OffSec Certification

OSCP+ Practice Test

Strengthen the conceptual foundation required for the OffSec Certified Professional Plus (OSCP+) exam with free practice tests covering the core knowledge areas of the PEN-200 curriculum. Each test has 20 questions timed at approximately 30 minutes — designed to reinforce the penetration testing knowledge you need before and alongside your hands-on lab preparation.

5Practice Tests
100Total Questions
70Points to Pass
100%Free Forever

Mixed Set — OSCP+ Practice Tests

Questions covering the core PEN-200 topic areas tested across the OSCP+ exam — enumeration and reconnaissance, exploitation techniques, privilege escalation, Active Directory attacks, and penetration testing methodology. All five practice tests reflect the knowledge required to perform confidently in the real 23-hour, 45-minute hands-on exam.

01
OSCP+ Practice Test 1
20 Qs · ~30 min
Start Test →
02
OSCP+ Practice Test 2
20 Qs · ~30 min
Start Test →
03
OSCP+ Practice Test 3
20 Qs · ~30 min
Start Test →
04
OSCP+ Practice Test 4
20 Qs · ~30 min
Start Test →
05
OSCP+ Practice Test 5
20 Qs · ~30 min
Start Test →

About the OSCP+ Certification Exam

Everything you need to know about the OffSec Certified Professional Plus (OSCP+) exam — what it tests, how it is structured, how scoring works, and what this credential means for your penetration testing career.

What Is the OSCP+?

The OffSec Certified Professional Plus (OSCP+) is the updated version of OffSec's flagship OSCP certification, introduced on November 1, 2024. It is the most widely recognized entry-to-intermediate-level penetration testing certification in the industry, awarded upon passing a fully hands-on, 23-hour-45-minute practical exam. OSCP+ validates that a candidate can identify, exploit, and document vulnerabilities across both standalone Linux and Windows systems and an Active Directory domain environment — without relying on automated exploitation tools.

Unlike OSCP (which has no expiration date and is awarded permanently), OSCP+ expires after three years and requires recertification — demonstrating that skills remain current as the offensive security landscape evolves. Passing the updated exam earns both OSCP and OSCP+ simultaneously. OSCP+ certified professionals typically earn between $90,000 and $155,000 annually in the United States, with roles including Penetration Tester, Red Team Operator, Vulnerability Assessor, Security Consultant, and Offensive Security Engineer. OSCP+ is associated with OffSec's PEN-200: Penetration Testing with Kali Linux course.

Exam Format (2026)

Type: Fully hands-on, practical exam. No multiple-choice questions — you must attack and compromise real machines in a live virtual lab environment.

Duration: 23 hours 45 minutes for the exam, followed by 24 hours to write and submit your penetration test report.

Targets: 5 machines total — 3 standalone targets (20 points each: 10 for local.txt + 10 for proof.txt) and 1 Active Directory set of 3 machines worth 40 points total.

Passing score: 70 out of 100 points. No bonus points are available in OSCP+.

Metasploit: Permitted on one target machine only. Once used, it cannot be applied to any other target or for pivoting.

Report: A professional penetration test report documenting all exploitation steps must be submitted within 24 hours of the exam ending. Failure to submit voids your score.

Open book: Yes — notes, online resources, and the OffSec Learning Platform are permitted. AI chatbots and LLMs are prohibited.

Eligibility and Pricing

Prerequisites: No formal prerequisites. Anyone can register and sit the OSCP+ exam. However, the exam is demanding and OffSec strongly recommends completing PEN-200 and its lab exercises before attempting it.

Recommended background: Practical knowledge of Linux and Windows administration, TCP/IP networking, Bash scripting, and basic Python or Perl. Experience with common penetration testing tools is strongly advised.

Standalone exam: Approximately $1,699 USD for two exam attempts valid for 120 days.

Learn One subscription: Includes one year of PEN-200 course access and two exam attempts.

Retake: $249 USD per individual retake attempt.

OSCP+ validity: 3 years. Renew via the OffSec CPE program (120 credits + $145 annual fee), passing a recertification exam, or earning another qualifying OffSec certification. OSCP itself never expires.

OSCP+ Exam Scoring — Points Breakdown

The OSCP+ exam awards 100 points total across two components. You need 70 points to pass. The Active Directory set is the highest-value single component at 40 points, making domain compromise a critical milestone for most successful candidates.

