Logo
Get Protected

CompTIA PenTest+

Uncategorized
Wishlist Share
Share Course
Page Link
Share On Social Media

About Course

The CompTIA® PenTest+® certification course at Zom In Cyber College provides students with accessible explanations, practical labs, and real-world penetration testing scenarios. This course covers the official Exam PT0-002 objectives and helps learners build the skills necessary to identify vulnerabilities, assess security posture, and perform authorized penetration tests.

Students will:

  • Understand penetration testing methodology and lifecycle.

  • Gain hands-on experience with essential tools, exploits, and reporting techniques.

  • Learn to approach new tools and technologies by applying existing knowledge.

  • Prepare for the CompTIA PenTest+ certification exam with confidence.

This course is ideal for security practitioners with intermediate-level skills who already possess foundational certifications such as Network+ and Security+, or equivalent experience.

Show More

Course Content

Penetration Testing

  • 1.1 What Is Penetration Testing?
  • 1.2 Reasons for Penetration Testing
  • 1.3 Who Performs Penetration Tests?
  • 1.4 The CompTIA Penetration Testing Process
  • 1.5 The Cyber Kill Chain
  • 1.6 Tools of the Trade
  • 1.7 Summary
  • Glossary

Planning and Scoping Penetration Tests
The Planning and Scoping domain of the CompTIA PenTest+ certification exam objectives deals with preparing for, planning, and scoping a penetration test. In this lesson you will explore regulatory and compliance considerations, restrictions related to locations, legal agreements and contracts, and the importance of permission. You will also learn about some of the most common standards and methodologies, rules of engagement and considerations about the environment you will operate in, and how to validate your target list and the scope of the engagement. Real World Scenario Navigating Compliance Requirements Joanna's organization processes credit cards at multiple retail locations spread throughout a multistate area. As the security analyst for her organization, Joanna is responsible for conducting a regular assessment of the card processing environment. Joanna's organization processes just over 500,000 transactions a year. Because the organization processes transactions, it must adhere to the Payment Card Industry Data Security Standard (PCI DSS) requirements. It also exclusively uses hardware payment terminals that are part of a PCI SSC (Security Standards Council) listed point‐to‐point encryption (P2PE) solution without cardholder data storage. That means that her organization must provide an annual Self‐Assessment Questionnaire (SAQ), have a quarterly network scan run by an Approved Service Vendor (ASV), and fill out an Attestation of Compliance form. The attestation includes a requirement that the Report on Compliance be done based on the PCI DSS Requirements and Security Assessment Procedures that currently cover her company. As a penetration tester, you need to be able to determine what requirements you may have to meet for a compliance‐based assessment. Using the information given here, can you figure out what Joanna's assessment process will require? You can start here: www.pcisecuritystandards.org A few questions to get you started: What type of penetration test would you recommend to Joanna? Would a known environment or an unknown environment assessment be the most appropriate and why? How would you describe the scope of the assessment? What rules of engagement should you specify for the production card processing systems Joanna needs to have tested? What merchant level does Joanna's organization fall into? What Self‐Assessment Questionnaire (SAQ) level is Joanna's company most likely covered by, and why? What questions in the SAQ are likely to be answered NA based on the solution described? Is Joanna's team required to perform vulnerability scans of card processing systems in her environment?

Information Gathering
The Information Gathering and Vulnerability Scanning domain of the CompTIA PenTest+ certification exam objectives covers information gathering and vulnerability scanning as well as how to analyze and utilize vulnerability scanning information. In this lesson, you will explore how to gather information about an organization using passive open source intelligence (OSINT) as well as active enumeration and scanning methods. We will also take a look at other important techniques, including defense detection, packet crafting, capture, and inspection for information gathering, in addition to the role of code analysis for intelligence gathering and related techniques.

Vulnerability Scanning
Cybersecurity teams have a wide variety of tools at their disposal to identify vulnerabilities in operating systems, platforms, and applications. Automated vulnerability scanners are capable of rapidly scanning systems and entire networks in an effort to seek out and detect previously unidentified vulnerabilities using a series of tests. Vulnerability management programs seek to identify, prioritize, and remediate these vulnerabilities before an attacker exploits them to undermine the confidentiality, integrity, or availability of enterprise information assets. Effective vulnerability management programs use an organized approach to scanning enterprise assets for vulnerabilities, using a defined workflow to remediate those vulnerabilities and performing continuous assessment to provide technologists and managers with insight into the current state of enterprise cybersecurity. Penetration testers (and hackers!) leverage these same tools to develop a sense of an organization's security posture and identify potential targets for more in‐depth probing and exploitation.

Analyzing Vulnerability Scans
Penetration testers spend a significant amount of time analyzing and interpreting the reports generated by vulnerability scanners, in search of vulnerabilities that may be exploited to gain a foothold on a target system. Although scanners are extremely effective at automating the manual work of vulnerability identification, the results that they generate require interpretation by a trained analyst. In this lesson, you will learn how penetration testers apply their knowledge and experience to the review of vulnerability scan reports.

Exploiting and Pivoting
Compromising systems and devices and then using the foothold you have gained to make further progress into your target's network is part of the core work that you perform as a penetration tester. In this lesson we will continue the scenario you started in Lesson 4, “Vulnerability Scanning,” and Lesson 5, “Analyzing Vulnerability Scans.” In part 1 of the scenario, you will learn how to exploit the vulnerabilities we found and assessed in Lesson 5 using Metasploit as well as password attacks and other techniques. You will then learn how to escalate privileges, once you have gained access to a system; search out more information; and take steps to ensure that you retain access and that you have concealed the evidence of your successful attack. We will explore the techniques that you can use to pivot—finding new targets from the perspective of the system you have gained access to. Using this new view, you will test trust boundaries and security zones while planning the next step in your attack process. Finally, in part 2 of the scenario, you will use techniques that maintain a persistent foothold on the system and help you hide the evidence of the compromise.

Student Ratings & Reviews

No Review Yet
No Review Yet