book

CompTIA PenTest+ Study Guide, 2nd Edition

by Mike Chapple, David Seidl

November 2021

Intermediate to advanced

576 pages

15h 11m

English

Sybex

Read now

Unlock full access

CompTIAThe PenTest+ ExamWhat Does This Book Cover?CompTIA PenTest+ Certification Exam ObjectivesAssessment TestAnswers to Assessment Test
What Is Penetration Testing?Reasons for Penetration TestingWho Performs Penetration Tests?The CompTIA Penetration Testing ProcessThe Cyber Kill ChainTools of the TradeSummaryExam EssentialsLab ExercisesReview Questions
Scoping and Planning EngagementsPenetration Testing Standards and MethodologiesKey Legal Concepts for Penetration TestsRegulatory Compliance ConsiderationsSummaryExam EssentialsLab ExercisesReview Questions

Footprinting and EnumerationActive Reconnaissance and EnumerationInformation Gathering and DefensesSummaryExam EssentialsLab ExercisesReview Questions
Identifying Vulnerability Management RequirementsConfiguring and Executing Vulnerability ScansSoftware Security TestingDeveloping a Remediation WorkflowOvercoming Barriers to Vulnerability ScanningSummaryExam EssentialsLab ExercisesReview Questions
Reviewing and Interpreting Scan ReportsValidating Scan ResultsCommon VulnerabilitiesSummaryExam EssentialsLab ExercisesReview Questions
Exploits and AttacksExploitation ToolkitsExploit SpecificsLeveraging ExploitsPersistence and EvasionPivotingCovering Your TracksSummaryExam EssentialsLab ExercisesReview Questions
Identifying ExploitsConducting Network ExploitsExploiting Windows ServicesIdentifying and Exploiting Common ServicesWireless ExploitsSummaryExam EssentialsLab ExercisesReview Questions
Physical Facility Penetration TestingSocial EngineeringSummaryExam EssentialsLab ExercisesReview Questions
Exploiting Injection VulnerabilitiesExploiting Authentication VulnerabilitiesExploiting Authorization VulnerabilitiesExploiting Web Application VulnerabilitiesUnsecure Coding PracticesSteganographyApplication Testing ToolsSummaryExam EssentialsLab ExercisesReview Questions
Attacking HostsCredential Attacks and Testing ToolsRemote AccessAttacking Virtual Machines and ContainersAttacking Cloud TechnologiesAttacking Mobile DevicesAttacking IoT, ICS, Embedded Systems, and SCADA DevicesAttacking Data StorageSummaryExam EssentialsLab ExercisesReview Questions
The Importance of CommunicationRecommending Mitigation StrategiesWriting a Penetration Testing ReportWrapping Up the EngagementSummaryExam EssentialsLab ExercisesReview Questions
Scripting and Penetration TestingVariables, Arrays, and SubstitutionsComparison OperationsString OperationsFlow ControlInput and Output (I/O)Error HandlingAdvanced Data StructuresReusing CodeThe Role of Coding in Penetration TestingSummaryExam EssentialsLab ExercisesReview Questions
Solution to Activity 5.2: Analyzing a CVSS Vector

Content preview from CompTIA PenTest+ Study Guide, 2nd Edition

Appendix AAnswers to Review Questions

Chapter 1: Penetration Testing

D. Tom's attack achieved the goal of denial by shutting down the web server and preventing legitimate users from accessing it.
B. By allowing students to change their own grades, this vulnerability provides a pathway to unauthorized alteration of information. Brian should recommend that the school deploy integrity controls that prevent unauthorized modifications.
A. Snowden released sensitive information to individuals and groups who were not authorized to access that information. That is an example of a disclosure attack.
C. PCI DSS requires that organizations conduct both internal and external penetration tests on at least an annual basis. Organizations must ...