ComponentTargetsPoints
Standalone Machines3 independent targets (Linux or Windows)60 pts
— Local Accesslocal.txt per standalone machine10 pts each
— Root / Adminproof.txt per standalone machine10 pts each
Active Directory Set3 machines: 2 workstations + 1 Domain Controller40 pts
— AD Machine 1Initial access / lateral movement10 pts
— AD Machine 2Continued lateral movement10 pts
— Domain ControllerFull domain compromise20 pts
Passing ThresholdMinimum required to pass70 / 100

How Our Practice Tests Are Designed

Conceptual knowledge supporting practical execution — The OSCP+ is a hands-on exam, but deep conceptual understanding of how attacks work — their mechanics, prerequisites, indicators, and failure modes — is what makes hands-on execution reliable under time pressure. Our practice questions test the applied knowledge of enumeration logic, exploitation technique selection, privilege escalation paths, Active Directory attack chains, and methodology — the thinking that supports confident lab execution.

PEN-200 curriculum coverage — Questions are drawn from the full breadth of PEN-200 topic areas: passive and active reconnaissance, service enumeration, vulnerability identification, exploitation, post-exploitation, privilege escalation on Linux and Windows, Active Directory enumeration and attack techniques, pivoting, tunneling, and penetration test report writing. Anything in the PEN-200 course material is subject to appear on the real exam.

Active Directory emphasis — The AD set at 40 points is the single highest-value component of the OSCP+ exam. Practice questions on AD attack chains — including AS-REP roasting, Kerberoasting, Pass-the-Hash, BloodHound-driven path identification, and lateral movement to domain compromise — receive proportionally greater coverage in every practice set.

Timed practice sessions — Each 20-question test is set to 30 minutes, providing a focused, timed session to reinforce conceptual accuracy. This complements your hands-on lab practice by keeping your knowledge of attack concepts, tool syntax, and methodology sharp between active lab sessions.

OSCP+ Exam Preparation Tips

Study Strategy

Complete the PEN-200 course and all challenge labs: The PEN-200 course — including its 20+ modules, companion videos, hands-on labs, and nine challenge labs — is the foundation of OSCP+ preparation. Especially important are the three challenge labs specifically designed to replicate the OSCP+ exam environment. Do not skip the challenge labs to get to the exam faster — candidates who have not worked through them are statistically far less likely to pass on the first attempt.

Master Active Directory attacks deeply: The AD set accounts for 40 points — you need it to pass unless you can near-perfectly complete the standalone machines. Focus on understanding the complete AD attack chain from initial access through lateral movement to Domain Controller compromise. Practice Kerberoasting, AS-REP roasting, Pass-the-Hash, BloodHound enumeration, and DCSync methodology until each step is automatic.

Practice outside of PEN-200 on OffSec Proving Grounds: Proving Grounds Play offers free daily access to OSCP-like machines. Proving Grounds Practice provides additional paid access to a wider machine library. TJ Null's publicly maintained list of OSCP-like HackTheBox and Proving Grounds machines is widely used by the community to expand practical exposure beyond the PEN-200 labs.

Exam-Day Strategy

Prioritize the Active Directory set first: Many experienced OSCP candidates recommend starting with the AD set. It is worth 40 points — the most of any single component — and it must be completed sequentially (you cannot earn partial credit for AD machine 3 without compromising machines 1 and 2 first). Securing 40 points early creates a strong foundation and reduces pressure on the standalone machines.

Take structured breaks during the 23-hour-45-minute window: The exam is a stamina challenge as much as a technical one. Plan sleep and rest strategically — many candidates find their problem-solving degrades sharply after 12 to 14 hours of continuous work. If you are stuck on a target, a genuine rest break often produces faster progress than continued frustrated effort.

Document everything as you go — not after: The report must be submitted within 24 hours of the exam ending. Candidates who rely on memory to reconstruct their steps after completing the exam consistently miss critical screenshots, command outputs, and exploitation details. Take screenshots and copy command output in real time, for every significant step on every target, from the moment the exam begins.

