The U.S. Department of Defense (DoD) has certified the CompTIA PenTest+ penetration testing exam for cybersecurity professionals, according to a prepared statement. It also has added PenTest+ to its Directive 8570.01-Manual of approved baseline certifications for military personnel and defense contractors working in DoD information assurance roles.
With the certification, PenTest+ now satisfies various DoD job requirements in the following workforce categories:
- Cybersecurity Service Provider Analyst (CSSP-A)
- Cybersecurity Service Provider Incident Response (CSSP-IR)
- Cybersecurity Service Provider Auditor (CSSP-AU)
Along with PenTest+, the following CompTIA certifications are included in Directive 8570.01-M:
- A+
- Network+
- Security+
- Cloud+
- Cybersecurity Analyst (CySA+)
- CompTIA Advanced Security Practitioner (CASP+)
DoD Directive 8570 is used to identify, tag, track and manage the department's information assurance workforce, CompTIA noted. It establishes baseline IT certification requirements to validate the knowledge, skills and abilities of personnel working in cybersecurity roles.
A Closer Look at PenTest+
PenTest+ is a penetration testing exam taken at a Pearson VUE testing center, and it includes both hands-on, performance-based questions and multiple-choice questions, CompTIA indicated. Jobs where PenTest+ is commonly used include:
- Penetration tester
- Vulnerability tester
- Security analyst
PenTest+ ensures that each candidate possesses the skills, knowledge and ability to perform a variety of penetration testing tasks, including:
- Gathering information about security vulnerabilities
- Responding to network, wireless, application and other vulnerabilities
- Developing and executing vulnerability mitigation strategies
PenTest+ also requires a candidate to demonstrate hands-on ability and knowledge to test devices in the cloud, on mobile devices and across traditional desktops and servers, CompTIA stated. In doing so, PenTest+ can be used to evaluate a candidate's ability to plan, scope and eliminate security weaknesses.