18756 Stone Oak Park Way, Suite200, San Antonio TX 78258 USA
100 Queen St W, Brampton, ON L6X 1A4, Canada
country flagUnited States
share button

CompTIA PenTest+ Certification Prep (Exam PT0-001) Training


What CompTIA PenTest+ Certification Prep (Exam PT0-001) training is all about?

CompTIA PenTest+ Certification Prep (Exam PT0-001) Training course is an excellent option for the cybersecurity professionals who need to perform tasks of identifying, exploiting, reporting, and managing the vulnerabilities for any network. Our curriculum aims at teaching the intermediate skills with ethical practices that are important for customization of assessment frameworks for effective collaboration to report findings and communication of strategies to improvise the state of IT security. Pentest + focuses on any offense through penetration testing and assessment of vulnerability. We can guide you towards earning certification in this course that boosts up your career growth in cybersecurity.

CompTIA Pen Test+ Certification Prep (Exam PTO-001) is a technical training course that helps plan and develop the assessment scope. It helps in understanding legal and compliance requirements to perform vulnerability scanning. Testing with proper tools and techniques results in analysis, production of reports comprising proposed remediation techniques, and effective communication of results to management with practical recommendations. This course design suits perfectly for the penetration tester, vulnerability tester, vulnerability assessment analyst, security analyst, application security engineer, and network security operations. Our Enterprise Training program allows a team up-grading with a particular skill set that leads to the firm's overall development.

Schedule
  • Delivery Format:
Date: Aug 31, 2020 | 10:00 am - 4:30 pm EST
Location: Online
$2495 USD
What are the course objectives for CompTIA PenTest+ Certification Prep (Exam PT0-001) training?
  • Scoping and planning an assessment
  • Understanding compliance and legal needs.
  • Performing penetration testing and vulnerability scanning by utilizing a appropriate techniques and tools.
  • Analyzing the conclusions.
  • Producing written report containing remediation techniques
  • Providing practical recommendations.
  • Efficient Communication to the management.
Who should attend CompTIA PenTest+ Certification Prep (Exam PT0-001) training?

This course is intended for Application Security Engineer, Network Security Operations, Vulnerability Tester, Assessment Analyst and Penetration Tester.

