Hack The Box HTB Certified Active Directory Pentesting Expert (HTB CAPE) Practice Test
Prepare for the HTB Certified Active Directory Pentesting Expert exam with free practice tests covering advanced AD enumeration, Kerberos, NTLM relay, DACL abuse, ADCS, trusts, lateral movement, C2 operations, Windows evasion, and enterprise service attacks. Each 20-question set helps you review the concepts behind the hands-on CAPE assessment.
Mixed Set — HTB CAPE Practice Tests
Use these mixed sets to review the full CAPE skill range across Active Directory enumeration, attack-chain analysis, Windows and Linux tooling, authentication abuse, lateral movement, post-exploitation planning, and report-ready reasoning. The real exam is hands-on and does not include multiple-choice questions, so these timed sets are designed for concept review and exam-readiness reinforcement.
Domain Wise — HTB CAPE Mock Tests
Target focused CAPE topics one at a time. HTB CAPE does not publish conventional MCQ domain weights, so the percentages below show approximate Path Depth based on the HTB Academy Active Directory Penetration Tester path section counts for each module.
About the HTB CAPE Certification Exam
Everything you need to know about the hands-on CAPE format, eligibility, pricing, and the advanced Active Directory penetration testing skills this certification validates.
What Is HTB CAPE?
HTB Certified Active Directory Pentesting Expert is an expert-level Hack The Box Academy certification for practitioners who want to prove advanced capability in Active Directory and Windows penetration testing. Instead of a traditional multiple-choice exam, CAPE validates whether candidates can assess realistic enterprise AD environments, identify complex attack paths, execute sophisticated exploitation chains, capture evidence, and communicate findings in a professional penetration test report.
The certification aligns with the HTB Academy Active Directory Penetration Tester job-role path. It focuses on advanced AD enumeration, Kerberos and NTLM abuse, DACL misconfigurations, ADCS attacks, trust relationships, lateral movement, C2 operations, Windows evasion, and attacks against common enterprise components such as MSSQL, Exchange, and SCCM.
CAPE is suited for penetration testers, red team operators, security consultants, application security testers moving into internal networks, and blue teamers who want to understand realistic AD attack paths. Career demand for security skills remains strong: the U.S. Bureau of Labor Statistics reports a May 2024 median annual wage of $124,910 for information security analysts and projects 29% job growth from 2024 to 2034.
Exam Format (2026)
Testing method: Online hands-on assessment through the Hack The Box Academy platform using lab access, VPN or Pwnbox workflow, and report submission.
Questions: No fixed multiple-choice question count. Candidates complete practical objectives in a realistic Active Directory environment and document evidence.
Duration: HTB describes CAPE as having a 10-day exam window from the time the exam starts.
Question types: Practical AD penetration testing tasks involving enumeration, attack-path discovery, exploitation, lateral movement, post-exploitation, evidence capture, and reporting.
Passing score: HTB describes the goal as earning 90 points by submitting flags and a professional-grade report using the provided template.
Exam fee: HTB lists HTB CAPE at $1260 with 1 exam voucher required. Taxes, regional billing, or Academy plan details may vary.
Eligibility Requirements
Path completion: Candidates should complete the HTB Academy Active Directory Penetration Tester job-role path before attempting the certification exam.
Experience level: CAPE is an expert-level certification and is not intended as a first cybersecurity credential.
Technical background: Helpful skills include Windows and Linux fundamentals, network penetration testing methodology, AD administration concepts, PowerShell, LDAP, Kerberos, NTLM, BloodHound, lateral movement, privilege escalation, and report writing.
Recommended foundation: Prior hands-on experience from CPTS, professional internal penetration testing, red-team lab work, or equivalent AD practice is strongly recommended.
Certification validity: HTB Academy certifications are practical credentials issued by Hack The Box and can be validated through the HTB certificate validation process.
