CompTIA PenTest+ Certification Training Course

Guaranteed to Run

Upcoming Dates	Class Times	Class Format	Quote
11/8 - 11/12, 2021	10:00 AM - 6:00 PM ET 9:00 AM - 5:00 PM CT 7:00 AM - 3:00 PM PT 4:00 AM - 12:00 PM HT	Instructor-Led	Quote
12/6 - 12/10, 2021	10:00 AM - 6:00 PM ET 9:00 AM - 5:00 PM CT 7:00 AM - 3:00 PM PT 4:00 AM - 12:00 PM HT	Instructor-Led	Quote
	Self-Paced	Online Self-Study	Quote

Online Self-Study courses allow you to study around your busy schedule, remain working as you train, work at your own pace.

Online Self-Study

Payment Plan Available

• 40 hours
• 10 Course Videos

• CompTIA Official Courseware
• CompTIA Official Video
• CompTIA Official Labs
• Lifetime access to Courseware
• Videos and Labs are available for 1 year from date of redemption
• Apply Cost to Instructor-led Training of Same Course

Quote

Instructor-Led

• Hands-on instruction by a certified instructor
• Includes all course materials
• Practice Exam
• Certification Exam

Can't travel or you want to stay with your family or business. No problem!

Stay in your own city and save the additional expenses of roundtrip airfare, lodging, transportation, and meals and receive the same great instruction live from our instructors in our Live Instructor-Led Remote Classroom Training.

Remote Classroom Training

Our Remote Classroom Training is a live class with students observing the instructor and listening through your computer speakers.

You will see the instructor's computer, slides, notes, etc., just like in the classroom. You will be following along, doing work, labs, and individual assignments.

CompTIA PenTest+ (PT0-001) is for cybersecurity professionals tasked with penetration testing and vulnerability management.

CompTIA PenTest+ meets the ISO 17024 standard. Regulators and government rely on ANSI accreditation because it provides confidence and trust in the outputs of an accredited program. Over 2.3 million CompTIA ISO/ANSI-accredited exams have been delivered since January 1, 2011.

What Skills Will You Learn?

• Planning & Scoping
  Explain the importance of planning and key aspects of compliance-based assessments
• Information Gathering & Vulnerability Identification
  Gather information to prepare for exploitation then perform a vulnerability scan and analyze results.
• Attacks & Exploits
  Exploit network, wireless, application, and RF-based vulnerabilities, summarize physical security attacks, and perform post-exploitation techniques
• Penetration Testing Tools
  Conduct information gathering exercises with various tools and analyze output and basic scripts (limited to: Bash, Python, Ruby, PowerShell)
• Reporting & Communication
  Utilize report writing and handling best practices explaining recommended mitigation strategies for discovered vulnerabilities

Jobs that use CompTIA PenTest+

• Penetration Tester
• Vulnerability Tester
• Security Analyst (II)
• Vulnerability Assessment Analyst
• Network Security Operations
• Application Security Vulnerability

Exam: PT0-001

The CompTIA PenTest+ certification verifies that successful candidates have the knowledge and skills required to plan and scope an assessment, understand legal and compliance requirements, perform vulnerability scanning and penetration testing, analyze data, and effectively report and communicate results.

Course Content

1.0 Planning and Scoping

Explain the importance of planning for an engagement.

• Understanding the target audience
• Rules of engagement
• Communication escalation path
• Resources and requirements Budget
• Impact analysis and remediation timelines
• Disclaimers
• Technical constraints
• Support resources

Explain key legal concepts

• Contracts
• Environmental differences
• Written authorization

Explain the importance of scoping an engagement properly.

• Types of assessment
• Special scoping considerations
• Target selection
• Strategy
• Risk acceptance
• Tolerance to impact
• Scheduling
• Scope creep
• Threat actors

Explain the key aspects of compliance-based assessments.

• Compliance-based assessments, limitations and caveats
• Clearly defined objectives based on regulations

2.0 Information Gathering and Vulnerability Identification

Given a scenario, conduct information gathering using appropriate techniques.

