CompTIA PenTest+ Certification Passport (Exam PT0-001)

CompTIA PenTest+ Certification Passport (Exam PT0-001)

by Heather Linn
Released February 2020
Publisher(s): McGraw-Hill
ISBN: 9781260460056

Explore a preview version of CompTIA PenTest+ Certification Passport (Exam PT0-001) right now.

O’Reilly members get unlimited access to live online training experiences, plus books, videos, and digital content from 200+ publishers.

Start your free trial

Book description

This effective self-study guide serves as an accelerated review of all exam objectives for the CompTIA PenTest+ certification exam

This concise, quick-review test preparation guide offers 100% coverage of all exam objectives for the new CompTIA PenTest+ exam. Designed as an accelerated review of all the key information covered on the exam, the Passport’s established pedagogy enables you to tailor a course for study and drill down into the exam objectives. Special elements highlight actual exam topics and point you to additional resources for further information.

Written by an IT security expert and experienced author, CompTIA PenTest+ Certification Passport (Exam PT0-001) focuses on exactly what you need to know to pass the exam. The book features end of chapter review sections that provide bulleted summations organized by exam objective. Accurate practice exam questions with in-depth answer explanations aid in retention, reinforce what you have learned, and show how this information directly relates to the exam.

• Online content includes access to the TotalTester online test engine with 200 multiple-choice practice questions and additional performance-based questions
• Follows the newly-refreshed Certification Passport series developed by training guru Mike Meyers
• Includes a 10% off exam voucher coupon, a $35 value