What is the course outline for CompTIA PenTest+ Certification Prep (Exam PT0-001) training?
  • 1. Planning and Scoping
  • a). Explain the importance of planning for an engagement
  • i). Understanding the target audience
  • ii). Rules of engagement
  • iii). Communication escalation path
  • iv). Resources and requirements
  • v). Budget
  • vi). Impact analysis and remediation timelines
  • b). Explain key legal concepts
  • i). Contracts
  • ii). Environmental differences
  • iii). Written authorization
  • c). Explain the importance of scoping an engagement properly
  • i). Types of assessment
  • ii). Special scoping considerations
  • iii). Target selection
  • iv). Strategy
  • v). Risk acceptance
  • vi). Tolerance to impact
  • d). Explain the key aspects of compliance-based assessments
  • i). Compliance-based assessments, limitations, and caveats
  • 2. Information Gathering and Vulnerability Identification
  • a). Given a scenario, conduct information gathering using appropriate techniques
  • i). Scanning
  • ii). Enumeration
  • iii). Packet crafting
  • iv). Packet inspection
  • v). Fingerprinting
  • vi). Cryptography
  • b). Given a scenario, perform a vulnerability scan
  • i). Credentialed vs. non-credentialed
  • ii). Types of scans
  • iii). Container security
  • iv). Application scan
  • v). Considerations of vulnerability scanning
  • c). Given a scenario, analyze vulnerability scan results.
  • d). Asset categorization
  • e). Adjudication
  • i). False positives
  • f). Prioritization of vulnerabilities
  • g). Common themes
  • i). Vulnerabilities
  • ii). Observations
  • iii). Lack of best practices
  • h). Explain the process of leveraging information to prepare for exploitation.
  • i). Map vulnerabilities to potential exploits
  • j). Prioritize activities in preparation for penetration test
  • k). Describe common techniques to complete attack
  • i). Cross-compiling code
  • ii). Exploit modification
  • iii). Exploit chaining
  • iv). Proof-of-concept development (exploit development)
  • v). Social engineering
  • vi). Credential brute forcing
  • l). Explain weaknesses related to specialized systems
  • i). ICS
  • ii). SCADA
  • iii). Mobile
  • iv). IoT
  • v). Embedded
  • vi). Point-of-sale system
  • 3. Attacks and Exploits
  • a). Compare and contrast social engineering attacks
  • i). Phishing
  • ii). Elicitation
  • iii). Interrogation
  • iv). Impersonation
  • v). Shoulder surfing
  • vi). USB key drop
  • b). Given a scenario, exploit network-based vulnerabilities
  • i). Name resolution exploits
  • ii). SMB exploits
  • iii). SNMP exploits
  • iv). SMTP exploits
  • v). FTP exploits
  • vi). DNS cache poisoning
  • c). Given a scenario, exploit wireless and RF-based vulnerabilities
  • i). Evil twin
  • ii). Deauthentication attacks
  • iii). Fragmentation attacks
  • iv). Credential harvesting
  • v). WPS implementation weakness
  • vi). Bluejacking
  • d). Given a scenario, exploit application-based vulnerabilities
  • i). Injections
  • ii). Authentication
  • iii). Authorization
  • iv). Cross-site scripting (XSS)
  • v). Cross-site request forgery (CSRF/XSRF)
  • vi). Clickjacking
  • e). Given a scenario, exploit local host vulnerabilities
  • i). OS vulnerabilities
  • ii). Unsecure service and protocol configurations
  • iii). Privilege escalation
  • iv). Default account settings
  • v). Sandbox escape
  • vi). Physical device security
  • f). Summarize physical security attacks related to facilities
  • i). Piggybacking/tailgating
  • ii). Fence jumping
  • iii). Dumpster diving
  • iv). Lock picking
  • v). Lock bypass
  • vi). Egress sensor
  • g). Given a scenario, perform post-exploitation techniques
  • i). Lateral movement
  • ii). Persistence
  • iii). Covering your tracks
  • 4. Penetration Testing Tools
  • a). Given a scenario, use Nmap to conduct information gathering exercises
  • i). SYN scan (-sS) vs. full connect scan (-sT)
  • ii). Port selection (-p)
  • iii). Service identification (-sV)
  • iv). OS fingerprinting (-O)
  • v). Disabling ping (-Pn)
  • vi). Target input file (-iL)
  • b). Compare and contrast various use cases of tools
  • i). Use cases
  • ii). Tools
  • c). Given a scenario, analyze tool output or data related to a penetration test
  • i). Password cracking
  • ii). Pass the hash
  • iii). Setting up a bind shell
  • iv). Getting a reverse shell
  • v). Proxying a connection
  • vi). Uploading a web shell
  • d). Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell)
  • i). Logic
  • ii). I/O
  • 5. Reporting and Communication
  • a). Given a scenario, use report writing and handling best practices
  • i). Normalization of data
  • ii). Written report of findings and remediation
  • iii). Risk appetite
  • iv). Storage time for report
  • v). Secure handling and disposition of reports
  • b). Explain post-report delivery activities
  • i). Post-engagement cleanup
  • ii). Client acceptance
  • iii). Lessons learned
  • iv). Follow-up actions/retest
  • v). Attestation of findings
  • c). Given a scenario, recommend mitigation strategies for discovered vulnerabilities
  • i). Solutions
  • ii). Findings
  • iii). Remediation
  • d). Explain the importance of communication during the penetration testing process
  • i). Communication path
  • ii). Communication triggers
  • iii). Reasons for communication
  • iv). Goal reprioritization