CompTIA PenTest+ Syllabus
Learning Outcomes
Throughout this virtual classroom you will study the following topics:
Planning & Scoping – Be able to explain the importance of planning and essential aspects of compliance-based assessments
Penetration Testing Tools – Understand how to conduct information collection exercises using a series of tools and be able to analyse output and basic scripts, such as Bash and Python
Information Gathering & Vulnerability Identification – Know how to gather information to prepare for exploitation and then go on to perform a vulnerability scan to analyse the results
Reporting & Communication – Utilise report handling and writing best practices to explain recommend strategies for mitigation, for discovered vulnerabilities
Attacks & Exploits – Be able to exploit networks, applications and RF-based vulnerabilities, as well being able to summarise physical security attacks. Know how to perform post-exploitation techniques
Syllabus
Module 1: Introduction
CompTIA
- The PenTest+ Exam
- What Does This Course Cover?
- CompTIA PenTest+ Certification Exam Objectives
Module 2: Penetration Testing
- What Is Penetration Testing?
- Reasons for Penetration Testing
- Who Performs Penetration Tests?
- The CompTIA Penetration Testing Process
- The Cyber Kill Chain
- Tools of the Trade
- Summary
- Exam Essentials
- Lab Exercises
Module 3: Planning and Scoping Penetration Tests
- Scoping and Planning Engagements
- Key Legal Concepts for Penetration Tests
- Understanding Compliance-Based Assessments
- Summary
- Exam Essentials
- Lab Exercises
Module 4: Information Gathering
- Footprinting and Enumeration
- Active Reconnaissance and Enumeration
- Information Gathering and Defences
- Summary
- Exam Essentials
- Lab Exercises
Module 5: Vulnerability Scanning
- Identifying Vulnerability Management Requirements
- Configuring and Executing Vulnerability Scans
- Software Security Testing
- Developing a Remediation Workflow
- Overcoming Barriers to Vulnerability Scanning
- Summary
- Exam Essentials
- Lab Exercises
Module 6: Analysing Vulnerability Scans
- Reviewing and Interpreting Scan Reports
- Validating Scan Results
- Common Vulnerabilities
- Summary
- Exam Essentials
- Lab Exercises
Module 7: Exploit and Pivot
- Exploits and Attacks
- Exploitation Toolkits
- Exploit Specifics
- Leveraging Exploits
- Persistence and Evasion
- Pivoting
- Covering Your Tracks
- Summary
- Exam Essentials
- Lab Exercises
Module 8: Exploiting Network Vulnerabilities
- Conducting Network Exploits
- Exploiting Windows Services
- Exploiting Common Services
- Wireless Exploits
- Summary
- Exam Essentials
- Lab Exercises
Module 9: Exploiting Physical and Social Vulnerabilities
- Physical Facility Penetration Testing
- Social Engineering
- Summary
- Exam Essentials
- Lab Exercises
Module 10: Exploiting Application Vulnerabilities
- Exploiting Injection Vulnerabilities
- Exploiting Authentication Vulnerabilities
- Exploiting Authorisation Vulnerabilities
- Exploiting Web Application Vulnerabilities
- Unsecure Coding Practices
- Application Testing Tools
- Summary
- Exam Essentials
- Lab Exercises
Module 11: Exploiting Host Vulnerabilities
- Attacking Hosts
- Remote Access
- Attacking Virtual Machines and Containers
- Physical Device Security
- Attacking Mobile Devices
- Credential Attacks
- Summary
- Exam Essentials
- Lab Exercises
Module 12: Scripting for Penetration Testing
- Scripting and Penetration Testing
- Variables, Arrays, and Substitutions
- Comparison Operations
- String Operations
- Flow Control
- Input and Output (I/O)
- Error Handling
- Summary
- Exam Essentials
- Lab Exercises
Module 13: Reporting and Communication
- The Importance of Communication
- Recommending Mitigation Strategies
- Writing a Penetration Testing Report
- Wrapping Up the Engagement
- Summary
- Exam Essentials
- Lab Exercises
CompTIA Server+ Exam Details
Exam: Code PT0-002
The CompTIA Project+ exam tests your knowledge on what you have learnt throughout this certification, enabling you to effectively plan and scope an assessment, understand compliance and legal requirements, and know how to perform vulnerability scanning and penetration testing.
Exam format - Performance-based, multiple-choice.
Number of questions - Maximum of 85.
Duration - 165-mins.
Pass Mark - 750/900 (83%).