CompTIA Pentest +
- Course Code G015
- Duration 5 days
- Version 1.0
This course is available in the following formats:
Event at company
Traditional Classroom Learning
Learning that is virtual
Request this course in a different delivery format.
As organisations scramble to protect themselves and their customers against privacy or security breaches, the ability to conduct penetration testing is an emerging skill set that is becoming ever more valuable to the organisations seeking protection, and ever more lucrative for those who possess these skills. In this course, you will be introduced to general concepts and methodologies related to pen testing, and you will work your way through a simulated pen test for a fictitious company.
The CompTIA PenTest+ certification requires a candidate to demonstrate the hands-on ability and knowledge to test devices in new environments such as the cloud and mobile, in addition to traditional desktops and servers.
CompTIA PenTest+ joins CompTIA Cybersecurity Analyst (CySA+) at the intermediate-skills level of the cybersecurity career pathway as shown below. Depending on your course of study, PenTest+ and CySA+ can be taken in any order but typically follows the skills learned in Security+. While CySA+ focuses on defense through incident detection and response, PenTest+ focuses on offense through penetration testing and vulnerability assessment.
Although the two exams teach opposing skills, they are dependent on one another. The most qualified cybersecurity professionals have both offensive and defensive skills. Earn the PenTest+ certification to grow your career within the CompTIA recommended cybersecurity career pathway.
Cybersecurity professionals involved in hands-on penetration testing to identify, exploit, report, and manage vulnerabilities on a network.
After completing this course you should be able to:
- Explain the importance of planning and key aspects of compliance-based assessments.
- Conduct information gathering exercises with various tools and analyse output and basic scripts (limited to: Bash, Python, Ruby, PowerShell).
- Gather information to prepare for exploitation then perform a vulnerability scan and analyse results.
- Utilise report writing and handling best practices explaining recommended mitigation strategies for discovered vulnerabilities.
- Exploit network, wireless, application, and RF-based vulnerabilities, summarize physical security attacks, and perform post-exploitation techniques.
Planning and Scoping Penetration Tests
- Introduction to Penetration Testing Concepts
- Plan a Pen Test Engagement
- Scope and Negotiate a Pen Test Engagement
- Prepare for a Pen Test Engagement
Conducting Passive Reconnaissance
- Gather Background Information
- Prepare Background Findings for Next Steps
Performing Non-Technical Tests
- Perform Social Engineering Tests
- Perform Physical Security Tests on Facilities
Conducting Active Reconnaissance
- Scan Networks
- Enumerate Targets
- Scan for Vulnerabilities
- Analyze Basic Scripts
- Analyze Vulnerability Scan Results
- Leverage Information to Prepare for Exploitation
- Exploit Network-Based Vulnerabilities
- Exploit Wireless and RF-Based Vulnerabilities
- Exploit Specialized Systems
Exploiting Host-Based Vulnerabilities
- Exploit Windows-Based Vulnerabilities
- Exploit *Nix-Based Vulnerabilities
- Exploit Web Application Vulnerabilities
- Test Source Code and Compiled Apps
Completing Post-Exploit Tasks
- Use Lateral Movement Techniques
- Use Persistence Techniques
- Use Anti-Forensics Techniques
Analyzing and Reporting Pen Test Results
- Analyze Pen Test Data
- Develop Recommendations for Mitigation Strategies
- Write and Handle Reports
- Conduct Post-Report-Delivery Activities
Appendix A: Mapping Course Content to CompTIA PenTest+ (Exam PT0-001) Solutions Glossary Index
Attendees should meet the following prerequisites:
- Intermediate knowledge of information security concepts, including but not limited to identity and access management (IAM), cryptographic concepts and implementations, computer networking concepts and implementations, and common security technologies.
- Practical experience in securing various computing environments, including small to medium businesses, as well as enterprise environments.
- CompTIA Network + or CompTIA Security + or equivalent knowledge
- Hands-on information security experience
Recommended as preparation for the following exams:
- PT0-001 - CompTIA Pentest+ Certification
Follow on CoursesTop
The following courses are recommended for further study.
- GK5867 - CompTIA CySA+ Cybersecurity Analyst
- CompTIA Pentest +
- Ethical Hacking and Penetration Testing
- G015 | CompTIA Pentest + | Training Course | CompTIA.