The Official CompTIA Pentest+ Certification Study Guide Training


Why Choose Us   |   CompTIA Pentest+ Employment Objective

70 students review
  • Description
  • Schedule
  • What You'll Learn
  • Outline
  • Prerequisites
  • Income Expectations
  • Next Step
  • Tuition Fee
  • Exam

The Official CompTIA Pentest+ Certification Study Guide Training (PT0-001)

CompTIA PenTest+ is a certification for intermediate level cybersecurity professionals who are tasked with penetration testing to identify, exploit, report, and manage vulnerabilities on a network.

CompTIA PenTest+ joins CompTIA Cybersecurity Analyst (CySA+) at the intermediate-skills level of the cybersecurity career pathway. Depending on your Program of study, PenTest+ and CySA+ can be taken in any order but typically follows the skills learned in Security+. While CySA+ focuses on defense through incident detection and response, PenTest+ focuses on offense through penetration testing and vulnerability assessment.

Although the two exams teach opposing skills, they are dependent on one another. The most qualified cybersecurity professionals have both offensive and defensive skills. Earn the PenTest+ certification to grow your career within the CompTIA recommended cybersecurity career pathway.

Intended Audience For This The Official CompTIA Pentest+ Certification Study Guide Training (Exam PT0-001) Program
  1. Penetration Tester
  2. Vulnerability Tester
  3. Security Analyst (II)
  4. Vulnerability Assessment Analyst
  5. Network Security Operations
  6. Application Security Vulnerability
SCHEDULE DATES - 35 Hour Hands-On Program
 
CompTIA PenTest+
9AM - 5PM (Weekdays)
Start Date & Graduation Date
03/21/2022 to 03/25/2022
5 Days (35 Hours) a Week for 1 Week
CompTIA PenTest+
9AM - 5PM (Weekdays)
Start Date & Graduation Date
04/11/2022 to 04/15/2022
5 Days (35 Hours) a Week for 1 Week
CompTIA PenTest+
9AM - 5PM (Weekdays)
Start Date & Graduation Date
05/02/2022 to 05/06/2022
5 Days (35 Hours) a Week for 1 Week
CompTIA PenTest+
9AM - 5PM (Weekdays)
Start Date & Graduation Date
06/13/2022 to 06/17/2022
5 Days (35 Hours) a Week for 1 Week
CompTIA PenTest+
9AM - 5PM (Weekdays)
Start Date & Graduation Date
07/11/2022 to 07/15/2022
5 Days (35 Hours) a Week for 1 Week
CompTIA PenTest+
9AM - 5PM (Weekdays)
Start Date
Graduation Date
03/21/2022
03/25/2022
5 Days (35 Hours) a Week for 1 Week
CompTIA PenTest+
9AM - 5PM (Weekdays)
Start Date
Graduation Date
04/11/2022
04/15/2022
5 Days (35 Hours) a Week for 1 Week
CompTIA PenTest+
9AM - 5PM (Weekdays)
Start Date
Graduation Date
05/02/2022
05/06/2022
5 Days (35 Hours) a Week for 1 Week
CompTIA PenTest+
9AM - 5PM (Weekdays)
Start Date
Graduation Date
06/13/2022
06/17/2022
5 Days (35 Hours) a Week for 1 Week
CompTIA PenTest+
9AM - 5PM (Weekdays)
Start Date
Graduation Date
07/11/2022
07/15/2022
5 Days (35 Hours) a Week for 1 Week

The Official CompTIA Pentest+ Certification Study Guide Objectives

CompTIA PenTest+ Certification Classes

Plan and scope an assessment
Understand legal and compliance requirements
Perform vulnerability scanning and penetration testing using appropriate tools and techniques
Analyze the results
Produce a written report containing proposed remediation techniques
Effectively communicate results to management
Provide practical recommendations

The Official CompTIA Pentest+ Certification Study Guide Training Courses

CompTIA PenTest+ Certification Classes (Exam PT0-001)

Planning and Scoping

1. Explain the importance of planning for an engagement

Understanding the target audience
Rules of engagement
Communication escalation path
Resources and requirements

  • Confidentiality of findings
  • Known vs. unknown

Budget
Impact analysis and remediation timelines
Disclaimers

  • Point-in-time assessment
  • Comprehensiveness

Technical constraints
Support resources

  • WSDL/WADL
  • SOAP project file
  • SDK documentation
  • Swagger document
  • XSD
  • Sample application requests
  • Architectural diagrams
  • Explain key legal concepts
  • Contracts
    • SOW
    • MSA
    • NDA
  • Environmental differences
    • Export restrictions
    • Local and national government restrictions
    • Corporate policies
  • Written authorization
    • Obtain signature from proper signing authority
    • Third-party provider authorization when necessary
    • Explain the importance of scoping an engagement properly

