CompTIA PT0-003 glossary of scoping, recon, exploitation, reporting, and testing terms.
Use this glossary when CompTIA PenTest+ (PT0-003) terms start to blur together. The goal is practical recognition, not encyclopedia coverage.
| Term | Exam meaning |
|---|---|
| Rules of engagement | Authorized test boundaries, constraints, timing, and communications. |
| Enumeration | Detailed discovery of users, services, shares, directories, or resources. |
| Exploit | Technique or code that takes advantage of a vulnerability. |
| Payload | Code or action delivered by an exploit. |
| Proof of concept | Safe evidence showing that a vulnerability is real. |
| Cleanup | Removing test artifacts and restoring systems after assessment. |
| Pair | How to separate them |
|---|---|
| Planning and scoping vs Reconnaissance and enumeration | Ask which layer the scenario is testing, then match the answer to that layer only. |
| Control vs evidence | A control changes behavior; evidence proves behavior or supports investigation. |
| Managed service vs custom build | Managed services win for lower operational effort unless the requirement needs unsupported customization. |
| Prevention vs detection | Prevention blocks or reduces a bad event; detection finds or reports that it happened. |
Do not memorize terms in isolation. For each term, write one scenario where it is the best answer, one scenario where it is a distractor, and one signal that proves it worked.