- In this course you will learn the latest pen testing techniques, attack surfaces, vulnerability management, post-delivery, and compliance tasks. The CompTIA PenTest+ certification is a vendor-neutral, internationally targeted validation of intermediate-level penetration testing (or pen testing) knowledge and skills.
- The skills covered by CompTIA PenTest+ help companies comply with regulations, such as PCI-DSS and NIST 800-53 Risk Management Framework (RMF), which require pen tests, vulnerability assessments, and reports. CompTIA PenTest+ is approved under the Department of Defense (DoD) Directive 8140/8570.01-M and under ANSI/ISO standard 17024.
- Planning and scoping a penetration testing engagement
- Understanding legal and compliance requirements
- Performing vulnerability scanning and penetration testing using appropriate tools and techniques, and then analyzing the results
- Producing a written report containing proposed remediation techniques, effectively communicating results to the management team, and providing practical recommendations
The Main Topic of the Course
- Module 1: Planning and Scoping
- Module 2: Information Gathering and Vulnerability Scanning
- Module 3: Attacks and Exploits
- Module 4: Reporting and Communication
- Module 5: Tools and Code Analysis
- 3-4 years of hands-on information security or related experience
- Network+, Security+, or equivalent knowledge
- It is recommended to have LAB in this course
- There are no specific prerequisites required to attend the Exam
Course Outlines and Training Plan
Module 1: Planning and Scoping
- Compare and contrast governance, risk, and compliance concepts.
- Explain the importance of scoping and organizational/customer requirements.
- Given a scenario, demonstrate an ethical hacking mindset by maintaining professionalism and integrity
Module 2: Information Gathering and Vulnerability Scanning
- Given a scenario, perform passive reconnaissance
- Given a scenario, perform active reconnaissance
- Given a scenario, analyze the results of a reconnaissance exercise
- Given a scenario, perform vulnerability scanning
Module 3: Attacks and Exploits
- Given a scenario, research attack vectors and perform network attacks.
- Given a scenario, research attack vectors and perform wireless attacks.
- Given a scenario, research attack vectors and perform application-based attacks
- Given a scenario, research attack vectors and perform attacks on cloud technologies.
- Explain common attacks and vulnerabilities against specialized systems
- Given a scenario, perform a social engineering or physical attack.
- Given a scenario, perform post-exploitation techniques.
Module 4: Reporting and Communication
- Compare and contrast important components of written reports.
- Given a scenario, analyze the findings and recommend the appropriate remediation within a report.
- Explain the importance of communication during the penetration testing process.
- Explain post-report delivery activities.
Module 5: Tools and Code Analysis
- Explain the basic concepts of scripting and software development
- Given a scenario, analyze a script or code sample for use in a penetration test.
- Explain the use cases of the following tools during the phases of a penetration test.