• Scanning
• Enumeration
• Packet crafting
• Packet inspection
• Fingerprinting
• Cryptography
• Eavesdropping
• Decompilation
• Debugging
• Open Source Intelligence Gathering

Given a scenario, analyze vulnerability scan results.

• Credentialed vs. non-credentialed
• Types of scans
• Container security
• Application scan
• Considerations of vulnerability scanning

Given a scenario, analyze vulnerability scan results.

• Asset categorization
• Adjudication
• Prioritization of vulnerabilities
• Common themes

Explain the process of leveraging information to prepare for exploitation.

• Map vulnerabilities to potential exploits
• Prioritize activities in preparation for penetration test
• Describe common techniques to complete attack

Explain weaknesses related to specialized systems.

• ICS
• SCADA
• Mobile
• IoT
• Embedded
• Point-of-sale system
• Biometrics
• Application containers
• RTOS

3.0 Attacks and Exploits

Compare and contrast social engineering attacks.

• Phishing
• Elicitation
• Interrogation
• Impersonation
• Shoulder surfing
• USB key drop
• Motivation techniques

Given a scenario, exploit network-based vulnerabilities.

• Name resolution exploits
• SMB exploits
• SNMP exploits
• SMTP exploits
• FTP exploits
• DNS cache poisoning
• Pass the hash
• On-path attack (previously known as man-in-the-middle attack)
• DoS/stress test
• NAC bypass
• VLAN hopping

Given a scenario, exploit wireless and RF-based vulnerabilities.

• Evil twin
• Deauthentication attacks
• Fragmentation attacks
• Credential harvesting
• WPS implementation weakness
• Bluejacking
• Bluesnarfing
• RFID cloning
• Jamming
• Repeating

Given a scenario, exploit application-based vulnerabilities.

• Injections
• Authentication
• Authorization
• Cross-site scripting (XSS)
• Cross-site request forgery (CSRF/XSRF)
• Clickjacking
• Security misconfiguration
• File inclusion
• Unsecure code practices

Given a scenario, exploit local host vulnerabilities.

• OS vulnerabilities
• Unsecure service and protocol configurations
• Privilege escalation
• Default account settings
• Sandbox escape
• Physical device security

Summarize physical security attacks related to facilities.

• Piggybacking/tailgating
• Fence jumping
• Dumpster diving
• Lock picking
• Lock bypass
• Egress sensor
• Badge cloning

Given a scenario, perform post-exploitation techniques.

• Lateral movement
• Persistence
• Covering your tracks

4.0 Penetration Testing Tools

Given a scenario, use Nmap to conduct information gathering exercises.

• SYN scan (-sS) vs. full connect scan (-sT)
• Port selection (-p)
• Service identification (-sV)
• OS fingerprinting (-O)
• Disabling ping (-Pn)
• Target input file (-iL)
• Timing (-T)
• Output parameters

Compare and contrast various use cases of tools.

• Use cases
• Tools

Given a scenario, analyze tool output or data related to a penetration test.

• Password cracking
• Pass the hash
• Setting up a bind shell
• Getting a reverse shell
• Proxying a connection
• Uploading a web shell
• Injections

Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell).

• Logic
• I/O
• Substitutions
• Variables
• Common operations
• Error handling
• Arrays
• Encoding/decoding

5.0 Reporting and Communication

Given a scenario, use report writing and handling best practices.

• Normalization of data
• Written report of findings and remediation
• Risk appetite
• Storage time for report
• Secure handling and disposition of reports

Explain post-report delivery activities.

• Post-engagement cleanup
• Client acceptance
• Lessons learned
• Follow-up actions/retest
• Attestation of findings

Given a scenario, recommend mitigation strategies for discovered vulnerabilities.

• Solutions
• Findings
• Remediation

Explain the importance of communication during the penetration testing process.

• Communication path
• Communication triggers
• Reasons for communication
• Goal reprioritization

CED Solutions is your best choice for CompTIA PenTest+, CompTIA PenTest+ training, CompTIA PenTest+ certification, CompTIA PenTest+ boot camp, CompTIA PenTest+ certification training, CompTIA PenTest+ certification course, CompTIA PenTest+ course, CompTIA PenTest+ class.