0%

Book Description

Learn, prepare, and practice for CompTIA Pentest+ PT0-001 exam success with this CompTIA Cert Guide from Pearson IT Certification, a leader in IT Certification.

  • Master CompTIA Pentest+ PT0-001 exam topics

  • Assess your knowledge with chapter-ending quizzes

  • Review key concepts with exam preparation tasks

  • Practice with realistic exam questions

  • Get practical guidance for next steps and more advanced certifications

CompTIA Pentest+ Cert Guide is a best-of-breed exam study guide. Best-selling author Omar Santos and leading IT security expert Ron Taylor share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.

The companion website contains the powerful Pearson Test Prep practice test software, complete with 340 exam-realistic questions. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.

Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that will allow you to succeed on the exam the first time.

The CompTIA study guide helps you master all the topics on the Pentest+ exam, including:

  • Planning and scoping: Explain the importance of proper planning and scoping, understand key legal concepts, explore key aspects of compliance-based assessments

  • Information gathering and vulnerability identification: Understand passive and active reconnaissance, conduct appropriate information gathering and use open source intelligence (OSINT); perform vulnerability scans; analyze results; explain how to leverage gathered information in exploitation; understand weaknesses of specialized systems

  • Attacks and exploits: Compare and contrast social engineering attacks; exploit network-based, wireless, RF-based, application-based, and local host vulnerabilities; summarize physical security attacks; perform post-exploitation techniques

  • Penetration testing tools: Use numerous tools to perform reconnaissance, exploit vulnerabilities and perform post-exploitation activities; leverage the Bash shell, Python, Ruby, and PowerShell for basic scripting

  • Reporting and communication: Write reports containing effective findings and recommendations for mitigation; master best practices for reporting and communication; perform post-engagement activities such as cleanup of tools or shells

Table of Contents

  1. Cover Page
  2. About This E-Book
  3. Title Page
  4. Copyright Page
  5. Contents at a Glance
  6. Contents
  7. About the Authors
  8. Dedication
  9. Acknowledgments
  10. About the Technical Reviewers
  11. We Want to Hear from You!
  12. Reader Services
  13. Credits
    1. Figure Credits
  14. Introduction
    1. The Goals of the CompTIA PenTest+ Certification
    2. The Exam Objectives (Domains)
    3. Steps to Earning the PenTest+ Certification
    4. Facts About the PenTest+ Exam
    5. About the CompTIA® PenTest+ Cert Guide
    6. Companion Website
    7. Pearson Test Prep Practice Test Software
  15. Chapter 1 Introduction to Ethical Hacking and Penetration Testing
    1. “Do I Know This Already?” Quiz
    2. Understanding Ethical Hacking and Penetration Testing
    3. Understanding the Current Threat Landscape
    4. Exploring Penetration Testing Methodologies
    5. Building Your Own Lab
    6. Review All Key Topics
    7. Define Key Terms
    8. Q&A
  16. Chapter 2 Planning and Scoping a Penetration Testing Assessment
    1. “Do I Know This Already?” Quiz
    2. Explaining the Importance of the Planning and Preparation Phase
    3. Understanding the Legal Concepts of Penetration Testing
    4. Learning How to Scope a Penetration Testing Engagement Properly
    5. Learning the Key Aspects of Compliance-Based Assessments
    6. Review All Key Topics
    7. Define Key Terms
    8. Q&A
  17. Chapter 3 Information Gathering and Vulnerability Identification
    1. “Do I Know This Already?” Quiz
    2. Understanding Information Gathering and Reconnaissance
    3. Understanding the Art of Performing Vulnerability Scans
    4. Understanding How to Analyze Vulnerability Scan Results
    5. Review All Key Topics
    6. Define Key Terms
    7. Q&A
  18. Chapter 4 Social Engineering Attacks
    1. “Do I Know This Already?” Quiz
    2. Understanding Social Engineering Attacks
    3. Phishing
    4. Pharming
    5. Malvertising
    6. Spear Phishing
    7. SMS Phishing
    8. Voice Phishing
    9. Whaling
    10. Elicitation, Interrogation, and Impersonation (Pretexting)
    11. Social Engineering Motivation Techniques
    12. Shoulder Surfing
    13. USB Key Drop and Social Engineering
    14. Review All Key Topics
    15. Define Key Terms
    16. Q&A
  19. Chapter 5 Exploiting Wired and Wireless Networks
    1. “Do I Know This Already?” Quiz
    2. Exploiting Network-Based Vulnerabilities
    3. Exploiting Wireless and RF-Based Attacks and Vulnerabilities
    4. Review All Key Topics
    5. Define Key Terms
    6. Q&A
  20. Chapter 6 Exploiting Application-Based Vulnerabilities
    1. “Do I Know This Already?” Quiz
    2. Overview of Web Applications for Security Professionals
    3. How to Build Your Own Web Application Lab
    4. Understanding Injection-Based Vulnerabilities
    5. Exploiting Authentication-Based Vulnerabilities
    6. Exploiting Authorization-Based Vulnerabilities
    7. Understanding Cross-Site Scripting (XSS) Vulnerabilities
    8. Understanding Cross-Site Request Forgery Attacks
    9. Understanding Clickjacking
    10. Exploiting Security Misconfigurations
    11. Exploiting File Inclusion Vulnerabilities
    12. Exploiting Insecure Code Practices
    13. Review All Key Topics
    14. Define Key Terms
    15. Q&A
  21. Chapter 7 Exploiting Local Host and Physical Security Vulnerabilities
    1. “Do I Know This Already?” Quiz
    2. Exploiting Local Host Vulnerabilities
    3. Understanding Physical Security Attacks
    4. Review All Key Topics
    5. Define Key Terms
    6. Q&A
  22. Chapter 8 Performing Post-Exploitation Techniques
    1. “Do I Know This Already?” Quiz
    2. Maintaining Persistence After Compromising a System
    3. Understanding How to Perform Lateral Movement
    4. Understanding How to Cover Your Tracks and Clean Up Systems After a Penetration Testing Engagement
    5. Review All Key Topics
    6. Define Key Terms
    7. Q&A
  23. Chapter 9 Penetration Testing Tools
    1. “Do I Know This Already?” Quiz
    2. Understanding the Different Use Cases of Penetration Testing Tools and How to Analyze Their Output
    3. Leveraging Bash, Python, Ruby, and PowerShell in Penetration Testing Engagements
    4. Review All Key Topics
    5. Define Key Terms
    6. Q&A
  24. Chapter 10 Understanding How to Finalize a Penetration Test
    1. “Do I Know This Already?” Quiz
    2. Explaining Post-Engagement Activities
    3. Surveying Report Writing Best Practices
    4. Understanding Report Handling and Communications Best Practices
    5. Review All Key Topics
    6. Define Key Terms
    7. Q&A
  25. Chapter 11 Final Preparation
    1. Tools for Final Preparation
    2. Suggested Plan for Final Review/Study
    3. Summary
  26. Appendix A Answers to the “Do I Know This Already?” Quizzes and Q&A Sections
  27. Glossary of Key Terms
  28. Index
  29. Appendix B Study Planner
  30. Where are the companion content files? - Register
  31. Code Snippets
34.204.177.148