logo

CompTIA Course

course overview

Click to View dates & book now

Overview

As organisations scramble to protect themselves and their customers against privacy or security breaches, the ability to conduct penetration testing is an emerging skill set that is becoming ever more valuable to the organisations seeking protection, and ever more lucrative for those who possess these skills. In this course, you will be introduced to general concepts and methodologies related to pen testing, and you will work your way through a simulated pen test for a fictitious company.

The CompTIA PenTest+ certification requires a candidate to demonstrate the hands-on ability and knowledge to test devices in new environments such as the cloud and mobile, in addition to traditional desktops and servers. 

CompTIA PenTest+ joins CompTIA Cybersecurity Analyst (CySA+) at the intermediate-skills level of the cybersecurity career pathway as shown below. Depending on your course of study, PenTest+ and CySA+ can be taken in any order but typically follows the skills learned in Security+. While CySA+ focuses on defense through incident detection and response, PenTest+ focuses on offense through penetration testing and vulnerability assessment.

Although the two exams teach opposing skills, they are dependent on one another. The most qualified cybersecurity professionals have both offensive and defensive skills. Earn the PenTest+ certification to grow your career within the CompTIA recommended cybersecurity career pathway. 

 

Audience

Cybersecurity professionals involved in hands-on penetration testing to identify, exploit, report, and manage vulnerabilities on a network.

Skills Gained

After completing this course you should be able to:

  • Explain the importance of planning and key aspects of compliance-based assessments.
  • Conduct information gathering exercises with various tools and analyse output and basic scripts (limited to: Bash, Python, Ruby, PowerShell).
  • Gather information to prepare for exploitation then perform a vulnerability scan and analyse results.
  • Utilise report writing and handling best practices explaining recommended mitigation strategies for discovered vulnerabilities.
  • Exploit network, wireless, application, and RF-based vulnerabilities, summarize physical security attacks, and perform post-exploitation techniques.

Prerequisites

Attendees should meet the following prerequisites:

  • Intermediate knowledge of information security concepts, including but not limited to identity and access management (IAM), cryptographic concepts and implementations, computer networking concepts and implementations, and common security technologies.
  • Practical experience in securing various computing environments, including small to medium businesses, as well as enterprise environments.
  • CompTIA Network + or CompTIA Security + or equivalent knowledge
  • Hands-on information security experience

Outline

Planning and Scoping Penetration Tests

  • Introduction to Penetration Testing Concepts
  • Plan a Pen Test Engagement
  • Scope and Negotiate a Pen Test Engagement
  • Prepare for a Pen Test Engagement

Conducting Passive Reconnaissance

  • Gather Background Information
  • Prepare Background Findings for Next Steps

Performing Non-Technical Tests

  • Perform Social Engineering Tests
  • Perform Physical Security Tests on Facilities

Conducting Active Reconnaissance

  • Scan Networks
  • Enumerate Targets
  • Scan for Vulnerabilities
  • Analyze Basic Scripts

Analyzing Vulnerabilities

  • Analyze Vulnerability Scan Results
  • Leverage Information to Prepare for Exploitation

Penetrating Networks

  • Exploit Network-Based Vulnerabilities
  • Exploit Wireless and RF-Based Vulnerabilities
  • Exploit Specialized Systems

Exploiting Host-Based Vulnerabilities

  • Exploit Windows-Based Vulnerabilities
  • Exploit *Nix-Based Vulnerabilities

Testing Applications

  • Exploit Web Application Vulnerabilities
  • Test Source Code and Compiled Apps

Completing Post-Exploit Tasks

  • Use Lateral Movement Techniques
  • Use Persistence Techniques
  • Use Anti-Forensics Techniques

Analyzing and Reporting Pen Test Results

  • Analyze Pen Test Data
  • Develop Recommendations for Mitigation Strategies
  • Write and Handle Reports
  • Conduct Post-Report-Delivery Activities

Appendix A: Mapping Course Content to CompTIA PenTest+ (Exam PT0-001) Solutions Glossary Index

Talk to an expert

Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. Its a cost effective option. One on one training can be delivered too, at reasonable rates.

Submit an enquiry from any page on this site and let us know you are interested in the requirements box, or simply mention it when we contact you.

All $ prices are in USD unless it’s a NZ or AU date

SPVC = Self Paced Virtual Class

LVC = Live Virtual Class

Please Note: All courses are availaible as Live Virtual Classes

Trusted by over 1/2 million students in 15 countries

Our clients have included prestigious national organisations such as Oxford University Press, multi-national private corporations such as JP Morgan and HSBC, as well as public sector institutions such as the Department of Defence and the Department of Health.