CompTIA PenTest+ (PT0-002) Study Guide

CompTIA PenTest+ (PT0-002)

Buy our CompTIA Pentest+ training course to develop strong penetration testing skills and pass the PT0-002 exam to become a certified ethical hacker.

(PT0-002.AE1) / ISBN : 978-1-64459-375-2

Lessons

Lab

TestPrep

AI Tutor (Add-on)

Instructor-Led (Add-on)

Get A Free Trial

This course includes:

Free pre-assessment and first 2 lessons

13+ Interactive Lessons | 401+ Exercises

Accessible on mobile and tablet too

Certificate of completion

Are you an instructor?

Access detailed information about the course content, learning objectives, activities, and assessments before adding it to your curriculum.

Exam Voucher

Your exam voucher code will be delivered via email within 24 hours of purchase. Buy it separately.

About This Course

Our CompTIA Pentest+ PT0-002 study guide provides the foundational knowledge and practical insights every penetration tester needs to pass the exam, impress employers, and create a personalized portfolio. Learn how to perform vulnerability scans per the legal and regulatory requirements and produce written reports listing remediation strategies against cyber threats.

Skills You’ll Get

Define the engagement's goals and limitations.
Understand legal and ethical considerations for penetration testing.
Conduct passive and active reconnaissance techniques to gather information about a target system.
Utilize tools like dig, nslookup, Maltego, and Recon-ng for information gathering.
Perform network enumeration using tools like Nmap and Zenmap.
Configure and execute vulnerability scans using tools like Nessus and OpenVAS.
Analyze and interpret vulnerability scan results to prioritize targets.
Develop a workflow for vulnerability remediation.
Conduct network attacks like ARP spoofing, XSS attacks, and DDoS attacks.
Exploit vulnerabilities in Windows services like RDP, SMB, and SMTP.
Perform social engineering attacks.
Exploit vulnerabilities in web applications like SQL injection and Cross-Site Request Forgery (CSRF).
Attack cloud technologies, mobile devices, IoT systems, and specialized systems.
Understand the role of scripting in penetration testing.
Learn basic scripting principles using Python and Bash shells.
Automate tasks and enhance penetration testing workflows using scripts.
Maintain persistence on compromised systems to conduct further exploration.
Communicate technical information to both technical and non-technical audiences.

Get the support you need. Enroll in our Instructor-Led Course.

Get Started

Interactive Lessons

13+ Interactive Lessons | 401+ Exercises | 232+ Quizzes | 571+ Flashcards | 457+ Glossary of terms

Gamified TestPrep

80+ Pre Assessment Questions | 2+ Full Length Tests | 80+ Post Assessment Questions | 160+ Practice Test Questions

Hands-On Labs

42+ LiveLab | 40+ Video tutorials | 01:48+ Hours

Lesson Plan

Introduction

CompTIA
The PenTest+ Exam
What Does This Course Cover?
CompTIA PenTest+ Certification Exam Objectives

Penetration Testing

What Is Penetration Testing?
Reasons for Penetration Testing
Who Performs Penetration Tests?
The CompTIA Penetration Testing Process
The Cyber Kill Chain
Tools of the Trade
Summary
Exam Essentials
Lab Exercises

Planning and Scoping Penetration Tests

Scoping and Planning Engagements
Penetration Testing Standards and Methodologies
Key Legal Concepts for Penetration Tests
Regulatory Compliance Considerations
Summary
Exam Essentials
Lab Exercises

Information Gathering

Footprinting and Enumeration
Active Reconnaissance and Enumeration
Information Gathering and Defenses
Summary
Exam Essentials
Lab Exercises

Vulnerability Scanning

Identifying Vulnerability Management Requirements
Configuring and Executing Vulnerability Scans
Software Security Testing
Developing a Remediation Workflow
Overcoming Barriers to Vulnerability Scanning
Summary
Exam Essentials
Lab Exercises

Analyzing Vulnerability Scans

Reviewing and Interpreting Scan Reports
Validating Scan Results
Common Vulnerabilities
Summary
Exam Essentials
Lab Exercises

Exploiting and Pivoting

Exploits and Attacks
Exploitation Toolkits
Exploit Specifics
Leveraging Exploits
Persistence and Evasion
Pivoting
Covering Your Tracks
Summary
Exam Essentials
Lab Exercises

Exploiting Physical and Social Vulnerabilities

Physical Facility Penetration Testing
Social Engineering
Summary
Exam Essentials
Lab Exercises

