CompTIA PenTest+ (PT0-002)

(PT0-002.AE1)/ISBN:978-1-64459-375-2

This course includes
Lessons
TestPrep
Hand-on Lab
Instructor Led (Add-on)
AI Tutor (Add-on)

CompTIA PenTest+ (PT0-002) comes in handy as the PT0-002 study guide with well descriptive interactive lessons containing knowledge checks, quizzes, flashcards, and glossary terms to get a detailed understanding of the concepts, such as planning and scoping a penetration testing engagement, understanding legal and compliance requirements, performing vulnerability scanning and penetration testing using appropriate tools and techniques, and then analyzing the results, and so on. The live labs present in the course will give you a hands-on experience of penetration testing.

Here's what you will get

CompTIA PenTest+ PT0-002 exam requires a candidate to demonstrate hands-on ability to complete a penetration testing engagement and mitigate security weaknesses and vulnerabilities, as well as how to exploit them. PenTest+ assesses the most up-to-date penetration testing, and vulnerability assessment and management skills necessary to determine the resiliency of the network against attacks. 

Lessons

13+ Lessons | 401+ Exercises | 232+ Quizzes | 571+ Flashcards | 457+ Glossary of terms

TestPrep

80+ Pre Assessment Questions | 2+ Full Length Tests | 80+ Post Assessment Questions | 160+ Practice Test Questions

Hand on lab

42+ LiveLab | 40+ Video tutorials | 01:48+ Hours

Here's what you will learn

Download Course Outline

Lessons 1: Introduction

  • CompTIA
  • The PenTest+ Exam
  • What Does This Course Cover?
  • CompTIA PenTest+ Certification Exam Objectives

Lessons 2: Penetration Testing

  • What Is Penetration Testing?
  • Reasons for Penetration Testing
  • Who Performs Penetration Tests?
  • The CompTIA Penetration Testing Process
  • The Cyber Kill Chain
  • Tools of the Trade
  • Summary
  • Exam Essentials
  • Lab Exercises

Lessons 3: Planning and Scoping Penetration Tests

  • Scoping and Planning Engagements
  • Penetration Testing Standards and Methodologies
  • Key Legal Concepts for Penetration Tests
  • Regulatory Compliance Considerations
  • Summary
  • Exam Essentials
  • Lab Exercises

Lessons 4: Information Gathering

  • Footprinting and Enumeration
  • Active Reconnaissance and Enumeration
  • Information Gathering and Defenses
  • Summary
  • Exam Essentials
  • Lab Exercises

Lessons 5: Vulnerability Scanning

  • Identifying Vulnerability Management Requirements
  • Configuring and Executing Vulnerability Scans
  • Software Security Testing
  • Developing a Remediation Workflow
  • Overcoming Barriers to Vulnerability Scanning
  • Summary
  • Exam Essentials
  • Lab Exercises

Lessons 6: Analyzing Vulnerability Scans

  • Reviewing and Interpreting Scan Reports
  • Validating Scan Results
  • Common Vulnerabilities
  • Summary
  • Exam Essentials
  • Lab Exercises

Lessons 7: Exploiting and Pivoting

  • Exploits and Attacks
  • Exploitation Toolkits
  • Exploit Specifics
  • Leveraging Exploits
  • Persistence and Evasion
  • Pivoting
  • Covering Your Tracks
  • Summary
  • Exam Essentials
  • Lab Exercises

Lessons 8: Exploiting Network Vulnerabilities

  • Identifying Exploits
  • Conducting Network Exploits
  • Exploiting Windows Services
  • Identifying and Exploiting Common Services
  • Wireless Exploits
  • Summary
  • Exam Essentials
  • Lab Exercises

Lessons 9: Exploiting Physical and Social Vulnerabilities

  • Physical Facility Penetration Testing
  • Social Engineering
  • Summary
  • Exam Essentials
  • Lab Exercises

Lessons 10: Exploiting Application Vulnerabilities

  • Exploiting Injection Vulnerabilities
  • Exploiting Authentication Vulnerabilities
  • Exploiting Authorization Vulnerabilities
  • Exploiting Web Application Vulnerabilities
  • Unsecure Coding Practices
  • Steganography
  • Application Testing Tools
  • Summary
  • Exam Essentials
  • Lab Exercises