Types of assessment

    • Goals-based/objectives-based
    • Compliance-based
    • Red team
    • Special scoping considerations
    • Premerger
    • Supply chain
    • Target selection
    • Targets
    • Internal
      • On-site vs. off-site
  • External
  • First-party vs. third-party hosted
  • Physical
  • Users
  • SSIDs
  • Applications
    • Considerations
      • White-listed vs. black-listed
      • Security exceptions
        • IPS/WAF whitelist
        • NAC
        • Certificate pinning
        • Company’s policies
  • White-listed vs. black-listed
  • Security exceptions
  • IPS/WAF whitelist
  • NAC
  • Certificate pinning
  • Company’s policies
  • Strategy
    • Black box vs. white box vs. gray box
    • Risk acceptance
    • Tolerance to impact
    • Scheduling
    • Scope creep
    • Threat actors
      • Adversary tier
        • APT
  • Script kiddies
  • Hacktivist
  • Insider threat
  • Capabilities
  • Intent
  • Threat models
  • Explain the key aspects of compliance-based assessments
    • Compliance-based assessments, limitations, and caveats
      • Rules to complete assessment
      • Password policies
      • Data isolation
      • Key management
      • Limitations
        • Limited network access
        • Limited storage access
  • Clearly defined objectives based on regulations
  • 2. Information Gathering and Vulnerability Identification

      • Given a scenario, conduct information gathering using appropriate techniques
    • Scanning
    • Enumeration
      • Hosts
      • Networks
      • Domains
      • Users
      • Groups
      • Network shares
      • Web pages
      • Applications
      • Services
      • Tokens
      • Social networking sites
    • Packet crafting
    • Packet inspection
    • Fingerprinting
    • Cryptography
      • Certificate inspection
    • Eavesdropping
      • RF communication monitoring
      • Sniffing
        • Wired
        • Wireless
    • Decompilation
    • Debugging
    • Open Source Intelligence Gathering
      • Sources of research
        • CERT
        • NIST
        • JPCERT
        • CAPEC
        • Full disclosure
        • CVE
        • CWE
    • Given a scenario, perform a vulnerability scan
    • Credentialed vs. non-credentialed
    • Types of scans
      • Discovery scan
      • Full scan
      • Stealth scan
      • Compliance scan
    • Container security
    • Application scan
      • Dynamic vs. static analysis
    • Considerations of vulnerability scanning
      • Time to run scans
      • Protocols used
      • Network topology
      • Bandwidth limitations
      • Query throttling
      • Fragile systems/non-traditional assets
    • Given a scenario, analyze vulnerability scan results.
      • Asset categorization
      • Adjudication
        • False positives
    • Prioritization of vulnerabilities
    • Common themes
    • Vulnerabilities
    • Observations
    • Lack of best practices
    • Explain the process of leveraging information to prepare for exploitation.
    • Map vulnerabilities to potential exploits
    • Prioritize activities in preparation for penetration test
    • Describe common techniques to complete attack
      • Cross-compiling code
      • Exploit modification
      • Exploit chaining
      • Proof-of-concept development (exploit development)
      • Social engineering
      • Credential brute forcing
      • Dictionary attacks
      • Rainbow tables
      • Deception
    • Explain weaknesses related to specialized systems
      • ICS
      • SCADA
      • Mobile
      • IoT
      • Embedded
      • Point-of-sale system
      • Biometrics
      • Application containers
      • RTOS

