Comptia Pentest+ 2019

Comptia Pentest
US$ 8.99 US$ 14.99
0
Number of Students Registered

CompTIA PenTest+ is the only penetration testing certification exam taken with hands-on, performance-based questions and multiple-choice questions, to guarantee that every cyber security professional has the knowledge and ability to perform threat modeling of target and vulnerability management. PenTest+ exam also includes management skills used to plan, scope, and manage weaknesses, not just exploit them.

Overview of Comptia Pentest+ Exam

CompTIA PenTest+ assesses the most up-to-date penetration testing, and vulnerability assessment and management skills necessary to determine the resiliency of the network against attacks.

Successful candidates will have the intermediate skills required to customize assessment frameworks to effectively collaborate on and report findings.

Candidates will also have the best practices to communicate recommended strategies to improve the overall state of IT security.

CompTIA PenTest+ meets the ISO 17024 standard. Regulators and government rely on ANSI accreditation because it provides confidence and trust in the outputs of an accredited program. Over 1.3 million CompTIA ISO/ANSI-accredited exams have been delivered since January 1, 2011.

Pentest+ Examination Weight age
DOMAIN PERCENTAGE OF EXAMINATION
1. Planning and Scoping15%
2. Information Gathering and  Vulnerability Identification22%
3. Attacks and Exploits30%
4. Penetration Testing Tools17%
5. Reporting and Communication16%
Total100%
Pentest+ Examination Information
Required ExamPT0-001
Number of QuestionsMaximum of 80
Type of QuestionsMultiple choice and performance-based
Length of Test165 minutes
Recommended Experience3  to 4 years of hands-on experience performing penetration tests, vulnerability assessments, and vulnerability management
Passing Score750 (on a scale of 100-900)
Exam AvailabilityEnglish
Benefits of Being Comptia Pentest+ Certified
Improvement of SecurityPentest+ is to improve network security and provide protection for the entire network and connected devices against future attacks. It helps to identify vulnerabilities within a network
Good GovernanceIT Governance’s penetration testing team is able to support cyber security  organization’s strategy  for small, medium-sized and large businesses
Cost ManagementWith any business service, cost varies quite a bit based on a set of variables. The complexity, Methodology, Experience and Remediation are the most common variables to affect the cost of penetration testing services
Improve Knowledge SkillsA deeper, better and broader understanding of the common body of knowledge for cyber security
Career AdvancementRaise visibility and credibility, improve job security and create new opportunities
RespectDifferentiate yourself from employers, clients and peers
Solid FoundationBe better prepared to stem cyber attacks and inspire a safe and secure cyber world
Community of ProfessionalsGain access to (and respect from) a global community of like minded cyber security leaders

Chapter 01: Introduction to Penetration Testing
Technology Brief
Overview of Penetration Testing
What is Pentesting?
Types of Penetration Testing
Security Testing Standards
The Benefits of Penetration Testing
Why Perform PenTests?
How Often You Should Perform Pen-Tests?
Why is Penetration Testing Required?
When to Perform Penetration Testing
Penetration Testing Methodology
The Steps of a Penetration Testing Method
Areas of Penetration Testing
Penetration Testing- Manual and Automated
Penetration Testing – Tools
Penetration Testing – Infrastructure
Types of Infrastructure Penetration Testing
Scope
Phases of Penetration Testing
Information Security
Elements of Information Security
Information Security Threats and Attack Vectors
Top Information Security Attack Vectors
Threat Categories
Types of Attacks on a System
Information Warfare
Hacking Concepts, Types, and Phases
Hacker
Hacking
Hacking Phases
Information Security Controls
Information Assurance (IA)
Information Security Management Programs
Enterprise Information Security Architecture (EISA)
Information Security Policies
Physical Security
Summary:
Practice Question


Chapter 02: Planning and Scoping
Technology Brief
The Importance of planning for an engagement
Understanding the Target Audience
Rules of Engagement
Communication Escalation Path
Resources and Requirements
Budget
Technical Constraints
Impact Analysis and Remediation Timelines
Disclaimers
Support Resources
Key Legal Concepts
Contracts
Environmental Differences
Written Authorization
The Importance of Scoping an Engagement Properly
Types of Assessment
Special Scoping Considerations
Target Selection
Strategy
Risk Acceptance
Tolerance to Impact
Scheduling
Scope Creep
Threat Actors
Key Aspects of Compliance-based Assessments
Compliance-based Assessments, Limitations, and Caveats
Clearly Defined Objectives based on Regulations
Summary:
Practice Question


