This comprehensive CompTIA PenTest+ eLearning course prepares you for the PenTest+ exam. PenTest+ is unique because the certification requires a candidate to demonstrate the hands-on ability and knowledge to test devices in new environments such as the cloud and mobile, in addition to traditional desktops and servers. The CompTIA PenTest+ course will ensure the successful candidate has the knowledge and skills required to:
- Plan and scope an assessment.
- Understand legal and compliance requirements.
- Perform vulnerability scanning and penetration testing using appropriate tools and techniques
- Analyze the results.
This CompTIA PenTest+ Course includes the following features:
- Instructor-led demonstrations and visual presentations to develop your skills based on real-world scenarios.
- Unlike a live class, you can fast-forward, repeat or rewind all your lectures. This gives you all the benefit of hands-on training with the flexibility of doing it around your schedule 24/7.
- FlashCards and Education Games are also provided throughout the course.
- Practice exams prepare you for your exams. These exams are on average 100 questions to ensure you are 100% prepared if you are taking a certification exam.
- You can also interact and collaborate with other students through our forums, student contributions and announcement features.
Who should complete this CompTIA PenTest+ Course?
- IT Managers, IT Security personnel, Programmers and Developers, IT Security Managers.
- People considering a career in IT Security Management.
Entry Requirements / Prerequisites
None. It is however recommended that students have Network+, Security+ or equivalent knowledge. Minimum of 3-4 years of hands-on information security or related experience. While there is no required prerequisite, PenTest+ is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus.
Topics covered in this CompTIA PenTest+ Course
Module 1: Understanding the target audience
Rules of engagement
Communication escalation path
Resources and requirements
Impact analysis and remediation timelines
Tolerance to impact
Compliance-based assessments, limitations and caveats
Clearly defined objectives based on regulations
Module 2: Information Gathering and Vulnerability Identification
Open Source Intelligence Gathering
Credentialed vs. non-credentialed
Types of scans
Considerations of vulnerability scanning
Prioritization of vulnerabilities
Map vulnerabilities to potential exploits
Prioritize activities in preparation for penetration test
Describe common techniques to complete attack
Module 3: Attacks and Exploits
Phishing: Spear phishing, SMS phishing, Voice phishing, Whaling
USB key drop
Motivation techniques: Authority, Scarcity, Social proof, Urgency, Likeness, Fear
Name resolution exploits
DNS cache poisoning
Pass the hash
WPS implementation weakness
Authentication: Credential brute-forcing, Session hijacking, Redirect, Default credentials, Weak credentials, Kerberos exploits
Cross-site scripting (XSS)
Cross-site request forgery (CSRF/XSRF)
Unsecure code practices: Comments in source code, Lack of error handling, Overly verbose error handling, Hard-coded credentials, Race conditions, Unauthorized use of functions/unprotected APIs, Hidden elements, Lack of code signing
Unsecure service and protocol configurations
Default account settings
Physical device security
New user creation
Covering your tracks
Module 4: Penetration Testing Tools
SYN scan (-sS) vs. full connect scan (-sT)
Port selection (-p)
Service identification (-sV)
OS fingerprinting (-O)
Disabling ping (-Pn)
Target input file (-iL)
Output parameters: oA, oN, oG, oX
Module 5: Reporting and Communication
Once you successfully pass the programme, you will receive a Diploma in IT Penetration Testing and Vulnerability Management from CMIT.
Broadband internet connection of at least 10Mbps.
Browser – we recommend Chrome or Safari for Tablet or Apple Mac; and Firefox or Internet Explorer for PC hardware.
Operating System – PC (Windows 7 or later), Mac or Android.
You may optionally take exams to receive CompTIA certification.