    3. Attacks and Exploits

    • Compare and contrast social engineering attacks
      • Phishing
        • Spear phishing
        • SMS phishing
        • Voice phishing
        • Whaling
      • Elicitation
        • Business email compromise
      • Interrogation
      • Impersonation
      • Shoulder surfing
      • USB key drop
      • Motivation techniques
        • Authority
        • Scarcity
        • Social proof
        • Urgency
        • Likeness
        • Fear
    • Given a scenario, exploit network-based vulnerabilities
      • Name resolution exploits
        • NETBIOS name service
        • LLMNR
      • SMB exploits
      • SNMP exploits
      • SMTP exploits
      • FTP exploits
      • DNS cache poisoning
      • Pass the hash
      • Man-in-the-middle
        • ARP spoofing
        • Replay
        • Relay
        • SSL stripping
        • Downgrade
      • DoS/stress test
      • NAC bypass
      • VLAN hopping
    • Given a scenario, exploit wireless and RF-based vulnerabilities
      • Evil twin
        • Karma attack
        • Downgrade attack
      • Deauthentication attacks
      • Fragmentation attacks
      • Credential harvesting
      • WPS implementation weakness
      • Bluejacking
      • Bluesnarfing
      • RFID cloning
      • Jamming
      • Repeating
    • Given a scenario, exploit application-based vulnerabilities
      • Injections
        • SQL
        • HTML
        • Command
        • Code
      • Authentication
        • Credential brute forcing
        • Session hijacking
        • Redirect
        • Default credentials
        • Weak credentials
        • Kerberos exploits
      • Authorization
        • Parameter pollution
        • Insecure direct object reference
      • Cross-site scripting (XSS)
        • Stored/persistent
        • Reflected
        • DOM
      • Cross-site request forgery (CSRF/XSRF)
      • Clickjacking
      • Security misconfiguration
        • Directory traversal
        • Cookie manipulation
      • File inclusion
      • Local
      • Remote
      • Unsecure code practices
        • Comments in source code
        • Lack of error handling
        • Overly verbose error handling
        • Hard-coded credentials
        • Race conditions
        • Unauthorized use of functions/unprotected APIs
        • Hidden elements
          • Sensitive information in the DOM
        • Lack of code signing
    • Given a scenario, exploit local host vulnerabilities
      • OS vulnerabilities
        • Windows
        • Mac OS
        • Linux
        • Android
        • iOS
    • Unsecure service and protocol configurations
    • Privilege escalation
    • Linux-specific
      • SUID/SGID programs
      • Unsecure SUDO
      • Ret2libc
      • Sticky bits
    • Windows-specific
      • Cpassword
      • Clear text credentials in LDAP
      • Kerberoasting
      • Credentials in LSASS
      • Unattended installation
      • SAM database
      • DLL hijacking
    • Exploitable services
      • Unquoted service paths
      • Writable services
    • Unsecure file/folder permissions
    • Keylogger
    • Scheduled tasks
    • Kernel exploits
    • Default account settings
    • Sandbox escape
      • Shell upgrade
      • VM
      • Container
    • Physical device security
      • Cold boot attack
      • JTAG debug
      • Serial console
    • Summarize physical security attacks related to facilities
      • Piggybacking/tailgating
      • Fence jumping
      • Dumpster diving
      • Lock picking
      • Lock bypass
      • Egress sensor
      • Badge cloning
    • Given a scenario, perform post-exploitation techniques
      • Lateral movement
        • RPC/DCOM
          • PsExec
          • WMI
          • Scheduled tasks
      • PS remoting/WinRM
      • SMB
      • RDP
      • Apple Remote Desktop
      • VNC
      • X-server forwarding
      • Telnet
      • SSH
      • RSH/Rlogin
    • Persistence
      • Scheduled jobs
      • Scheduled tasks
      • Daemons
      • Back doors
      • Trojan
      • New user creation
    • Covering your tracks

     

    Penetration Testing Tools

    • Given a scenario, use Nmap to conduct information gathering exercises
      • SYN scan (-sS) vs. full connect scan (-sT)
      • Port selection (-p)
      • Service identification (-sV)
      • OS fingerprinting (-O)
      • Disabling ping (-Pn)
      • Target input file (-iL)
      • Timing (-T)
      • Output parameters
        • -oA
        • -oN
        • -oG
        • -oX
    • Compare and contrast various use cases of tools

     

    • Use cases
    • Reconnaissance
    • Enumeration
    • Vulnerability scanning
    • Credential attacks
    • Offline password cracking
    • Brute-forcing services
    • Persistence
    • Configuration compliance
    • Evasion
    • Decompilation
    • Forensics
    • Debugging
    • Software assurance
      • Fuzzing
      • SAST
      • DAST
    • Tools
      • Scanners
      • Nikto
      • OpenVAS
      • SQLmap
      • Nessus
    • Credential testing tools
      • Hashcat
      • Medusa
      • Hydra
      • Cewl
      • John the Ripper
      • Cain and Abel
      • Mimikatz
      • Patator
      • Dirbuster
      • W3AF
    • Debuggers
      • OLLYDBG
      • Immunity debugger
      • GDB
      • WinDBG
      • IDA
    • Software assurance
      • Findbugs/findsecbugs
      • Peach
      • Dynamo
      • AFL
      • SonarQube
      • YASCA
    • OSINT
      • Whois
      • Nslookup
      • Foca
      • Theharvester
      • Shodan
      • Maltego
      • Recon-NG
      • Censys
    • Wireless
      • Aircrack-NG
      • Kismet
      • WiFite
    • Web proxies
      • OWASP ZAP
      • Burp Suite
    • Social engineering tools
      • SET
      • BeEF
    • Remote access tools
      • SSH
      • NCAT
      • NETCAT
      • Proxychains
    • Networking tools
      • Wireshark
      • Hping
    • Mobile tools
      • Androzer
      • APKX
      • APK studio
    • MISC
      • Searchsploit
      • Powersploit
      • Responder
      • Impacket
      • Empire
      • Metasploit framework
    • Given a scenario, analyze tool output or data related to a penetration test
      • Password cracking
      • Pass the hash
      • Setting up a bind shell
      • Getting a reverse shell
      • Proxying a connection
      • Uploading a web shell
      • Injections

