vulnerability management and assessment. At the same time, CEH concentrates more on a proactive approach which allows ethical hackers to perform a pentest using the same tools and techniques that the hackers do. PenTest+ requires three to four years of experience in information security, while CEH needs two years of experience in the same field.

Do you have two to three years of penetration testing or information security experience? If yes, then why not apply for both PenTest+ and CEH? Due to the same practice areas and somewhat similar exam content. Both certifications prepare you for different aspects of the ethical hacking world. They can complement each other in a way that can provide you a competitive edge over other candidates and give you peace of mind on interview day and the job.

Sources

Posted: February 3, 2022
Author
Daniel Brecht
View Profile

Daniel Brecht has been writing for the Web since 2007. His interests include computers, mobile devices and cyber security standards. He has enjoyed writing on a variety of topics ranging from cloud computing to application development, web development and e-commerce. Brecht has several years of experience as an Information Technician in the military and as an education counselor. He holds a graduate Certificate in Information Assurance and a Master of Science in Information Technology.

Leave a Reply

Your email address will not be published.