Table of contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. Contents at a Glance
  6. Contents
  7. Acknowledgments
  8. Introduction
  9. 1.0 Planning and Scoping
    1. Objective 1.1 Explain the importance of planning for an engagement
      1. Understanding the Target Audience
      2. Rules of Engagement
      3. Communication
      4. Resources and Requirements
        1. Confidentiality of Findings
        2. Known vs. Unknown
      5. Budget
      6. Impact Analysis and Remediation Timelines
      7. Disclaimers
      8. Technical Constraints
      9. Support Resources
      10. REVIEW
        1. 1.1 QUESTIONS
        2. 1.1 ANSWERS
    2. Objective 1.2 Explain key legal concepts
      1. Contracts
      2. Environmental Differences
      3. Written Authorization
      4. REVIEW
        1. 1.2 QUESTIONS
        2. 1.2 ANSWERS
    3. Objective 1.3 Explain the importance of scoping an engagement properly
      1. Types of Penetration Testing
        1. Goals-Based/Objectives-Based Penetration Testing
        2. Compliance-Based Penetration Testing
        3. Red Team Testing
      2. Special Scoping Considerations
      3. Target Selection
        1. Targets
        2. Testing Considerations
      4. Strategy
      5. Risk Acceptance
      6. Tolerance to Impact
      7. Scheduling
      8. Scope Creep
      9. Threat Actors
        1. Threat Models
      10. REVIEW
        1. 1.3 QUESTIONS
        2. 1.3 ANSWERS
    4. Objective 1.4 Explain the key aspects of compliance-based assessments
      1. Compliance-Based Assessments, Limitations, and Caveats
      2. Rules to Complete Assessment
      3. Password Policies and Key Management
      4. Data Isolation
      5. Limitations
      6. Clearly Defined Objectives Based on Regulations
      7. REVIEW
        1. 1.4 QUESTIONS
        2. 1.4 ANSWERS
  10. 2.0 Information Gathering and Vulnerability Identification
    1. Objective 2.1 Given a scenario, conduct information gathering using appropriate techniques
      1. Scanning
      2. Enumeration
        1. Hosts
        2. Networks
        3. Domains
        4. Users and Groups
        5. Network Shares
        6. Web Pages
        7. Services and Applications
        8. Token Enumeration
        9. Social Network Enumeration
      3. Fingerprinting
      4. Packet Crafting
      5. Packet Inspection
      6. Cryptography
        1. Certificate Inspection
      7. Eavesdropping
        1. RF Communication Monitoring
        2. Sniffing
      8. Decompilation
      9. Debugging
      10. Open-Source Intelligence Gathering
      11. REVIEW
        1. 2.1 QUESTIONS
        2. 2.1 ANSWERS
    2. Objective 2.2 Given a scenario, perform a vulnerability scan
      1. Credentialed vs. Noncredentialed
        1. Credentialed Scans
        2. Noncredentialed scans
      2. Types of Scans
      3. Container Security
      4. Application Scanning
        1. DAST
        2. SAST
      5. Considerations of Vulnerability Scanning
        1. Time to Run Scans
        2. Protocols Used
        3. Network Topology and Bandwidth Limitations
        4. Fragile Systems/Nontraditional Assets
      6. REVIEW
        1. 2.2 QUESTIONS
        2. 2.2 ANSWERS
    3. Objective 2.3 Given a scenario, analyze vulnerability scan results
      1. Asset Categorization
      2. Adjudication
      3. Prioritization of Vulnerabilities
      4. Common Themes
      5. REVIEW
        1. 2.3 QUESTIONS
        2. 2.3 ANSWERS
    4. Objective 2.4 Explain the process of leveraging information to prepare for exploitation
      1. Map Vulnerabilities to Potential Exploits
      2. Prioritize Activities in Preparation for a Penetration Test
      3. Describe Common Techniques to Complete an Attack
        1. Cross-Compiling Code
        2. Exploit Modification
        3. Exploit Chaining
        4. Proof-of-Concept Development (Exploit Development)
        5. Social Engineering
        6. Deception
        7. Credential Brute Forcing
        8. Dictionary Attacks
        9. Rainbow Tables
      4. REVIEW
        1. 2.4 QUESTIONS
        2. 2.4 ANSWERS
    5. Objective 2.5 Explain weaknesses related to specialized systems
      1. ICS and SCADA
      2. Mobile
      3. IoT
      4. Embedded Systems
      5. Point-of-Sale Systems
      6. Biometrics
      7. RTOS
      8. REVIEW
        1. 2.5 QUESTIONS
        2. 2.5 ANSWERS
  11. 3.0 Attacks and Exploits
    1. Objective 3.1 Compare and contrast social engineering attacks
      1. Phishing
        1. Spear Phishing
        2. SMS Phishing
        3. Voice Phishing
        4. Whaling
      2. Elicitation
