Description

Overview

The CompTIA PenTest+ certification equips you to plan, conduct, analyze, and report on penetration tests. Your ability to learn and master these skills will bring value to organizations because it proves that you can ensure their data is secure.

Anything exposed to the Internet needs some form of security testing. If an external host is compromised, it can lead to an attacker digging deeper into your internal environment. Penetration testing is an incredibly important and valuable skill that organizations seek from cyber security professionals.

The PenTest+ certification is critical to your success as a cybersecurity professional because it demonstrates your ability to test devices in a variety of environments, including servers and the cloud. Additionally, you’ll hone your management skills and be able to determine the resiliency of an organization’s infrastructure.

You’ll learn how to plan and scope penetration tests, conduct passive reconnaissance, perform non-technical tests to gather information and conductive active reconnaissance, and analyze vulnerabilities. Additional skills include using a fictitious company to learn how to penetrate networks, exploit host-based vulnerabilities, test applications, and complete post-exploit tasks.

  • 17:51:00 Hours
  • 12 Months Access
  • Presented by highly qualified, industry leading experts

Course Details

Objectives

The CompTIA PenTest+ certification course covers key concepts needed to grow your penetration testing skills. From key legal concepts, understanding exploits, planning for, and performing attacks to analysing, reporting, and communicating results, you’ll be well equipped to master the exam.

Planning and Scoping

  • Compare and contrast governance, risk, and compliance concepts.
  • Explain the importance of scoping and organizational/customer requirements.
  • Given a scenario, demonstrate an ethical hacking mindset by maintaining professionalism and integrity.
  • Information Gathering and Vulnerability Scanning
  • Given a scenario, analyze the results of a reconnaissance exercise.
  • Given a scenario, perform vulnerability scanning.

Attacks and Exploits

  • Given a scenario, research attack vectors and perform network attacks.
  • Given a scenario, research attack vectors and perform wireless attacks.
  • Given a scenario, research attack vectors and perform application-based attacks.
  • Given a scenario, research attack vectors and perform attacks on cloud technologies.
  • Explain common attacks and vulnerabilities against specialized systems.
  • Given a scenario, perform a social engineering or physical attack.
  • Given a scenario, perform post-exploitation techniques.

Reporting and Communication

  • Compare and contrast important components of written reports.
  • Given a scenario, analyze the findings and recommend the appropriate remediation within a report.
  • Explain the importance of communication during the penetration testing process.
  • Explain post-report delivery activities.

Tools and Code Analysis

  • Explain the basic concepts of scripting and software development.
  • Given a scenario, analyze a script or code sample for use in a penetration test.
  • Explain use cases of the following tools during the phases of a penetration test.

Audience

  • Systems administrators required to secure networks against attacks.
  • Individuals with experience in IT looking to expand into penetration testing.
  • IT professionals with CompTIA CySA+ certifications interested in expanding their skills.
  • Those building foundational skills required for more advanced cybersecurity certifications such as CompTIA CASP+.

Prerequisites

  • Before starting your journey to become CompTIA PenTest+ certified, we recommend that you meet the following prerequisites:

Before starting PenTest+ exam preparation

  • CompTIA A+, Network+ and Security+ certification.
  • 2 years of hands-on, technical IT experience.

Before taking the CompTIA PenTest+ exam:

  • Minimum of 4 years of hands-on information security experience.
  • Completion of our CompTIA PenTest+ training program.
  • Thorough understanding of all topics detailed in the exam objectives.

Course Outline

Top of Form

PLANNING AND SCOPING

  • Overview
  • Regulation and Compliance
  • Common Pentest Restrictions
  • Legal Concepts and Documents
  • Standards and Methodologies
  • Scoping an Engagement
  • Professionalism and Integrity

INFORMATION GATHERING AND VULNERABILITY SCANNING

  • DNS Recon
  • Target Recon
  • Host Discovery and Enumeration
  • Web and Cloud Discovery and Enumeration
  • Defense Detection and Avoidance
  • Vulnerability Scanning
  • Nmap

ATTACKS AND EXPLOITS

  • Exploit Resources
  • Denial of Service
  • ARP and DNS Poisoning
  • Password Attacks
  • VLAN Hopping
  • MAC Spoofing
  • Wireless Attacks
  • OWASP Top 10 Web App Security Risks
  • SSRF Attacks
  • Business Logic Flaws
  • SQL Injection Attacks
  • Other Injection Attacks
  • XSS Attacks
  • Session Attacks
  • API Attacks
  • Cloud Attacks
  • Mobile Attacks
  • IoT Hacking
  • Data Storage System Vulnerabilities
  • ICS SCADA and IIOT Vulnerabilities
  • Virtual Environment Vulnerabilities
  • Container Vulnerabilities
  • Social Engineering and Physical Attacks
  • Post Exploitation Enumeration and Tools
  • Network Segmentation Testing
  • Privilege Escalation
  • Persistence
  • Detection Avoidance

REPORTING AND COMMUNICATION

  • Components of Written Reports
  • Recommended Remediations
  • Communication During a Pentest
  • Post Report Delivery Activities

TOOLS AND CODE ANALYSIS

  • Basic Programming Concepts
  • Analyze Scripts Or Code For Use In A Pentest
  • Opportunities for Automation