CompTIA PenTest+ Cert Guide (PT0-002)

(PT0-002.AB1)/ISBN:978-1-64459-340-0

This course includes
Lessons
TestPrep
Hand-on Lab
Instructor Led (Add-on)
AI Tutor (Add-on)

The CompTIA Pentest+ Cert Guide exam measures a candidate’s ability to accomplish pen testing skills for the cloud, hybrid environments, web applications, Internet of Things (IoT), and traditional on-premises.

Lessons

11+ Lessons | 423+ Exercises | 117+ Quizzes | 200+ Flashcards | 200+ Glossary of terms

TestPrep

85+ Pre Assessment Questions | 2+ Full Length Tests | 85+ Post Assessment Questions | 170+ Practice Test Questions

Hand on lab

46+ LiveLab | 42+ Video tutorials | 01:34+ Hours

Here's what you will learn

Download Course Outline

Lessons 1: Introduction

  • The Goals of the CompTIA PenTest+ Certification
  • The Exam Objectives (Domains)
  • Steps to Earning the PenTest+ Certification
  • Facts About the PenTest+ Exam
  • About the CompTIA PenTest+ PT0-002 Cert Guide

Lessons 2: Introduction to Ethical Hacking and Penetration Testing

  • Understanding Ethical Hacking and Penetration Testing
  • Exploring Penetration Testing Methodologies
  • Building Your Own Lab
  • Review All Key Topics

Lessons 3: Planning and Scoping a Penetration Testing Assessment

  • Comparing and Contrasting Governance, Risk, and Compliance Concepts
  • Explaining the Importance of Scoping and Organizational or Customer Requirements
  • Demonstrating an Ethical Hacking Mindset by Maintaining Professionalism and Integrity
  • Review All Key Topics

Lessons 4: Information Gathering and Vulnerability Scanning

  • Performing Passive Reconnaissance
  • Performing Active Reconnaissance
  • Understanding the Art of Performing Vulnerability Scans
  • Understanding How to Analyze Vulnerability Scan Results
  • Review All Key Topics

Lessons 5: Social Engineering Attacks

  • Pretexting for an Approach and Impersonation
  • Social Engineering Attacks
  • Physical Attacks
  • Social Engineering Tools
  • Methods of Influence
  • Review All Key Topics

Lessons 6: Exploiting Wired and Wireless Networks

  • Exploiting Network-Based Vulnerabilities
  • Exploiting Wireless Vulnerabilities
  • Review All Key Topics

Lessons 7: Exploiting Application-Based Vulnerabilities

  • Overview of Web Application-Based Attacks for Security Professionals and the OWASP Top 10
  • How to Build Your Own Web Application Lab
  • Understanding Business Logic Flaws
  • Understanding Injection-Based Vulnerabilities
  • Exploiting Authentication-Based Vulnerabilities
  • Exploiting Authorization-Based Vulnerabilities
  • Understanding Cross-Site Scripting (XSS) Vulnerabilities
  • Understanding Cross-Site Request Forgery (CSRF/XSRF) and Server-Side Request Forgery Attacks
  • Understanding Clickjacking
  • Exploiting Security Misconfigurations
  • Exploiting File Inclusion Vulnerabilities
  • Exploiting Insecure Code Practices
  • Review All Key Topics

Lessons 8: Cloud, Mobile, and IoT Security

  • Researching Attack Vectors and Performing Attacks on Cloud Technologies
  • Explaining Common Attacks and Vulnerabilities Against Specialized Systems
  • Review All Key Topics

Lessons 9: Performing Post-Exploitation Techniques

  • Creating a Foothold and Maintaining Persistence After Compromising a System
  • Understanding How to Perform Lateral Movement, Detection Avoidance, and Enumeration
  • Review All Key Topics

Lessons 10: Reporting and Communication

  • Comparing and Contrasting Important Components of Written Reports
  • Analyzing the Findings and Recommending the Appropriate Remediation Within a Report
  • Explaining the Importance of Communication During the Penetration Testing Process
  • Explaining Post-Report Delivery Activities
  • Review All Key Topics

Lessons 11: Tools and Code Analysis

  • Understanding the Basic Concepts of Scripting and Software Development
  • Understanding the Different Use Cases of Penetration Testing Tools and Analyzing Exploit Code
  • Review All Key Topics

Hands-on LAB Activities

Information Gathering and Vulnerability Scanning

  • Performing Zone Transfer Using dig
  • Using dnsrecon
  • Using Recon-ng to Gather Information
  • Performing Reconnaissance on a Network
  • Performing a UDP Scan Using Nmap
  • Using Nmap for User Enumeration
  • Using Nmap for Network Enumeration
  • Performing Nmap SYN Scan
  • Conducting Vulnerability Scanning Using Nessus

Social Engineering Attacks

  • Using BeEF
  • Using SET Tool to Plan an Attack

Exploiting Wired and Wireless Networks

  • Using the EternalBlue Exploit in Metasploit
  • Simulating the DDoS Attack
  • Performing a DHCP Starvation Attack
  • Understanding the Pass-the-hash Attack
  • Performing ARP Spoofing
  • Exploiting SMTP
  • Exploiting SNMP
  • Searching Exploits Using searchsploit
  • Exploiting SMB

Exploiting Application-Based Vulnerabilities

  • Conducting a Cross Site Scripting (XXS) attack
  • Using curl to Make the HTTP GET Request
  • Capturing Network Packets Using tcpdump
  • Exploiting Command Injection Vulnerabilities
  • Exploiting a Website Using SQL Injection
  • Performing Session Hijacking Using Burp Suite
  • Cracking Passwords
  • Conducting a Cross-Site Request Forgery Attack

Cloud, Mobile, and IoT Security

  • Understanding Local Privilege Escalation

Performing Post-Exploitation Techniques

  • Using OWASP ZAP
  • Using the Task Scheduler
  • Writing Bash Shell Script
  • Performing an Intense Scan in Zenmap
  • Using dig and nslookup Commands
  • Creating Reverse and Bind Shells Using Netcat
  • Hiding Text Using Steganography
  • Using the Metasploit RDP Post-Exploitation Module

Tools and Code Analysis

  • Finding Live Hosts by Using the Ping Sweep in Python
  • Whitelisting an IP Address in the Windows Firewall
  • Viewing Exploits Written in Perl
  • Viewing the Effects of Hostile JavaScript in the Browser
  • Using Meterpreter to Display the System Information
  • Performing Vulnerability Scanning Using OpenVAS
  • Enumerating Data Using enum4linux
  • Using Maltego to Gather Information
  • Cracking a Linux Password Using John the Ripper

Exam FAQs

Network+, Security+ or equivalent knowledge. Minimum of 3-4 years of hands-on information security or related experience. While there is no required prerequisite, PenTest+ is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus.

$165

Performance-based and multiple choice

The exam contains Maximum of 85 questions questions.

165 minutes minutes

750 (on a scale of 100-900)

A candidate can retake the exam only after 24 hours of the failed attempt.