     

    • Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell)
      • Logic
        • Looping
        • Flow control
      • I/O
        • File vs. terminal vs. network
      • Substitutions
      • Variables
      • Common operations
        • String operations
        • Comparisons
      • Error handling
      • Arrays
      • Encoding/decoding

     

    Reporting and Communication

    • Given a scenario, use report writing and handling best practices
      • Normalization of data
      • Written report of findings and remediation
        • Executive summary
        • Methodology
        • Findings and remediation
        • Metrics and measures
          • Risk rating
        • Conclusion
      • Risk appetite
      • Storage time for report
      • Secure handling and disposition of reports
    • Explain post-report delivery activities
      • Post-engagement cleanup
        • Removing shells
        • Removing tester-created credentials
        • Removing tools
      • Client acceptance
      • Lessons learned
      • Follow-up actions/retest
      • Attestation of findings
    • Given a scenario, recommend mitigation strategies for discovered vulnerabilities
      • Solutions
        • People
        • Process
        • Technology
      • Findings
        • Shared local administrator credentials
        • Weak password complexity
        • Plain text passwords
        • No multifactor authentication
        • SQL injection
        • Unnecessary open services
      • Remediation
        • Randomize credentials/LAPS
        • Minimum password requirements/password filters
        • Encrypt the passwords
        • Implement multifactor authentication
        • Sanitize user input/parameterize queries
        • System hardening
    • Explain the importance of communication during the penetration testing process
      • Communication path
        • Communication triggers
        • Critical findings
        • Stages
        • Indicators of prior compromise
      • Reasons for communication
        • Situational awareness
        • De-escalation
        • De-confliction
      • Goal reprioritization
    The Official CompTIA Pentest+ Certification Study Guide Training Classes

    CompTIA Security+ Certification

    HS Diploma/GED

     

    Income Expectation

    $92,600/yr

    The average salary for a CompTIA Pentest+ Certified Employee is $92,600 in New York City. Salary estimates are provided by CompTIA.

     

    CompTIA Pentest+ Certification Employment Objective

    Upon completion of this course, and the certifying exam(s), the student will be qualified to take a job as a

    Network Security Manager
    Network Security Administrator
    CompTIA Pentest+ Certified

    Next Steps after taking this CompTIA PenTest+ Certification Prep (Exam PT0-001)

    CompTIA Advanced Security Practitioner (CASP) Certification Prep

    Tuition Fee $2,800

    • CompTIA
    • CISCO
    • EC-Council
     
    Certified Instructors

    Why Choose Us?

    We provide quality education

    • Institute of Information Technology is approved by the U.S. Department of Homeland Security for Education and Training
    • Institute of Information Technology is approved by the NYS Education Department
    • Teachers are licensed by the NYS Education Department
    • Approved by NYS Labor Department
    • Approved by Workforce1 Development
    • Approved by Adult Career and Continuing Education Services-Vocational Rehabilitation (ACCES-VR)
    • Course Contents are approved by Authorized Partners
    • Unlimited Practice Exam

    We use up-to-date course content

    • Real work Experience from Expert Certified Instructors
    • Authorized Partner Approved Course Contents
    • Hands-On Instructor-Led Classroom Training
    • Simulations of Real Work Projects
    • Limitless Practice Exams
    • One-On-One Help
    • Group Study
    • Lab Practice
    • Mentoring

    We value your time & investment

    • Extra Help if Needed, At No Cost, Until You Are Certified!
    • Students can repeat class until certified at no cost
    • MetroCard will be given to students
    • Payment Plan for Eligible Students
    • Lunch will be provided to students
    • Textbooks included in tuition fee
    • Free Job Placement Assistance
    • Graduates & Career Services
    • Certification Exams Center
    • Discount Exam Vouchers
    • Affordable Tuition Fee
    • Mock Interview