Lessons 11: Attacking Hosts, Cloud Technologies, and Specialized Systems

  • Attacking Hosts
  • Credential Attacks and Testing Tools
  • Remote Access
  • Attacking Virtual Machines and Containers
  • Attacking Cloud Technologies
  • Attacking Mobile Devices
  • Attacking IoT, ICS, Embedded Systems, and SCADA Devices
  • Attacking Data Storage
  • Summary
  • Exam Essentials
  • Lab Exercises

Lessons 12: Reporting and Communication

  • The Importance of Communication
  • Recommending Mitigation Strategies
  • Writing a Penetration Testing Report
  • Wrapping Up the Engagement
  • Summary
  • Exam Essentials
  • Lab Exercises

Lessons 13: Scripting for Penetration Testing

  • Scripting and Penetration Testing
  • Variables, Arrays, and Substitutions
  • Comparison Operations
  • String Operations
  • Flow Control
  • Input and Output (I/O)
  • Error Handling
  • Advanced Data Structures
  • Reusing Code
  • The Role of Coding in Penetration Testing
  • Summary
  • Exam Essentials
  • Lab Exercises

Hands-on LAB Activities

Information Gathering

  • Using dig and nslookup Commands
  • Performing Zone Transfer Using dig
  • Using Maltego to Gather Information
  • Using Recon-ng to Gather Information
  • Using Nmap for Network Enumeration
  • Performing Reconnaissance on a Network
  • Performing an Intense Scan in Zenmap
  • Using Nmap for User Enumeration
  • Performing a UDP Scan Using Nmap
  • Performing Nmap SYN Scan

Vulnerability Scanning

  • Conducting Vulnerability Scanning Using Nessus

Analyzing Vulnerability Scans

  • Understanding Local Privilege Escalation

Exploiting and Pivoting

  • Performing Vulnerability Scanning Using OpenVAS
  • Searching Exploits Using searchsploit
  • Using Meterpreter to Display the System Information
  • Using the Task Scheduler
  • Understanding the Pass-the-hash Attack
  • Using the Metasploit RDP Post-Exploitation Module

Exploiting Network Vulnerabilities

  • Performing ARP Spoofing
  • Conducting a Cross Site Scripting (XXS) attack
  • Capturing Network Packets Using tcpdump
  • Simulating the DDoS Attack
  • Using the EternalBlue Exploit in Metasploit
  • Exploiting SMB
  • Exploiting SMTP
  • Exploiting SNMP

Exploiting Physical and Social Vulnerabilities

  • Using SET Tool to Plan an Attack
  • Using BeEF

Exploiting Application Vulnerabilities

  • Exploiting Command Injection Vulnerabilities
  • Exploiting a Website Using SQL Injection
  • Conducting a Cross-Site Request Forgery Attack
  • Hiding Text Using Steganography
  • Using OWASP ZAP
  • Performing Session Hijacking Using Burp Suite

Attacking Hosts, Cloud Technologies, and Specialized Systems

  • Cracking Passwords
  • Cracking a Linux Password Using John the Ripper
  • Creating Reverse and Bind Shells Using Netcat

Scripting for Penetration Testing

  • Whitelisting an IP Address in the Windows Firewall
  • Viewing Exploits Written in Perl
  • Viewing the Effects of Hostile JavaScript in the Browser
  • Finding Live Hosts by Using the Ping Sweep in Python
  • Writing Bash Shell Script

Exam FAQs

Network+, Security+ or equivalent knowledge. Minimum of 3-4 years of hands-on information security or related experience. While there is no required prerequisite, PenTest+ is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus.

$370 USD

Pearson VUE

Performance-based and multiple choice

The exam contains Maximum of 85 questions.

165 minutes

750

(on a scale of 100-900)

In the event that you fail your first (1st) attempt to pass any CompTIA certification examination, CompTIA does not require any waiting period between the first (1st) and second (2nd) attempt to pass such examination. However, before your third (3rd) attempt or any subsequent attempt to pass such examination, you shall be required to wait for a period of at least fourteen (14) calendar days from the date of your last attempt to pass such examination.

Usually three years after launch