Exploiting Application Vulnerabilities

Exploiting Injection Vulnerabilities
Exploiting Authentication Vulnerabilities
Exploiting Authorization Vulnerabilities
Exploiting Web Application Vulnerabilities
Unsecure Coding Practices
Steganography
Application Testing Tools
Summary
Exam Essentials
Lab Exercises

Attacking Hosts, Cloud Technologies, and Specialized Systems

Attacking Hosts
Credential Attacks and Testing Tools
Remote Access
Attacking Virtual Machines and Containers
Attacking Cloud Technologies
Attacking Mobile Devices
Attacking IoT, ICS, Embedded Systems, and SCADA Devices
Attacking Data Storage
Summary
Exam Essentials
Lab Exercises

Reporting and Communication

The Importance of Communication
Recommending Mitigation Strategies
Writing a Penetration Testing Report
Wrapping Up the Engagement
Summary
Exam Essentials
Lab Exercises

Scripting for Penetration Testing

Scripting and Penetration Testing
Variables, Arrays, and Substitutions
Comparison Operations
String Operations
Flow Control
Input and Output (I/O)
Error Handling
Advanced Data Structures
Reusing Code
The Role of Coding in Penetration Testing
Summary
Exam Essentials
Lab Exercises

Hands-on LAB Activities

Information Gathering

Using dig and nslookup Commands
Performing Zone Transfer Using dig
Using Maltego to Gather Information
Using Recon-ng to Gather Information
Using Nmap for Network Enumeration
Performing Reconnaissance on a Network
Performing a Scan in Zenmap
Using Nmap for User Enumeration
Performing a UDP Scan Using Nmap
Performing Nmap SYN Scan

Vulnerability Scanning

Conducting Vulnerability Scanning Using Nessus

Analyzing Vulnerability Scans

Understanding Local Privilege Escalation

Exploiting and Pivoting

Performing Vulnerability Scanning Using OpenVAS
Searching Exploits Using searchsploit
Using Meterpreter to Display the System Information
Using the Task Scheduler
Understanding the Pass-the-hash Attack
Using the Metasploit RDP Post-Exploitation Module

Exploiting Physical and Social Vulnerabilities

Using SET Tool to Plan an Attack
Using BeEF

Exploiting Application Vulnerabilities

Exploiting Command Injection Vulnerabilities
Exploiting a Website Using SQL Injection
Conducting a Cross-Site Request Forgery Attack
Hiding Text Using Steganography
Using OWASP ZAP
Performing Session Hijacking Using Burp Suite

Attacking Hosts, Cloud Technologies, and Specialized Systems

Cracking Passwords
Cracking a Linux Password Using John the Ripper
Creating Reverse and Bind Shells Using Netcat

Scripting for Penetration Testing

Whitelisting an IP Address in the Windows Firewall
Viewing Exploits Written in Perl
Viewing the Effects of Hostile JavaScript in the Browser
Finding Live Hosts by Using the Ping Sweep in Python
Writing Bash Shell Script

Lessons Lab TestPrep AI Tutor

CompTIA A+ (220-1001)

ISBN: 9781644590768
220-1001

Try $279.00 Buy

Lessons Lab TestPrep

Comprehensive Computer Technician (CompTIA A+ 1001/1002)

ISBN: 9781644590423
220-1001-220-1002

Try $419.00 Buy

Lessons Lab TestPrep

CompTIA A+ (220-1002)

ISBN: 9781644590775
220-1002

Try $279.00 Buy

Lessons Lab TestPrep AI Tutor

Complete A+ Guide to IT Hardware and Software (1101/1102)

ISBN: 9781644593844
220-1101-1102-SCH.AB1

Try $419.00 Buy

Lessons Lab TestPrep AI Tutor Instructor-Led

CompTIA A+ Core 1 (220-1101) and Core 2 (220-1102)

ISBN: 9781644593967
220-1101-1102.AB1

Try $279.00 Buy

Lessons Lab TestPrep AI Tutor Instructor-Led

CompTIA A+ (220-1101 & 220-1102)

ISBN: 9781644593479
220-1101-1102.AE1

Try $335.00 Buy

Lessons Lab TestPrep AI Tutor Instructor-Led

CompTIA A+ (220-1101 & 220-1102)

ISBN: 9781644595282
220-1101-1102.AE2

Try $335.00 Buy

CompTIA PenTest+ (PT0-002)

Are you an instructor?

CompTIA PenTest+ (PT0-002)

About This Course