CompTIA Penetration Tester (PenTest+)
Overview
PenTest+ assesses the most up-to-date penetration testing, and vulnerability assessment and management skills necessary to determine the resiliency of the network against attacks. PenTest+ is compliant with ISO 17024 standards and approved by the US DoD to meet directive 8140/8570.01-M requirements. Regulators and government rely on ANSI accreditation, because it provides confidence and trust in the outputs of an accredited program.
Objectives
- Plan and scope a penetration testing engagement
- Understand legal and compliance requirements
- Perform vulnerability scanning and penetration testing using appropriate tools and techniques, and then analyze the results
- Produce a written report containing proposed remediation techniques, effectively communicate results to the management team, and provide practical recommendations
Audience
CompTIA PenTest+ is for cybersecurity professionals tasked with penetration testing and vulnerability management.
Prerequisites
Network+, Security+ or equivalent knowledge. Minimum of 3-4 years of hands-on information security or related experience. While there is no required prerequisite, PenTest+ is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus.
Outline
- Compare and contrast governance, risk, and compliance concepts
- Explain the importance of scoping and organizational/customer requirements.
- Given a scenario, demonstrate an ethical hacking mindset by maintaining professionalism and integrity
- Given a scenario, perform passive reconnaissance.
- Given a scenario, perform active reconnaissance.
- Given a scenario, analyze the results of a reconnaissance exercise
- Given a scenario, perform vulnerability scanning.
- Given a scenario, research attack vectors and perform network attacks.
- Given a scenario, research attack vectors and perform wireless attacks.
- Given a scenario, research attack vectors and perform application-based attacks
- Given a scenario, research attack vectors and perform attacks on cloud technologies.
- Explain common attacks and vulnerabilities against specialized systems
- Given a scenario, perform a social engineering or physical attack
- Given a scenario, perform post-exploitation techniques.
- Compare and contrast important components of written reports
- Given a scenario, analyze the findings and recommend the appropriate remediation within a report.
- Explain the importance of communication during the penetration testing process.
- Explain post-report delivery activities.
- Explain the basic concepts of scripting and software development.
- Given a scenario, analyze a script or code sample for use in a penetration test.
- Explain use cases of the following tools during the phases of a penetration test.
Exam Facts
| Delivery | Online (Web based) |
| Format | Multiple choice |
| Proctoring | Live |
| Duration | 165 minutes |
| # of questions | Maximum of 85 questions |
| Pass grade | 750 (on a scale of 100-900) |
