Your Cart Is Empty
Technical Courses >
CompTIA PenTest+ Certification Training
This course will assist you if you are pursuing the CompTIA PenTest+ certification, as tested in exam PT0-001.
CompTIA PenTest+ (PT0-001) is for cybersecurity professionals tasked with penetration testing and vulnerability management. CompTIA PenTest+ meets the ISO 17024 standard. Regulators and government rely on ANSI accreditation because it provides confidence and trust in the outputs of an accredited program. Exam: PT0-001 (Included): The CompTIA PenTest+ certification verifies that successful candidates have the knowledge and skills required to plan and scope an assessment, understand legal and compliance requirements, perform vulnerability scanning and penetration testing, analyze data, and effectively report and communicate results.This course includes the official CompTIA PenTest+ Certification Exam Voucher. Should you fail on the first attempt, we will then give you a second voucher at no cost.Exam Prep SoftwareAll of our CompTIA classes include access to web-based practice exams. CompTIA certification exams are very rigorous and challenging. By studying after the class and using these practice exams, you will greatly improve your chances of passing the actual certification exam the first time. Exam prep software is included with all of our CompTIA classes.
· Planning & ScopingExplain the importance of planning and key aspects of compliance-based assessments· Information Gathering & Vulnerability IdentificationGather information to prepare for exploitation then perform a vulnerability scan and analyze results.· Attacks & ExploitsExploit network, wireless, application, and RF-based vulnerabilities, summarize physical security attacks, and perform post-exploitation techniques· Penetration Testing ToolsConduct information gathering exercises with various tools and analyze output and basic scripts (limited to: Bash, Python, Ruby, PowerShell)· Reporting & CommunicationUtilize report writing and handling best practices explaining recommended mitigation strategies for discovered vulnerabilities
1.0 PLANNING AND SCOPINGExplain the importance of planning for an engagement.· Understanding the target audience· Rules of engagement· Communication escalation path· Resources and requirements Budget· Impact analysis and remediation timelines· Disclaimers· Technical constraints· Support resourcesExplain key legal concepts· Contracts· Environmental differences· Written authorizationExplain the importance of scoping an engagement properly.· Types of assessment· Special scoping considerations· Target selection· Strategy· Risk acceptance· Tolerance to impact· Scheduling· Scope creep· Threat actorsExplain the key aspects of compliance-based assessments.· Compliance-based assessments, limitations and caveats· Clearly defined objectives based on regulations2.0 INFORMATION GATHERING AND VULNERABILITY IDENTIFICATIONGiven a scenario, conduct information gathering using appropriate techniques.· Scanning· Enumeration· Packet crafting· Packet inspection· Fingerprinting· Cryptography· Eavesdropping· Decompilation· Debugging· Open Source Intelligence GatheringGiven a scenario, analyze vulnerability scan results.· Credentialed vs. non-credentialed· Types of scans· Container security· Application scan· Considerations of vulnerability scanningGiven a scenario, analyze vulnerability scan results.· Asset categorization· Adjudication· Prioritization of vulnerabilities· Common themesExplain the process of leveraging information to prepare for exploitation.· Map vulnerabilities to potential exploits· Prioritize activities in preparation for penetration test· Describe common techniques to complete attackExplain weaknesses related to specialized systems.· ICS· SCADA· Mobile· IoT· Embedded· Point-of-sale system· Biometrics· Application containers· RTOS3.0 ATTACKS AND EXPLOITSCompare and contrast social engineering attacks.· Phishing· Elicitation· Interrogation· Impersonation· Shoulder surfing· USB key drop· Motivation techniquesGiven a scenario, exploit network-based vulnerabilities.· Name resolution exploits· SMB exploits· SNMP exploits· SMTP exploits· FTP exploits· DNS cache poisoning· Pass the hash· On-path attack (previously known as man-in-the-middle attack)· DoS/stress test· NAC bypass· VLAN hoppingGiven a scenario, exploit wireless and RF-based vulnerabilities.· Evil twin· Deauthentication attacks· Fragmentation attacks· Credential harvesting· WPS implementation weakness· Bluejacking· Bluesnarfing· RFID cloning· Jamming· Repeating
Given a scenario, exploit application-based vulnerabilities.· Injections· Authentication· Authorization· Cross-site scripting (XSS)· Cross-site request forgery (CSRF/XSRF)· Clickjacking· Security misconfiguration· File inclusion· Unsecure code practicesGiven a scenario, exploit local host vulnerabilities.· OS vulnerabilities· Unsecure service and protocol configurations· Privilege escalation· Default account settings· Sandbox escape· Physical device securitySummarize physical security attacks related to facilities.· Piggybacking/tailgating· Fence jumping· Dumpster diving· Lock picking· Lock bypass· Egress sensor· Badge cloningGiven a scenario, perform post-exploitation techniques.· Lateral movement· Persistence· Covering your tracks4.0 PENETRATION TESTING TOOLSGiven a scenario, use Nmap to conduct information gathering exercises.· SYN scan (-sS) vs. full connect scan (-sT)· Port selection (-p)· Service identification (-sV)· OS fingerprinting (-O)· Disabling ping (-Pn)· Target input file (-iL)· Timing (-T)· Output parametersCompare and contrast various use cases of tools.· Use cases· ToolsGiven a scenario, analyze tool output or data related to a penetration test.· Password cracking· Pass the hash· Setting up a bind shell· Getting a reverse shell· Proxying a connection· Uploading a web shell· InjectionsGiven a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell).· Logic· I/O· Substitutions· Variables· Common operations· Error handling· Arrays· Encoding/decoding5.0 REPORTING AND COMMUNICATIONGiven a scenario, use report writing and handling best practices.· Normalization of data· Written report of findings and remediation· Risk appetite· Storage time for report· Secure handling and disposition of reportsExplain post-report delivery activities.· Post-engagement cleanup· Client acceptance· Lessons learned· Follow-up actions/retest· Attestation of findingsGiven a scenario, recommend mitigation strategies for discovered vulnerabilities.· Solutions· Findings· RemediationExplain the importance of communication during the penetration testing process.· Communication path· Communication triggers· Reasons for communication· Goal reprioritization
CompTIA PenTest+ Certification (Exam PT0-001)
• Intermediate knowledge of information security concepts, including but not limited to identity and access management (IAM), cryptographic concepts and implementations, computer networking concepts and implementations, and common security technologies.• Practical experience in securing various computing environments, including small to medium businesses, as well as enterprise environments.
Productivity Point Learning Solutions
evolved out of a desire to increase our outreach
both nationally and internationally.
Productivity Point Headquarters
1580 Sawgrass Corporate Parkway
Sunrise, Florida 33323