        1. Goals of Elicitation
        2. Example Tactics for Elicitation
      3. Interrogation
      4. Impersonation
      5. Shoulder Surfing
      6. Physical Drops
      7. Motivation Techniques
      8. REVIEW
        1. 3.1 QUESTIONS
        2. 3.1 ANSWERS
    2. Objective 3.2 Given a scenario, exploit network-based vulnerabilities
      1. Name Resolution Exploits
        1. DNS Attacks
        2. NetBIOS and LLMNR Name Services
      2. SMB Exploits
      3. SNMP Exploits
      4. SMTP Exploits
      5. FTP Exploits
      6. Pass-the-Hash
      7. Man-in-the-Middle Attack
        1. ARP Spoofing
        2. Replay Attacks
        3. Relay Attacks
        4. SSL Stripping
        5. Downgrade Attacks
      8. DoS/Stress Test
      9. NAC Bypass
      10. VLAN Hopping
      11. REVIEW
        1. 3.2 QUESTIONS
        2. 3.2 ANSWERS
    3. Objective 3.3 Given a scenario, exploit wireless and RF-based vulnerabilities
      1. Wireless Network Types
        1. Open
        2. WEP
        3. WPA
      2. Wireless Network Attacks
        1. Evil Twin
        2. Downgrade Attack
        3. Deauthentication Attacks
        4. Fragmentation Attacks
        5. Credential Harvesting
        6. WPS Implementation Weakness
      3. Other Wireless Attacks
        1. Bluetooth
        2. RFID Cloning
        3. Jamming
      4. REVIEW
        1. 3.3 QUESTIONS
        2. 3.3 ANSWERS
    4. Objective 3.4 Given a scenario, exploit application-based vulnerabilities.
      1. Injections
        1. SQL Injection
        2. HTML Injection and Cross-Site Scripting
        3. Code Injection and Command Injection
      2. Security Misconfiguration
        1. Directory Traversal
        2. File Inclusion
        3. Cookie Manipulation
      3. Authentication
        1. Credential Brute Forcing
        2. Session Hijacking
        3. Redirect
        4. Default and Weak Credentials
      4. Authorization
        1. Parameter Pollution
        2. Insecure Direct Object Reference
      5. Unsecure Code Practices
        1. Comments in Source Code
        2. Lack of Error Handling
        3. Hard-Coded Credentials
        4. Race Conditions
        5. Unauthorized Use of Functions/Unprotected APIs
        6. Hidden Elements
        7. Lack of Code Signing
      6. Other Attacks
        1. Cross-Site Request Forgery
        2. Clickjacking
      7. REVIEW
        1. 3.4 QUESTIONS
        2. 3.4 ANSWERS
    5. Objective 3.5 Given a scenario, exploit local host vulnerabilities
      1. Windows Host-Based Vulnerabilities
        1. Windows Privileges
        2. Windows OS Vulnerabilities
        3. Windows Configuration Weaknesses
        4. Windows Service Abuse
      2. Linux Host-Based Vulnerabilities
        1. Linux Privileges
        2. Linux OS Vulnerabilities
        3. Linux Default Configurations
        4. Linux Service Exploits
        5. Android
      3. Apple Device Host-Based Vulnerabilities
        1. macOS
        2. iOS
      4. Sandbox Escape and Controls Evasion
        1. Shell Upgrade
        2. Virtual Machines
        3. Containers
        4. Application Sandboxes
        5. AV and Antimalware Evasion
      5. Other Exploitations
        1. Exploitation of Memory Vulnerabilities
        2. Keyloggers
        3. Physical Device Security
      6. REVIEW
        1. 3.5 QUESTIONS
        2. 3.5 ANSWERS
    6. Objective 3.6 Summarize physical security attacks related to facilities
      1. Piggybacking/Tailgating
      2. Fence Jumping
      3. Dumpster Diving
      4. Locks
        1. Lock Picking
        2. Lock Bypass
      5. Bypassing Other Surveillance
      6. REVIEW
        1. 3.6 QUESTIONS
        2. 3.6 ANSWERS
    7. Objective 3.7 Given a scenario, perform post-exploitation techniques
      1. Lateral Movement
        1. RPC/DCOM
        2. PsExec
        3. WMI
        4. Scheduled Tasks
        5. PS Remoting/WinRM
        6. SMB
        7. RDP
        8. Apple Remote Desktop
        9. VNC
        10. X-Server Forwarding
        11. Telnet
        12. SSH
      2. Persistence
        1. Daemons
        2. Backdoors
        3. Trojans
        4. New User Creation
      3. Covering Your Tracks
      4. REVIEW
        1. 3.7 QUESTIONS
        2. 3.7 ANSWERS
  12. 4.0 Penetration Testing Tools
    1. Objective 4.1 Given a scenario, use Nmap to conduct information gathering exercises
      1. Nmap Scanning Options
        1. SYN Scan
        2. Full Connect Scan
        3. Service Identification
        4. Script Scanning
        5. OS Fingerprinting
        6. Scanning with -A
        7. Disable Ping
