GPEN
GIAC Penetration Tester (GPEN)
The GIAC Penetration Tester (GPEN) validates expert-level ability to conduct authorized penetration tests using industry-standard methodologies aligned to SANS SEC560. It covers the full pen test lifecycle from planning and legal scope through reconnaissance, exploitation, post-exploitation, and reporting. GPEN is recognized by enterprise security teams, the DoD, and government agencies as a rigorous technical credential.
GPEN Exam Overview
| Detail | Information |
|---|---|
| Full Name | GIAC Penetration Tester (GPEN) |
| Governing Body | GIAC |
| Number of Questions | 82 |
| Time Limit | 3 hours |
| Passing Score | 74% |
| Exam Fee | $949 USD |
| Category | IT Certifications |
| C3RT App Available On | iPhone, iPad, and Mac |
| Official Source | GIAC official website ↗ |
GPEN Content Areas and Domains
Domain areas are sourced from the GIAC content outline.
Topics Covered
- ✓ Pen Test Planning, Scoping, and Rules of Engagement
- ✓ Passive and Active Reconnaissance (Maltego, Shodan, Recon-ng)
- ✓ Network Scanning and Service Enumeration (Nmap, Nessus)
- ✓ Exploitation with Metasploit Framework
- ✓ Credential Access — Password Cracking, Pass-the-Hash, Kerberoasting
- ✓ Web Application Attacks (SQLi, XSS, CSRF, authentication bypass)
- ✓ Post-Exploitation — Persistence, Lateral Movement, Data Exfiltration
- ✓ Active Directory Domain Exploitation and Privilege Escalation
How C3RT Helps You Pass the GPEN
Adaptive Practice
Questions adapt to your weak areas automatically so every study session on the GPEN is time well spent.
Diagnostic Mocks
Full-length mock exams timed to the real GPEN format with detailed score breakdowns by topic.
Mistake Bank
Every wrong answer is saved for targeted re-drill. The system resurfaces your mistakes until they stick.
Native on iOS & Mac
Built with SwiftUI, not a web wrapper. Instant load, offline support, hardware-speed rendering.
GPEN Frequently Asked Questions
What does GPEN stand for?
GPEN stands for GIAC Penetration Tester (GPEN). It is administered by GIAC.
Who administers the GPEN?
The GIAC Penetration Tester (GPEN) (GPEN) is administered by GIAC. For official information, visit the GIAC website.
How many questions is the GPEN?
The GPEN consists of 82 questions. Candidates are given 3 hours to complete the exam.
What is the passing score for the GPEN?
The passing score for the GPEN is 74%, as set by GIAC. Scoring methodology and passing standards may be updated periodically. Always verify current requirements with the governing body.
How much does the GPEN exam cost?
The GPEN exam fee is $949 USD. This fee is set by GIAC and may vary by testing centre, region, or membership status. Additional fees for registration or rescheduling may apply.
Is GPEN or CEH better for penetration testing?
Both are respected, but they test different things. GPEN is a proctored exam with hands-on simulation options and aligns to the SANS SEC560 course, making it more technically rigorous. CEH (EC-Council) is broader but shallower, covering a wider range of topics. Most enterprise employers value GPEN more highly for technical pen testing roles; CEH is more common in compliance-heavy environments.
Does GPEN require SANS training?
SANS training (SEC560) is not required but is the recommended preparation path. GPEN can be taken independently through GIAC's training-waiver option for experienced pen testers. GIAC exams are open-book, with access to notes and books — but the difficulty ensures deep knowledge is required regardless.
Is the GPEN exam open-book?
Yes — GIAC exams allow candidates to bring printed notes and study materials. However, the exam is time-pressured with 82 questions in 3 hours, and the questions are scenario-based at a level where looking up every answer is not feasible. Deep understanding of pen testing methodology is required to pass in time.
What is the GPEN passing score?
The passing score is 74% — at least 61 out of 82 questions correct. GIAC exams are adaptive and question pools rotate between exam sittings to prevent question sharing. The GPEN exam costs $949 and includes 2 practice exams.
C3RT is a native iOS and macOS exam preparation platform covering the GIAC Penetration Tester (GPEN) (GPEN), a IT Certifications certification, administered by GIAC. C3RT is not affiliated with or endorsed by GIAC. Certification names and trademarks are the property of their respective organisations. For official exam registration, eligibility requirements, and content outlines, visit the GIAC official website ↗ .