HTB CAPE Module Weights — 2026 Active Directory Penetration Tester Path
HTB CAPE is not a weighted MCQ exam. The table below uses the official 15-module Active Directory Penetration Tester path and shows each module’s approximate share of the 253 total path sections to help prioritize review time.
| Module | Topic | Path Sections | Approx. Path Depth |
|---|---|---|---|
| Module 1 | Active Directory Enumeration and Attacks | 36 Sections | 14.2% |
| Module 2 | Active Directory LDAP | 12 Sections | 4.7% |
| Module 3 | Active Directory PowerView | 9 Sections | 3.6% |
| Module 4 | Active Directory BloodHound | 14 Sections | 5.5% |
| Module 5 | Windows Lateral Movement | 14 Sections | 5.5% |
| Module 6 | Using CrackMapExec | 27 Sections | 10.7% |
| Module 7 | Kerberos Attacks | 23 Sections | 9.1% |
| Module 8 | DACL Attacks I | 7 Sections | 2.8% |
| Module 9 | DACL Attacks II | 9 Sections | 3.6% |
| Module 10 | NTLM Relay Attacks | 10 Sections | 4.0% |
| Module 11 | ADCS Attacks | 19 Sections | 7.5% |
| Module 12 | Active Directory Trust Attacks | 21 Sections | 8.3% |
| Module 13 | Intro to C2 Operations With Sliver | 19 Sections | 7.5% |
| Module 14 | Introduction to Windows Evasion Techniques | 14 Sections | 5.5% |
| Module 15 | MSSQL, Exchange, and SCCM Attacks | 19 Sections | 7.5% |
How Our Practice Tests Are Designed
Hands-on concept review — The real HTB CAPE exam is practical, open-ended, and report-based. These practice tests are not a replacement for lab work, but they help reinforce the concepts, tool behavior, terminology, and decision-making patterns needed before entering the exam environment.
Path-aligned coverage — Mixed tests pull from the same topic areas represented in the 15-module Active Directory Penetration Tester path, including enumeration, LDAP, PowerView, BloodHound, lateral movement, CrackMapExec, Kerberos, DACLs, NTLM relay, ADCS, trusts, C2, evasion, and enterprise application attack surfaces.
Practical timer choice — Because CAPE is a 10-day hands-on engagement rather than a fixed-question exam, there is no official per-question timer. Each 20-question practice test uses an estimated 30-minute timer to encourage careful analysis without forcing unrealistic speed.
Report-ready reasoning — Questions emphasize why an attack path works, what evidence matters, how a finding should be explained, and which remediation ideas belong in a client-ready report.
HTB CAPE Exam Preparation Tips
Study Strategy
Master the AD fundamentals first: Revisit users, groups, ACLs, trusts, Kerberos, NTLM, GPOs, certificate services, and Windows privilege models before focusing on advanced exploitation chains.
Build repeatable notes: CAPE rewards organized methodology. Keep structured notes for enumeration, decision points, commands used in authorized labs, evidence screenshots, discovered relationships, and remediation language.
Practice attack chaining: Do not study modules in isolation. Learn how LDAP discovery, BloodHound analysis, credential access, DACL abuse, lateral movement, and ADCS issues can combine into a full compromise path.
Test-Taking Strategy
Treat it like a real engagement: Start with scope review, then enumerate carefully, document every useful artifact, maintain a findings list, and preserve evidence as you go.
Manage the 10-day window: Split time across enumeration, exploitation, objective validation, report drafting, review, and final submission. Do not leave reporting until the final hours.
Explain impact clearly: A working exploit path is only part of the assessment. Your report should show business risk, proof, affected assets, root cause, and actionable remediation.
Frequently Asked Questions
Ready to Test Your HTB CAPE Knowledge?
Start with a mixed set to gauge your readiness, then use module-specific tests to strengthen weak areas before returning to hands-on Active Directory labs.
Start HTB CAPE Practice Test 1 →Authors
-
Security Practice Test Editorial Team is the expert content team at SecurityPracticeTest.com dedicated to producing authoritative cybersecurity certification exam-prep resources. We create comprehensive practice tests, study materials, and exam-focused content for top security certifications including CompTIA Security+, SecurityX, PenTest+, CISSP, CCSP, SSCP, Certified in Cybersecurity (CC), CGRC, CISM, SC-900, SC-200, AZ-500, AWS Certified Security - Specialty, Professional Cloud Security Engineer, OSCP+, GIAC certifications, CREST certifications, Check Point, Cisco, Fortinet, and Palo Alto Networks exams. Our content is developed through careful review of official exam objectives, cybersecurity knowledge domains, and practical job-relevant concepts to help learners build confidence, strengthen understanding, and prepare effectively for certification success.
-
Sudhanshu Thakur: ReviewerEnterprise Technology and Digital Transformation Professional with 18+ years of experience in enterprise software, SaaS, industrial automation, and business consulting. Formerly associated with Rockwell Automation, Tech Mahindra, Emerson, ABB, L&T Infotech, and Hewlett Packard Enterprise.