GPEN Exam Prep: Practice Exams for GIAC Penetration Tester 1

The GIAC Penetration Tester exam is one of the most challenging offensive security certifications available. With 82 questions, a 3-hour time limit, a 73% passing requirement and CyberLive practical components mixed in, walking in underprepared is a costly mistake. This practice exam course exists to make sure that never happens to you.

This course contains five full-length, exam-realistic GPEN practice tests — 410 original questions in total — built to the exact format, difficulty level and scenario style of the real GIAC exam. Every question is written at the same complexity level as the actual test — scenario-based, tool-output-focused and designed to expose gaps in your knowledge before exam day does. With five complete exams you can track your progress over time, identify recurring weak areas across multiple attempts and build the exam stamina needed to sustain focus across a full 82-question sitting.

All five practice exams cover all three official GPEN exam domains in full. Domain 1 covers penetration testing methodology, legal frameworks, rules of engagement, passive and active reconnaissance, OSINT, DNS attacks, Nmap, NSE scripting and vulnerability scanning. Domain 2 covers exploitation, Metasploit, msfvenom, password attacks, LLMNR poisoning, NTLM relay, post-exploitation, Windows and Linux privilege escalation, credential harvesting with Mimikatz, pivoting and data exfiltration. Domain 3 covers Active Directory attacks including Kerberoasting, AS-REP roasting, BloodHound, Pass-the-Hash, Pass-the-Ticket, Golden and Silver Tickets, DCSync, ADCS certificate exploitation, Azure and Entra ID password spraying, token abuse, managed identity attacks, C2 frameworks, persistence and evasion.

Every single question across all five exams includes a detailed explanation of the correct answer and a breakdown of why each incorrect option is wrong — so you learn from every question regardless of whether you got it right. This is not a dump. Every question is original, scenario-driven and built to reflect how GIAC actually tests you.

Use the first exam as a diagnostic before you begin studying to identify your weakest domains. Use the remaining four as progressive readiness checks as your knowledge builds. By the time you complete all five you will know exactly where you stand — and you will be ready.