MCSEClasses Certification Training Boot Camp Cisco Certification Training Military Discounts Testimonials About Us Linux/Unix Certification MCSD Certification Home MCSE Certification MCDBA Certification Cisco Certification Security Certification Java Certification Oracle® Certification CIW Certification Jobs Boot Camp Financing Boot Camp Pricing Boot Camp Technical Schedule Contact Us

CompTIA PenTest+ (PT0-001)

Course Length: 5 days
Certifications: CompTIA PenTest+

DoD Approved 8570: CSSP Analyst, CSSP Incident Responder, CSSP Auditor
Number of Exams: 1

Class Schedule
Call for Class Schedule

  • Includes roundtrip airfare and lodging (for boot camps held in Georgia)
  • Hands-on instruction by a certified instructor
  • Includes all course materials

CompTIA PenTest+ (PT0-001) is for cybersecurity professionals tasked with penetration testing and vulnerability management.

CompTIA PenTest+ meets the ISO 17024 standard. Regulators and government rely on ANSI accreditation because it provides confidence and trust in the outputs of an accredited program. Over 2.3 million CompTIA ISO/ANSI-accredited exams have been delivered since January 1, 2011.

What Skills Will You Learn?

  • Planning & Scoping
    Explain the importance of planning and key aspects of compliance-based assessments
  • Information Gathering & Vulnerability Identification
    Gather information to prepare for exploitation then perform a vulnerability scan and analyze results.
  • Attacks & Exploits
    Exploit network, wireless, application, and RF-based vulnerabilities, summarize physical security attacks, and perform post-exploitation techniques
  • Penetration Testing Tools
    Conduct information gathering exercises with various tools and analyze output and basic scripts (limited to: Bash, Python, Ruby, PowerShell)
  • Reporting & Communication
    Utilize report writing and handling best practices explaining recommended mitigation strategies for discovered vulnerabilities

Jobs that use CompTIA PenTest+

  • Penetration Tester
  • Vulnerability Tester
  • Security Analyst (II)
  • Vulnerability Assessment Analyst
  • Network Security Operations
  • Application Security Vulnerability

Exam: PT0-001

The CompTIA PenTest+ certification verifies that successful candidates have the knowledge and skills required to plan and scope an assessment, understand legal and compliance requirements, perform vulnerability scanning and penetration testing, analyze data, and effectively report and communicate results.

