Hack The Box HTB Certified Penetration Testing Specialist (HTB CPTS) Practice Test
Prepare for the HTB Certified Penetration Testing Specialist exam with free practice tests covering penetration testing methodology, enumeration, exploitation, web application testing, Active Directory attacks, privilege escalation, pivoting, and reporting. Each 20-question set helps you review the concepts behind the hands-on CPTS assessment.
Mixed Set — HTB CPTS Practice Tests
Use these mixed sets to review the full CPTS skill range across web, external, internal, and Active Directory penetration testing. The real exam is hands-on and does not include multiple-choice questions, so these timed sets are designed for concept review and exam-readiness reinforcement.
Domain Wise — HTB CPTS Mock Tests
Target focused CPTS topics one at a time. HTB CPTS does not publish conventional MCQ domain weights, so the percentages below show approximate Path Depth based on the HTB Academy Penetration Tester path section counts grouped into these 12 practice areas.
About the HTB CPTS Certification Exam
Everything you need to know about the hands-on CPTS format, eligibility, pricing, and the skills this certification validates.
What Is HTB CPTS?
HTB Certified Penetration Testing Specialist is a hands-on Hack The Box Academy certification for learners who want to prove intermediate penetration testing capability. Instead of a traditional multiple-choice exam, CPTS validates whether candidates can interpret a scope, enumerate targets, exploit web and infrastructure weaknesses, pivot through networks, attack Active Directory, document evidence, and write an actionable commercial-grade report.
The certification is best suited for aspiring penetration testers, red team juniors, security analysts, vulnerability analysts, incident handlers, systems administrators moving into offensive security, and cybersecurity students who want a practical credential based on real assessment workflows. Relevant career paths include Penetration Tester, Security Consultant, Vulnerability Analyst, Red Team Operator, Application Security Tester, and Cybersecurity Analyst.
Cybersecurity remains a strong career area. The U.S. Bureau of Labor Statistics reported a $124,910 median annual wage for information security analysts in May 2024 and projects 29% employment growth from 2024 to 2034, much faster than the average for all occupations.
Exam Format (2026)
Testing method: Hands-on, browser-accessible penetration testing lab with a dedicated exam instance, letter of engagement, objectives, flags, and report template.
Questions: No fixed multiple-choice question count. Candidates complete scoped hands-on objectives and submit flags as evidence of exploitation.
Duration: Exam lab access and report submission window are ten days from the time the candidate enters the exam.
Question types: Practical exploitation, enumeration, vulnerability chaining, Active Directory compromise, web and infrastructure testing, evidence capture, and professional reporting.
Passing score: No public scaled score. HTB checks minimum points and evaluates the final report against quality requirements.
Exam fee: $490 USD listed by HTB, with one required exam voucher.
Eligibility Requirements
Required path: Complete 100% of the HTB Academy Penetration Tester job-role path before starting the CPTS exam.
Experience: HTB does not require a fixed number of professional work years, but candidates should be comfortable with intermediate web and infrastructure penetration testing.
Prerequisite skills: Interpret a letter of engagement, navigate target networks, exploit vulnerabilities manually and with tools, and report findings professionally.
Attempts: Each exam voucher includes two exam attempts, according to HTB's CPTS launch guidance.
Validity: HTB states that Academy certifications have no expiration date after successful certification.
HTB CPTS Path Depth — Penetration Tester Coverage
CPTS maps to the HTB Academy Penetration Tester path, which currently contains 28 modules. Because HTB does not publish traditional MCQ domain weights, this table uses approximate percentages based on official path section counts and groups the 28 modules into the 12 practice-test areas on this page.
| Domain | Topic | Weight |
|---|---|---|
| Domain 1 | Penetration Testing Process | 7.7% |
| Domain 2 | Reconnaissance and Enumeration | 6.7% |
| Domain 3 | Web Information Gathering | 3.8% |
| Domain 4 | Vulnerability Assessment | 3.4% |
| Domain 5 | File Transfer and Payloads | 8.5% |
| Domain 6 | Password Attacks | 5.3% |
| Domain 7 | Common Services Attacks | 3.8% |
| Domain 8 | Pivoting, Tunneling, and Port Forwarding | 3.6% |
| Domain 9 | Active Directory Enumeration and Attacks | 7.3% |
| Domain 10 | Web Application Testing | 33.1% |
| Domain 11 | Privilege Escalation | 12.3% |
| Domain 12 | Reporting | 4.4% |
How Our Practice Tests Are Designed
Hands-on path alignment — Questions are written around the skills covered in the HTB Academy Penetration Tester path, including reconnaissance, enumeration, vulnerability assessment, exploitation, pivoting, Active Directory attacks, web application testing, privilege escalation, and reporting.
Realistic decision-making — CPTS rewards methodology, evidence handling, and vulnerability chaining. These practice questions emphasize what to check next, how to interpret output, how to prioritize findings, and how to communicate risk clearly.
Timer note — The official CPTS exam is a ten-day hands-on lab and does not have an official per-question timer because it is not an MCQ exam. Each practice set is timed at about 30 minutes for 20 questions, or roughly 1.5 minutes per review question, to build focus without misrepresenting the real exam format.
Focused remediation — Use mixed sets to identify weak areas, then use domain-wise tests to strengthen one topic at a time before returning to hands-on labs and report-writing practice.
HTB CPTS Exam Preparation Tips
Study Strategy
Finish the path completely: CPTS eligibility requires 100% completion of the Penetration Tester job-role path, and the path itself is the best blueprint for what HTB expects you to know.
Practice full methodology: Do not study tools in isolation. Build a repeatable workflow for scope review, recon, enumeration, exploitation, privilege escalation, pivoting, cleanup notes, and reporting.
Document while practicing: Treat practice labs like client work. Capture commands, screenshots, proof, risk, impact, reproduction steps, and remediation notes as you go.
Test-Taking Strategy
Start with the letter of engagement: Read scope, objectives, and restrictions carefully before touching the lab. CPTS is designed around professional assessment behavior.
Enumerate before exploiting: If you are stuck, return to enumeration. Service details, hidden routes, web directories, credentials, group memberships, and trust relationships often reveal the next step.
Write the report early: Begin drafting findings and attack-chain notes while you work. Waiting until the end increases the risk of missing evidence or producing a weak report.
Frequently Asked Questions
Ready to Test Your HTB CPTS Knowledge?
Start with a mixed practice set to measure your readiness, then use focused domain tests to strengthen weak areas before returning to hands-on labs.
Start HTB CPTS Practice Test 1 →Authors
-
Security Practice Test Editorial Team is the expert content team at SecurityPracticeTest.com dedicated to producing authoritative cybersecurity certification exam-prep resources. We create comprehensive practice tests, study materials, and exam-focused content for top security certifications including CompTIA Security+, SecurityX, PenTest+, CISSP, CCSP, SSCP, Certified in Cybersecurity (CC), CGRC, CISM, SC-900, SC-200, AZ-500, AWS Certified Security - Specialty, Professional Cloud Security Engineer, OSCP+, GIAC certifications, CREST certifications, Check Point, Cisco, Fortinet, and Palo Alto Networks exams. Our content is developed through careful review of official exam objectives, cybersecurity knowledge domains, and practical job-relevant concepts to help learners build confidence, strengthen understanding, and prepare effectively for certification success.
-
Sudhanshu Thakur: ReviewerEnterprise Technology and Digital Transformation Professional with 18+ years of experience in enterprise software, SaaS, industrial automation, and business consulting. Formerly associated with Rockwell Automation, Tech Mahindra, Emerson, ABB, L&T Infotech, and Hewlett Packard Enterprise.