CompTIA PenTest+ Certification Training Course

Guaranteed to Run

Upcoming Dates	Class Times	Class Format	Quote
	Self-Paced	Online Self-Study	Instant Quote

Online Self-Study courses allow you to study around your busy schedule, remain working as you train, work at your own pace.

Online Self-Study

Payment Plan Available

• 40 hours
• 10 Course Videos

• CompTIA Official Courseware
• CompTIA Official Video
• CompTIA Official Labs
• Lifetime access to Courseware
• Videos and Labs are available for 1 year from date of redemption
• Apply Cost to Instructor-led Training of Same Course

Instant Quote

Instructor-Led

• Certified Instructor
• Includes all course materials
• Practice Exam
• Certification Exam

CompTIA PenTest+ (PT0-002) is for cybersecurity professionals tasked with penetration testing and vulnerability management.

Why is it different?

CompTIA PenTest+ is the most comprehensive exam covering all penetration testing stages. Unlike other penetration testing exams that only cover a portion of stages with essay questions and hands-on, PenTest+ uses both performance-based and knowledge-based questions to ensure all stages are addressed.

PenTest+ is the only exam on the market to include all aspects of vulnerability management. It not only covers hands-on vulnerability assessment, scanning, and analysis, but also includes planning, scoping, and managing weaknesses, not just exploiting them.

PenTest+ is the most current penetration testing exam covering the latest techniques against expanded attack surfaces. It is a unique exam that requires a candidate to demonstrate the most relevant pen testing skills for the cloud, hybrid environments, web applications, Internet of Things (IoT), and traditional on-premises.

What Skills Will You Learn?

Planning and Scoping

Includes updated techniques emphasizing governance, risk, and compliance concepts, scoping and organizational/customer requirements, and demonstrating an ethical hacking mindset.

Information Gathering and Vulnerability Scanning

Includes updated skills on performing vulnerability scanning and passive/active reconnaissance, vulnerability management, as well as analyzing the results of the reconnaissance exercise.

Attacks and Exploits

Includes updated approaches to expanded attack surfaces, researching social engineering techniques, performing network attacks, wireless attacks, application-based attacks and attacks on cloud technologies, and performing post-exploitation techniques.

Reporting and Communication

Expanded to focus on the importance of reporting and communication in an increased regulatory environment during the pen testing process through analyzing findings and recommending appropriate remediation within a report.

Tools and Code Analysis

Includes updated concepts of identifying scripts in various software deployments, analyzing a script or code sample, and explaining use cases of various tools used during the phases of a penetration test. It is important to note that no scripting and coding is required.

Jobs that use CompTIA PenTest+

• Penetration Tester
• Security Consultant
• Cloud Penetration Tester
• Web App Penetration Tester
• Cloud Security Specialist
• Network & Security Specialist

Class Outline

1.0 Planning and Scoping

Compare and contrast governance, risk, and compliance concepts.

• Regulatory compliance considerations
• Location restrictions
• Legal concepts
• Permission to attack

Explain the importance of scoping and organizational/customer requirements.

• Standards and methodologies
• Rules of engagement
• Environmental considerations
• Target list/in-scope assets
• Validate scope of engagement

Given a scenario, demonstrate an ethical hacking mindset by maintaining professionalism and integrity.

• Background checks of penetration testing team
• Adhere to specific scope of engagement
• Identify criminal activity
• Immediately report breaches/ criminal activity
• Limit the use of tools to a particular engagement
• Limit invasiveness based on scope
• Maintain confidentiality of data/information
• Risks to the professional

2.0 Information Gathering and Vulnerability Scanning

Given a scenario, perform passive reconnaissance.

• DNS lookups
• Identify technical contacts
• Administrator contacts
• Cloud vs. self-hosted
• Social media scraping
• Cryptographic flaws
• Company reputation/security posture
• Data
• Open-source intelligence (OSINT)

Given a scenario, perform active reconnaissance.

• Enumeration
• Website reconnaissance
• Packet crafting
• Defense detection
• Tokens
• Wardriving
• Network traffic
• Cloud asset discovery
• Third-party hosted services
• Detection avoidance

Given a scenario, analyze the results of a reconnaissance exercise.

• Fingerprinting
• Analyze output

Given a scenario, perform vulnerability scanning.

• Considerations of vulnerability scanning
• Scan identified targets for vulnerabilities
• Set scan settings to avoid detection
• Scanning methods
• Nmap
• Vulnerability testing tools that facilitate automation

3.0 Attacks and Exploits

Given a scenario, research attack vectors and perform network attacks.

• Stress testing for availability
• Exploit resources
• Attacks
• Tools

Given a scenario, research attack vectors and perform wireless attacks.

• Attack methods
• Attacks
• Tools

Given a scenario, research attack vectors and perform application-based attacks.

• OWASP Top 10
• Server-side request forgery
• Business logic flaws
• Injection attacks
• Application vulnerabilities
• API attacks
• Directory traversal
• Tools
• Resources

Given a scenario, research attack vectors and perform attacks on cloud technologies.

• Attacks
• Tools

Explain common attacks and vulnerabilities against specialized systems.

• Mobile
• Internet of Things (IoT) devices
• Data storage system vulnerabilities
• Management interface vulnerabilities
• Vulnerabilities related to supervisory control and data acquisition (SCADA)/ Industrial Internet of Things (IIoT)/ industrial control system (ICS)
• Vulnerabilities related to virtual environments
• Vulnerabilities related to containerized workloads

Given a scenario, perform a social engineering or physical attack.

• Pretext for an approach
• Social engineering attacks
• Physical attacks
• Impersonation
• Tools
• Methods of influence

Given a scenario, perform post-exploitation techniques.

• Post-exploitation tools
• Lateral movement
• Network segmentation testing
• Privilege escalation
• Upgrading a restrictive shell
• Creating a foothold/persistence
• Detection avoidance
• Enumeration

4.0 Reporting and Communication

Compare and contrast important components of written reports.

• Report audience
• Report contents
• Storage time for report
• Secure distribution
• Note taking
• Common themes/root causes

Given a scenario, analyze the findings and recommend the appropriate remediation within a report.

• Technical controls
• Administrative controls
• Operational controls
• Physical controls

Explain the importance of communication during the penetration testing process.

• Communication path
• Communication triggers
• Reasons for communication
• Goal reprioritization
• Presentation of findings

Explain post-report delivery activities.

• Post-engagement cleanup
• Client acceptance
• Lessons learned
• Follow-up actions/retest
• Attestation of findings
• Data destruction process

5.0 Tools and Code Analysis

Explain the basic concepts of scripting and software development.

• Logic constructs
• Data structures
• Libraries
• Classes
• Procedures
• Functions

Given a scenario, analyze a script or code sample for use in a penetration test.

• Shells
• Programming languages
• Analyze exploit code
• Opportunities for automation

Explain use cases of the following tools during the phases of a penetration test.

• Scanners
• Credential testing tools
• Debuggers
• OSINT
• Wireless
• Web application tools
• Social engineering tools
• Remote access tools
• Networking tools
• Misc.
• Steganography tools
• Cloud tools

CED Solutions is your best choice for CompTIA PenTest+, CompTIA PenTest+ training, CompTIA PenTest+ certification, CompTIA PenTest+ boot camp, CompTIA PenTest+ certification training, CompTIA PenTest+ certification course, CompTIA PenTest+ course, CompTIA PenTest+ class.