Chapter 03: Information Gathering and Vulnerability Identification
Technology Brief
Information Gathering
Scanning
Enumeration
Packet Crafting
Packet Inspection
The Benefits of Packet Inspection
OS Fingerprinting and Banner Grabbing
Cryptography
Eavesdropping
Decompilation
Debugging
Open Source Intelligence Gathering
Vulnerability Scanning
Non-credentialed vs. Credentialed Scan
Types of Scan
Container Security
Application Scan
Considerations of Vulnerability Scanning
Lab 3-1 :Creating a Network Topology Map
Lab 3-2: Vulnerability Scanning using the Nessus Vulnerability Scanning Tool
Analyze Vulnerability Scan Results
Asset Categorization
Adjudication
Prioritization of Vulnerabilities
Common Themes
The Process of Leveraging Information to Prepare for Exploitation
Vulnerabilities Mapping/Assesment to Potential Exploits
Prioritizing Vulnerabilities
Common Techniques to Complete Attack
Proof-of-Concept Development
Exploit Chaining
Specialized Systems
ICS/SCADA
Mobile
Internet of Things (IoT)
Embedded Systems
Point-of-Sale (POS) System
Biometrics
Application Containers
Real-Time Operating System (RTOS)
Summary:
Practice Questions


Chapter 04: Attacks and Exploits
Technology Brief
Social Engineering Attacks
Phishing
Elicitation
Interrogation
Impersonation
Shoulder Surfing
USB Key Drop
Motivation Techniques
Exploit Network-based Vulnerabilities
Name Resolution Exploits
SMB Exploits
SNMP Exploits
SMTP Exploits
FTP Exploits
DNS Cache Poisoning
Pass the Hash
Man-in-the-Middle
DoS/Stress Test
NAC Bypass
VLAN Hopping
Exploit Wireless and RF-based Vulnerabilities
Evil Twin
DE Authentication Attacks
Fragmentation Attacks
Credential Harvesting
WPS Implementation Weakness
Bluejacking
Bluesnarfing
RFID Cloning
Jamming
Repeating
Exploit Application-based Vulnerabilities
Application Vulnerability Management
Injections
Authentication
Authorization
Cross-site Scripting (XSS)
Cross-site Request Forgery (CSRF/XSRF)
Clickjacking
Security Misconfiguration
File Inclusion
Unsecure Code Practices
Exploit Local Host Vulnerabilities
OS Vulnerabilities
Unsecure Service and Protocol Configurations
Privilege Escalation
Default Account Settings
Sandbox Escape
Differences between Virtual Machines and Containers
Physical Device Security
Physical Security Attacks Related to Facilities
Piggybacking/Tailgating
Fence Jumping
Scope
Dumpster Diving
Lock Picking
Lock Bypass
Egress Sensor
Badge Cloning
Post-exploitation techniques.
Lateral Movement
Persistence
Covering your Tracks
Summary
Practice Questions


Chapter 05: Penetration Testing Tools
Technology Brief
Using Nmap to Conduct Information Gathering
SYN Scan (-sS)
Connect Scan (-sT)
Port Selection (-p)
Service Identification (-sV)
OS Fingerprinting (-O)
Disabling Ping (-Pn)
Target input file (-iL)
Timing (-T)
Output Parameter
Compare and Contrast Various Tools
Use Cases
Tools
Social Engineering Tools
Remote Access Tools
Networking Tools
Mobile Tools
MISC (Miscellaneous Tools)
Tool Output and Data Related to a Penetration Test
Password Cracking
Pass the Hash
Setting up a Bind Shell
Getting a Reverse Shell
Proxying a Connection
Uploading a Web Shell
Injections
Basic Scripts (Limited to Bash, Python, Ruby, and PowerShell)
Logic
I/O
Substitutions
Variables
Common Operations
Error Handling
Arrays
Encoding/Decoding
Summary
Practice Questions


Chapter 06: Reporting and Communication
Technology Brief
Report Writing and Handling
Data Normalization
Written Report of Findings and Remediation
Risk Appetite
Secure Handling and Disposition of Reports
Post-report Delivery Activities
Post-engagement Cleanup
Client Acceptance
Lessons Learned
Follow-up Actions/Retest
Attestation of Findings
Vulnerability Mitigation Strategies
Solutions
Findings
Remediation
The Importance of Communication during the Penetration Testing Process
Communication Path
Communication Triggers
Goal Reprioritization
Summary


Practice Question Answers
Acroynms
References
About Our Products

CompTIA is a performance-based certification that helps you develop a career in IT fundamental by approving the hands-on skills required to troubleshoot, configure, and manage both wired and wireless networks. CompTIA certifications help individuals build exceptional in Information Technology and enable organizations to form a skilled and confident staff.

CompTIA certifications have four IT certification series that test different knowledge standards-from entry level to expert level. CompTIA offers certification programs at the core level to professional level, which begins with the core IT fundamentals, infrastructure, cyber security leads to the professional level.

CompTIA certification helps to establish and build your IT career. It benefits you in various ways either seeking certification to have a job in IT or want to upgrade your IT career with a leading certification, that is, CompTIA certification.

comptia security + online course

Get 20% instant discount when shared to your social account

*Product must be added in cart to apply coupon

Buy Now

Leave a Comment

Your email address will not be published.

You may use these HTML tags and attributes: <a href=""> <abbr> <acronym> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Send a Message