        8. Input File
        9. Timing
      2. Output Parameters
        1. Verbosity: -v
        2. Normal Output: -oN
        3. Grepable Output: -oG
        4. XML Output: -oX
        5. All Output: -oA
      3. REVIEW
        1. 4.1 QUESTIONS
        2. 4.1 ANSWERS
    2. Objective 4.2 Compare and contrast various use cases of tools
    3. Objective 4.3 Given a scenario, analyze tool output or data related to a penetration test
      1. Testing Tools
        1. AFL
        2. APK Studio
        3. APKX
        4. Aircrack-ng
        5. Aireplay-ng
        6. Airodump-ng
        7. BeEF
        8. Burp Suite
        9. Cain and Abel
        10. Censys
        11. CeWL
        12. DirBuster
        13. Drozer
        14. PowerShell Empire
        15. FOCA
        16. Findbugs/Findsecbugs/SpotBugs
        17. GDB
        18. Hashcat
        19. Hostapd
        20. Hping
        21. Hydra
        22. IDA
        23. Immunity Debugger
        24. Impacket
        25. John the Ripper
        26. Kismet
        27. Maltego
        28. Medusa
        29. Metasploit Framework
        30. Mimikatz
        31. Ncat
        32. Ncrack
        33. Nessus
        34. Netcat
        35. Nikto
        36. Nslookup
        37. OWASP ZAP
        38. OllyDbg
        39. OpenVAS
        40. Packetforge-ng
        41. Patator
        42. Peach
        43. PTH-smbclient
        44. PowerSploit
        45. Proxychains
        46. Recon-NG
        47. Responder
        48. SET
        49. SQLMap
        50. SSH
        51. Scapy
        52. Searchsploit
        53. Shodan
        54. SonarQube
        55. The Harvester
        56. W3AF
        57. Whois
        58. Wifite
        59. WinDBG
        60. Wireshark
      2. Setting Up a Bind Shell
        1. Bash
        2. Python
        3. PowerShell
      3. Reverse Shells
        1. Bash
        2. Python
        3. PowerShell
      4. Uploading a Web Shell
        1. Tomcat Compromise with Metasploit
      5. REVIEW
        1. 4.2 AND 4.3 QUESTIONS
        2. 4.2 AND 4.3 ANSWERS
    4. Objective 4.4 Given a scenario, analyze a basic script
      1. Scripts
      2. Variables
      3. String Operations
      4. Comparison Operators
      5. Flow Control
      6. Input and Output (I/O)
        1. Terminal I/O
        2. File I/O
        3. Network I/O
      7. Arrays
      8. Error Handling
      9. Encoding/Decoding
      10. REVIEW
        1. 4.4 QUESTIONS
        2. 4.4 ANSWERS
  13. 5.0 Reporting and Communication
    1. Objective 5.1 Given a scenario, use report writing and handling best practices
      1. Normalization of Data
      2. Written Report of Findings and Remediation
        1. Executive Summary
        2. Methodology
        3. Metrics and Measures
        4. Findings and Remediation
        5. Conclusion
      3. Risk Appetite
      4. Secure Handling and Disposition of Reports
      5. REVIEW
        1. 5.1 QUESTIONS
        2. 5.1 ANSWERS
    2. Objective 5.2 Explain post-report delivery activities
      1. Post-Engagement Cleanup
      2. Client Acceptance and Attestation of Findings
      3. Follow-up Actions/Retest
      4. Lessons Learned
      5. REVIEW
        1. 5.2 QUESTIONS
        2. 5.2 ANSWERS
    3. Objective 5.3 Given a scenario, recommend mitigation strategies for discovered vulnerabilities
      1. Solutions
      2. Findings and Remediation
        1. Shared Local Administrator Credentials
        2. Weak Password Complexity
        3. Plaintext Passwords
        4. No Multifactor Authentication
        5. SQL Injection
        6. Unnecessary Open Services
      3. REVIEW
        1. 5.3 QUESTIONS
        2. 5.3 ANSWERS
    4. Objective 5.4 Explain the importance of communication during the penetration testing process
      1. Communication Path
      2. Communication Triggers
        1. Critical Findings
        2. Stages
        3. Indicators of Prior Compromise
      3. Reasons for Communication
        1. Situational Awareness
        2. De-escalation
        3. Deconfliction
      4. Goal Reprioritization
      5. REVIEW
        1. 5.4 QUESTIONS
        2. 5.4 ANSWERS
  14. A About the Online Content
    1. System Requirements
    2. Your Total Seminars Training Hub Account
      1. Privacy Notice
    3. Single User License Terms and Conditions
    4. TotalTester Online
    5. Performance-Based Questions
    6. Technical Support
  15. Glossary
  16. Index

Product information

  • Title: CompTIA PenTest+ Certification Passport (Exam PT0-001)
  • Author(s): Heather Linn
  • Release date: February 2020
  • Publisher(s): McGraw-Hill
  • ISBN: 9781260460056