Frequently Asked Questions

What is the difference between OSCP and OSCP+?+
OSCP and OSCP+ are earned from the same exam. Passing the updated OffSec exam (effective November 1, 2024) awards you both credentials simultaneously. The only difference is validity: OSCP never expires and is yours permanently. OSCP+ expires after three years and requires recertification — signaling to employers that your skills are actively maintained and current. If you do not recertify, you lose the "+" designation but keep your OSCP for life.
How many points do I need to pass the OSCP+ exam?+
You need 70 out of 100 points to pass. The exam awards up to 60 points for three standalone machines (10 points for local.txt and 10 points for proof.txt on each) and 40 points for the Active Directory set (10 for machine 1, 10 for machine 2, and 20 for full Domain Controller compromise). No bonus points are available in OSCP+.
How long is the OSCP+ exam?+
The OSCP+ exam is 23 hours and 45 minutes of hands-on testing time, followed by a 24-hour reporting window during which you must write and submit your penetration test report. Failure to submit your report within the 24-hour reporting window results in automatic disqualification, even if you successfully compromised all targets during the exam.
Are these OSCP+ practice tests free?+
Yes. All OSCP+ practice tests on Security Practice Test are completely free with no account or registration required. Select any test and start practicing immediately — no payment, no sign-up, and no limit on how often you access them. These tests reinforce the conceptual knowledge that supports strong hands-on performance in the real exam.
Can I use Metasploit during the OSCP+ exam?+
Yes, but with strict restrictions. You may use Metasploit — including its auxiliary modules, exploit modules, and Meterpreter — on exactly one target machine. Once you use Metasploit on a target, it is considered "locked" to that machine. You may not use Metasploit for pivoting because doing so would affect more than one target. Tools with similar automated exploitation functionality are also prohibited. Using AI chatbots or LLMs during the exam is not permitted.
Is the OSCP+ exam open book?+
Yes. The OSCP+ is an open-book exam. You may use your own notes, online resources, the OffSec Learning Platform, and similar reference materials during the exam. However, all activities must take place on the host machine where the proctoring application is running. AI chatbots and LLMs with direct prompt access — including tools like ChatGPT — are explicitly prohibited during both the exam and the reporting phase.
Do I need to complete PEN-200 before taking the OSCP+ exam?+
No. PEN-200 is not a formal prerequisite to register for the OSCP+ exam. Candidates with strong prior penetration testing experience do occasionally self-study and pass without the course. However, OffSec strongly recommends PEN-200 for most candidates — the exam is demanding, the course is the primary resource designed to prepare you for it, and the three challenge labs that replicate the exam environment are only accessible through a PEN-200 subscription.
How do I maintain my OSCP+ after three years?+
Before your OSCP+ expires, you can maintain the "+" designation by completing the OffSec CPE program (earning 120 CPE credits over 3 years and paying the $145 annual maintenance fee), passing a recertification exam, or earning another qualifying OffSec certification such as OSEP, OSED, OSWE, or OSEE. If you allow OSCP+ to lapse without recertifying, you retain your OSCP credential permanently — you simply lose the "+" designation until you recertify.

Ready to Test Your OSCP+ Knowledge?

Start with Practice Test 1 to assess your conceptual readiness across the core PEN-200 topic areas, then use repeated sessions alongside your hands-on lab practice to sharpen the knowledge that drives confident exam performance.

Start OSCP+ Practice Test 1 →

Authors

  • Security Practice Test Editorial Team
    : Author

    Security Practice Test Editorial Team is the expert content team at SecurityPracticeTest.com dedicated to producing authoritative cybersecurity certification exam-prep resources. We create comprehensive practice tests, study materials, and exam-focused content for top security certifications including CompTIA Security+, SecurityX, PenTest+, CISSP, CCSP, SSCP, Certified in Cybersecurity (CC), CGRC, CISM, SC-900, SC-200, AZ-500, AWS Certified Security - Specialty, Professional Cloud Security Engineer, OSCP+, GIAC certifications, CREST certifications, Check Point, Cisco, Fortinet, and Palo Alto Networks exams. Our content is developed through careful review of official exam objectives, cybersecurity knowledge domains, and practical job-relevant concepts to help learners build confidence, strengthen understanding, and prepare effectively for certification success.
  • Sudhanshu Thakur - Reviewer
    : Reviewer

    Enterprise Technology and Digital Transformation Professional with 18+ years of experience in enterprise software, SaaS, industrial automation, and business consulting. Formerly associated with Rockwell Automation, Tech Mahindra, Emerson, ABB, L&T Infotech, and Hewlett Packard Enterprise.