Course Content

1.0 Planning and Scoping
Explain the importance of planning for an engagement.
  • Understanding the target audience
  • Rules of engagement
  • Communication escalation path
  • Resources and requirements Budget
  • Impact analysis and remediation timelines
  • Disclaimers
  • Technical constraints
  • Support resources
Explain key legal concepts
  • Contracts
  • Environmental differences
  • Written authorization
Explain the importance of scoping an engagement properly.
  • Types of assessment
  • Special scoping considerations
  • Target selection
  • Strategy
  • Risk acceptance
  • Tolerance to impact
  • Scheduling
  • Scope creep
  • Threat actors
Explain the key aspects of compliance-based assessments.
  • Compliance-based assessments, limitations and caveats
  • Clearly defined objectives based on regulations
2.0 Information Gathering and Vulnerability Identification
Given a scenario, conduct information gathering using appropriate techniques.
  • Scanning
  • Enumeration
  • Packet crafting
  • Packet inspection
  • Fingerprinting
  • Cryptography
  • Eavesdropping
  • Decompilation
  • Debugging
  • Open Source Intelligence Gathering
Given a scenario, analyze vulnerability scan results.
  • Credentialed vs. non-credentialed
  • Types of scans
  • Container security
  • Application scan
  • Considerations of vulnerability scanning
Given a scenario, analyze vulnerability scan results.
  • Asset categorization
  • Adjudication
  • Prioritization of vulnerabilities
  • Common themes
Explain the process of leveraging information to prepare for exploitation.
  • Map vulnerabilities to potential exploits
  • Prioritize activities in preparation for penetration test
  • Describe common techniques to complete attack
Explain weaknesses related to specialized systems.
  • ICS
  • Mobile
  • IoT
  • Embedded
  • Point-of-sale system
  • Biometrics
  • Application containers
  • RTOS
3.0 Attacks and Exploits
Compare and contrast social engineering attacks.
  • Phishing
  • Elicitation
  • Interrogation
  • Impersonation
  • Shoulder surfing
  • USB key drop
  • Motivation techniques
Given a scenario, exploit network-based vulnerabilities.
  • Name resolution exploits
  • SMB exploits
  • SNMP exploits
  • SMTP exploits
  • FTP exploits
  • DNS cache poisoning
  • Pass the hash
  • On-path attack (previously known as man-in-the-middle attack)
  • DoS/stress test
  • NAC bypass
  • VLAN hopping
Given a scenario, exploit wireless and RF-based vulnerabilities.
  • Evil twin
  • Deauthentication attacks
  • Fragmentation attacks
  • Credential harvesting
  • WPS implementation weakness
  • Bluejacking
  • Bluesnarfing
  • RFID cloning
  • Jamming
  • Repeating
Given a scenario, exploit application-based vulnerabilities.
  • Injections
  • Authentication
  • Authorization
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF/XSRF)
  • Clickjacking
  • Security misconfiguration
  • File inclusion
  • Unsecure code practices
Given a scenario, exploit local host vulnerabilities.
  • OS vulnerabilities
  • Unsecure service and protocol configurations
  • Privilege escalation
  • Default account settings
  • Sandbox escape
  • Physical device security
Summarize physical security attacks related to facilities.
  • Piggybacking/tailgating
  • Fence jumping
  • Dumpster diving
  • Lock picking
  • Lock bypass
  • Egress sensor
  • Badge cloning
Given a scenario, perform post-exploitation techniques.
  • Lateral movement
  • Persistence
  • Covering your tracks
4.0 Penetration Testing Tools
Given a scenario, use Nmap to conduct information gathering exercises.
  • SYN scan (-sS) vs. full connect scan (-sT)
  • Port selection (-p)
  • Service identification (-sV)
  • OS fingerprinting (-O)
  • Disabling ping (-Pn)
  • Target input file (-iL)
  • Timing (-T)
  • Output parameters
Compare and contrast various use cases of tools.
  • Use cases
  • Tools
Given a scenario, analyze tool output or data related to a penetration test.
  • Password cracking
  • Pass the hash
  • Setting up a bind shell
  • Getting a reverse shell
  • Proxying a connection
  • Uploading a web shell
  • Injections
Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell).
  • Logic
  • I/O
  • Substitutions
  • Variables
  • Common operations
  • Error handling
  • Arrays
  • Encoding/decoding
5.0 Reporting and Communication
Given a scenario, use report writing and handling best practices.
  • Normalization of data
  • Written report of findings and remediation
  • Risk appetite
  • Storage time for report
  • Secure handling and disposition of reports
Explain post-report delivery activities.
  • Post-engagement cleanup
  • Client acceptance
  • Lessons learned
  • Follow-up actions/retest
  • Attestation of findings
Given a scenario, recommend mitigation strategies for discovered vulnerabilities.
  • Solutions
  • Findings
  • Remediation
Explain the importance of communication during the penetration testing process.
  • Communication path
  • Communication triggers
  • Reasons for communication
  • Goal reprioritization is your best choice for CompTIA PenTest+, CompTIA PenTest+ training, CompTIA PenTest+ certification, CompTIA PenTest+ certification boot camp, CompTIA PenTest+ boot camp, CompTIA PenTest+ certification training, CompTIA PenTest+ boot camp training, CompTIA PenTest+ boot camp certification, CompTIA PenTest+ certification course, CompTIA PenTest+ course, training CompTIA PenTest+, certification CompTIA PenTest+, boot camp CompTIA PenTest+, certification CompTIA PenTest+ boot camp, certification CompTIA PenTest+ training, boot camp CompTIA PenTest+ training, certification CompTIA PenTest+ course.

Search classes by keyword:

Search classes by category:

Copyright © 2021 Institute of Professional Learning. IPL Refund Policy. All Rights Reserved.