CompTIA PenTest+ Certification Training Course
CompTIA PenTest+ (PT0-001)
|Number of Exams:
DoD Approved 8570: CSSP Analyst, CSSP Incident Responder, CSSP Auditor
Grants (discounts) are available for multiple students for the same or different courses.
Payment Plan Available
- 40 hours
- 10 Course Videos
- CompTIA Official Courseware
- CompTIA Official Video
- CompTIA Official Labs
- Lifetime access to Courseware
- Videos and Labs are available for 1 year from date of redemption
- Apply Cost to Instructor-led Training of Same Course
- Hands-on instruction by a certified instructor
- Includes all course materials
- Practice Exam
- Certification Exam
Can't travel or you want to stay with your family or business. No problem!
Stay in your own city and save the additional expenses of roundtrip airfare, lodging, transportation, and meals and receive the same great instruction live from our instructors in our Live Instructor-Led Remote Classroom Training.
Remote Classroom Training
Our Remote Classroom Training is a live class with students observing the instructor and listening through your computer speakers.
You will see the instructor's computer, slides, notes, etc., just like in the classroom. You will be following along, doing work, labs, and individual assignments.
CompTIA PenTest+ (PT0-001) is for cybersecurity professionals tasked with penetration testing and vulnerability management.
CompTIA PenTest+ meets the ISO 17024 standard. Regulators and government rely on ANSI accreditation because it provides confidence and trust in the outputs of an accredited program. Over 2.3 million CompTIA ISO/ANSI-accredited exams have been delivered since January 1, 2011.
What Skills Will You Learn?
- Planning & Scoping
Explain the importance of planning and key aspects of compliance-based assessments
- Information Gathering & Vulnerability Identification
Gather information to prepare for exploitation then perform a vulnerability scan and analyze results.
- Attacks & Exploits
Exploit network, wireless, application, and RF-based vulnerabilities, summarize physical security attacks, and perform post-exploitation techniques
- Penetration Testing Tools
Conduct information gathering exercises with various tools and analyze output and basic scripts (limited to: Bash, Python, Ruby, PowerShell)
- Reporting & Communication
Utilize report writing and handling best practices explaining recommended mitigation strategies for discovered vulnerabilities
Jobs that use CompTIA PenTest+
- Penetration Tester
- Vulnerability Tester
- Security Analyst (II)
- Vulnerability Assessment Analyst
- Network Security Operations
- Application Security Vulnerability
The CompTIA PenTest+ certification verifies that successful candidates have the knowledge and skills required to plan and scope an assessment, understand legal and compliance requirements, perform vulnerability scanning and penetration testing, analyze data, and effectively report and communicate results.
1.0 Planning and Scoping
Explain the importance of planning for an engagement.
- Understanding the target audience
- Rules of engagement
- Communication escalation path
- Resources and requirements Budget
- Impact analysis and remediation timelines
- Technical constraints
- Support resources
Explain key legal concepts
- Environmental differences
- Written authorization
Explain the importance of scoping an engagement properly.
- Types of assessment
- Special scoping considerations
- Target selection
- Risk acceptance
- Tolerance to impact
- Scope creep
- Threat actors
Explain the key aspects of compliance-based assessments.
- Compliance-based assessments, limitations and caveats
- Clearly defined objectives based on regulations
2.0 Information Gathering and Vulnerability Identification
Given a scenario, conduct information gathering using appropriate techniques.
- Packet crafting
- Packet inspection
- Open Source Intelligence Gathering
Given a scenario, analyze vulnerability scan results.
- Credentialed vs. non-credentialed
- Types of scans
- Container security
- Application scan
- Considerations of vulnerability scanning
Given a scenario, analyze vulnerability scan results.
- Asset categorization
- Prioritization of vulnerabilities
- Common themes
Explain the process of leveraging information to prepare for exploitation.
- Map vulnerabilities to potential exploits
- Prioritize activities in preparation for penetration test
- Describe common techniques to complete attack
Explain weaknesses related to specialized systems.
- Point-of-sale system
- Application containers
3.0 Attacks and Exploits
Compare and contrast social engineering attacks.
- Shoulder surfing
- USB key drop
- Motivation techniques
Given a scenario, exploit network-based vulnerabilities.
- Name resolution exploits
- SMB exploits
- SNMP exploits
- SMTP exploits
- FTP exploits
- DNS cache poisoning
- Pass the hash
- On-path attack (previously known as man-in-the-middle attack)
- DoS/stress test
- NAC bypass
- VLAN hopping
Given a scenario, exploit wireless and RF-based vulnerabilities.
- Evil twin
- Deauthentication attacks
- Fragmentation attacks
- Credential harvesting
- WPS implementation weakness
- RFID cloning
Given a scenario, exploit application-based vulnerabilities.
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF/XSRF)
- Security misconfiguration
- File inclusion
- Unsecure code practices
Given a scenario, exploit local host vulnerabilities.
- OS vulnerabilities
- Unsecure service and protocol configurations
- Privilege escalation
- Default account settings
- Sandbox escape
- Physical device security
Summarize physical security attacks related to facilities.
- Fence jumping
- Dumpster diving
- Lock picking
- Lock bypass
- Egress sensor
- Badge cloning
Given a scenario, perform post-exploitation techniques.
- Lateral movement
- Covering your tracks
4.0 Penetration Testing Tools
Given a scenario, use Nmap to conduct information gathering exercises.
- SYN scan (-sS) vs. full connect scan (-sT)
- Port selection (-p)
- Service identification (-sV)
- OS fingerprinting (-O)
- Disabling ping (-Pn)
- Target input file (-iL)
- Timing (-T)
- Output parameters
Compare and contrast various use cases of tools.
Given a scenario, analyze tool output or data related to a penetration test.
- Password cracking
- Pass the hash
- Setting up a bind shell
- Getting a reverse shell
- Proxying a connection
- Uploading a web shell
Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell).
- Common operations
- Error handling
5.0 Reporting and Communication
Given a scenario, use report writing and handling best practices.
- Normalization of data
- Written report of findings and remediation
- Risk appetite
- Storage time for report
- Secure handling and disposition of reports
Explain post-report delivery activities.
- Post-engagement cleanup
- Client acceptance
- Lessons learned
- Follow-up actions/retest
- Attestation of findings
Given a scenario, recommend mitigation strategies for discovered vulnerabilities.
Explain the importance of communication during the penetration testing process.
- Communication path
- Communication triggers
- Reasons for communication
- Goal reprioritization
CED Solutions is your best choice for CompTIA PenTest+,
CompTIA PenTest+ training,
CompTIA PenTest+ certification,
CompTIA PenTest+ boot camp,
CompTIA PenTest+ certification training,
CompTIA PenTest+ certification course,
CompTIA PenTest+ course,
CompTIA PenTest+ class.