CompTIA PenTest+ (PT0-002)
(PT0-002.AE1)/ISBN:978-1-64459-375-2
CompTIA PenTest+ (PT0-002) comes in handy as the PT0-002 study guide with well descriptive interactive lessons containing knowledge checks, quizzes, flashcards, and glossary terms to get a detailed understanding of the concepts, such as planning and scoping a penetration testing engagement, understanding legal and compliance requirements, performing vulnerability scanning and penetration testing using appropriate tools and techniques, and then analyzing the results, and so on. The live labs present in the course will give you a hands-on experience of penetration testing.
Here's what you will get
CompTIA PenTest+ PT0-002 exam requires a candidate to demonstrate hands-on ability to complete a penetration testing engagement and mitigate security weaknesses and vulnerabilities, as well as how to exploit them. PenTest+ assesses the most up-to-date penetration testing, and vulnerability assessment and management skills necessary to determine the resiliency of the network against attacks.
Lessons
13+ Lessons | 401+ Exercises | 232+ Quizzes | 571+ Flashcards | 457+ Glossary of terms
TestPrep
80+ Pre Assessment Questions | 2+ Full Length Tests | 80+ Post Assessment Questions | 160+ Practice Test Questions
Hand on lab
40+ LiveLab | 40+ Video tutorials | 01:48+ Hours
Need guidance and support? Click here to check our Instructor Led Course.
Here's what you will learn
Download Course OutlineLessons 1: Introduction
- CompTIA
- The PenTest+ Exam
- What Does This Course Cover?
- CompTIA PenTest+ Certification Exam Objectives
Lessons 2: Penetration Testing
- What Is Penetration Testing?
- Reasons for Penetration Testing
- Who Performs Penetration Tests?
- The CompTIA Penetration Testing Process
- The Cyber Kill Chain
- Tools of the Trade
- Summary
- Exam Essentials
- Lab Exercises
Lessons 3: Planning and Scoping Penetration Tests
- Scoping and Planning Engagements
- Penetration Testing Standards and Methodologies
- Key Legal Concepts for Penetration Tests
- Regulatory Compliance Considerations
- Summary
- Exam Essentials
- Lab Exercises
Lessons 4: Information Gathering
- Footprinting and Enumeration
- Active Reconnaissance and Enumeration
- Information Gathering and Defenses
- Summary
- Exam Essentials
- Lab Exercises
Lessons 5: Vulnerability Scanning
- Identifying Vulnerability Management Requirements
- Configuring and Executing Vulnerability Scans
- Software Security Testing
- Developing a Remediation Workflow
- Overcoming Barriers to Vulnerability Scanning
- Summary
- Exam Essentials
- Lab Exercises
Lessons 6: Analyzing Vulnerability Scans
- Reviewing and Interpreting Scan Reports
- Validating Scan Results
- Common Vulnerabilities
- Summary
- Exam Essentials
- Lab Exercises
Lessons 7: Exploiting and Pivoting
- Exploits and Attacks
- Exploitation Toolkits
- Exploit Specifics
- Leveraging Exploits
- Persistence and Evasion
- Pivoting
- Covering Your Tracks
- Summary
- Exam Essentials
- Lab Exercises
Lessons 8: Exploiting Network Vulnerabilities
- Identifying Exploits
- Conducting Network Exploits
- Exploiting Windows Services
- Identifying and Exploiting Common Services
- Wireless Exploits
- Summary
- Exam Essentials
- Lab Exercises
Lessons 9: Exploiting Physical and Social Vulnerabilities
- Physical Facility Penetration Testing
- Social Engineering
- Summary
- Exam Essentials
- Lab Exercises
Lessons 10: Exploiting Application Vulnerabilities
- Exploiting Injection Vulnerabilities
- Exploiting Authentication Vulnerabilities
- Exploiting Authorization Vulnerabilities
- Exploiting Web Application Vulnerabilities
- Unsecure Coding Practices
- Steganography
- Application Testing Tools
- Summary
- Exam Essentials
- Lab Exercises
Lessons 11: Attacking Hosts, Cloud Technologies, and Specialized Systems
- Attacking Hosts
- Credential Attacks and Testing Tools
- Remote Access
- Attacking Virtual Machines and Containers
- Attacking Cloud Technologies
- Attacking Mobile Devices
- Attacking IoT, ICS, Embedded Systems, and SCADA Devices
- Attacking Data Storage
- Summary
- Exam Essentials
- Lab Exercises
Lessons 12: Reporting and Communication
- The Importance of Communication
- Recommending Mitigation Strategies
- Writing a Penetration Testing Report
- Wrapping Up the Engagement
- Summary
- Exam Essentials
- Lab Exercises
Lessons 13: Scripting for Penetration Testing
- Scripting and Penetration Testing
- Variables, Arrays, and Substitutions
- Comparison Operations
- String Operations
- Flow Control
- Input and Output (I/O)
- Error Handling
- Advanced Data Structures
- Reusing Code
- The Role of Coding in Penetration Testing
- Summary
- Exam Essentials
- Lab Exercises
Hands-on LAB Activities
Information Gathering
- Using dig and nslookup Commands
- Performing Zone Transfer Using dig
- Using Maltego to Gather Information
- Using Recon-ng to Gather Information
- Using Nmap for Network Enumeration
- Performing Reconnaissance on a Network
- Performing an Intense Scan in Zenmap
- Using Nmap for User Enumeration
- Performing Nmap UDP Scan
- Performing Nmap SYN Scan
Vulnerability Scanning
- Conducting Vulnerability Scanning Using Nessus
Analyzing Vulnerability Scans
- Understanding Local Privilege Escalation
Exploiting and Pivoting
- Performing Vulnerability Scanning Using OpenVAS
- Searching Exploits Using searchsploit
- Using Meterpreter
- Using the Task Scheduler
- Understanding the Pass-the-hash Attack
- Using the Metasploit RDP Post-Exploitation Module
Exploiting Network Vulnerabilities
- Performing ARP Spoofing
- Simulating the DDoS Attack
- Using the EternalBlue Exploit in Metasploit
- Exploiting SMB
- Exploiting SMTP
- Exploiting SNMP
Exploiting Physical and Social Vulnerabilities
- Using the SET Tool
- Using BeEF
Exploiting Application Vulnerabilities
- Exploiting Command Injection Vulnerabilities
- Exploiting a Website Using SQL Injection
- Conducting a Cross-Site Request Forgery Attack
- Hiding Text Using Steganography
- Using OWASP ZAP
- Performing Session Hijacking Using Burp Suite
Attacking Hosts, Cloud Technologies, and Specialized Systems
- Cracking Passwords
- Cracking a Linux Password Using John the Ripper
- Creating Reverse and Bind Shells Using Netcat
Scripting for Penetration Testing
- Whitelisting an IP Address in the Windows Firewall
- Viewing Exploits Written in Perl
- Viewing the Effects of Hostile JavaScript in the Browser
- Finding Live Hosts by Using the Ping Sweep in Python
- Writing Bash Shell Script
Exam FAQs
Network+, Security+ or equivalent knowledge. Minimum of 3-4 years of hands-on information security or related experience. While there is no required prerequisite, PenTest+ is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus.
$370 USD
Pearson VUE
Performance-based and multiple choice
The exam contains Maximum of 85 questions.
165 minutes
750
(on a scale of 100-900)
In the event that you fail your first (1st) attempt to pass any CompTIA certification examination, CompTIA does not require any waiting period between the first (1st) and second (2nd) attempt to pass such examination. However, before your third (3rd) attempt or any subsequent attempt to pass such examination, you shall be required to wait for a period of at least fourteen (14) calendar days from the date of your last attempt to pass such examination.
Usually three years after launch