CompTIA PenTest+
The CompTIA PenTest+ is for cybersecurity professionals tasked with penetration testing and vulnerability management. It validates your skills in penetration testing and vulnerability management. This unique certification exam includes both hands-on, performance-based questions and multiple-choice questions to demonstrate your ability to perform tasks on systems. With management skills for planning, scoping, and managing weaknesses, PenTest+ is a comprehensive certification that covers testing in new environments such as the cloud and mobile devices.
Exam
Certification by
per person
Level
Duration
Training Delivery Format
Face-to-face / Virtual Class
Associated Certification
per person
Level
Duration
Training Delivery Format
Face-to-face (F2F) / Virtual Class
Associated Certification
Class types
Public Class
Private Class
In-House Training
Bespoke
About this course
CompTIA PenTest+ is the only penetration testing exam both hands-on, performance-based questions, and multiple-choice, to ensure each candidate possesses the skills, knowledge, and ability to perform tasks on systems. PenTest+ exam also includes management skills used to plan, scope, and manage weaknesses, not just exploit them.
PenTest+ is unique because our certification requires a candidate to demonstrate the hands-on ability and knowledge to test devices in new environments such as the cloud and mobile, in addition to traditional desktops and servers.
Who should attend?
This course caters to IT professionals seeking to enhance their penetration testing abilities, allowing them to identify vulnerabilities within information systems and acquire effective techniques for mitigating those vulnerabilities. It is specifically tailored for students who not only aim to identify weaknesses but also require the knowledge and skills to provide actionable recommendations for safeguarding information systems and their contents. By enrolling in this course, these students will acquire the necessary skills to fulfill these objectives.
Learning Outcome
In this course, you will learn:
Planning and Scoping: Includes updated techniques emphasizing governance, risk and compliance concepts, scoping and organizational/customer requirements, and demonstrating an ethical hacking mindset
Information Gathering and Vulnerability Scanning: Includes updated skills on performing vulnerability scanning and passive/active reconnaissance, vulnerability management, as well as analyzing the results of the reconnaissance exercise
Attacks and Exploits: Includes updated approaches to expanded attack surfaces, researching social engineering techniques, performing network attacks, wireless attacks, application-based attacks, and attacks on cloud technologies, and performing post-exploitation techniques
Reporting and Communication: Expanded to focus on the importance of reporting and communication in an increased regulatory environment during the pen testing process by analyzing findings and recommending appropriate remediation within a report
Tools and Code Analysis: Includes updated concepts of identifying scripts in various software deployments, analyzing a script or code sample, and explaining use cases of various tools used during the phases of a penetration test–scripting or coding is not required
Prerequisites
In order to maximize your chances of success in this course, it is recommended that you possess the following:
- A solid grasp of intermediate-level information security concepts, which encompasses a range of topics such as identity and access management (IAM), cryptographic principles and implementations, computer networking concepts, and implementations, as well as familiarity with common security technologies.
- Hands-on experience in securing diverse computing environments, including those found in small to medium-sized businesses as well as enterprise-level settings.
You can attain the requisite level of skills and knowledge by completing the CompTIA Security+ (Exam SY0-501) course or by obtaining an industry certification that aligns with the course requirements.
Course Content
Module 1: Scoping Organizational/Customer Requirements
- Video: Job Roles Using PenTest+
- Review Activity: Organizational PenTesting
- Review Activity: Compliance Requirements
- Review Activity: Standards and Methodologies
- Review Activity: Professionalism
- Module 1: Practice Question
Module 2: Defining the Rules of Engagement
- Review Activity: Environmental Considerations
- Review Activity: The Rules of Engagement
- Review Activity: Legal Documents
- Module 2: Practice Questions
Module 3: Footprinting and Gathering Intelligence
- Video: Performing Passive
- Review Activity: The Target
- Review Activity: Essential Data
- Video: Performing Passive Reconnaissance
- Review Activity: Website Information
- Review Activity: Open-Source Intelligence Tools
- Module 3: Practice Questions
Module 4: Evaluating Human and Physical Vulnerabilities
- Review Activity: The Human Psyche
- Review Activity: Physical Attacks
- Review Activity: Tools to Launch a Social Engineering Attack
- Module 4: Practice Question
Module 5: Preparing the Vulnerability Scan
- Video: Performing Vulnerability Scanning
- Review Activity: The Vulnerability Scan
- Review Activity: Defenses
- Review Activity: Scanning Tools
- Module 5: Practice Questions
Module 6: Scanning Logical Vulnerabilities
- Review Activity: Identified Targets
- Review Activity: Network Traffic
- Review Activity: Wireless Assets
- Module 6: Practice Questions
Module 7: Analyzing Scanning Results
- Review Activity: Nmap and NSE
- Review Activity: Network Hosts
- Review Activity: Output from Scans
- Module 7: Practice Questions
Module 8: Avoiding Detection and Covering Tracks
- Review Activity: Detection
- Review Activity: Steganography to Hide and Conceal
- Review Activity: A Covert Channel
- Module 8: Practice Questions
Module 9: Exploiting the LAN and Cloud
- Review Activity: The LAN and Cloud
- Video: Researching Attack Vectors and Performing Network Attacks
- Review Activity: LAN Protocols
- Review Activity: Exploit Tools
- Review Activity: Cloud Vulnerabilities
- Review Activity: Cloud-Based Attack
- Module 9: Practice Question
Module 10: Testing Wireless Networks
- Video: Researching Attack Vectors and Performing Wireless Attacks
- Review Activity: Wireless Attacks
- Review Activity: Wireless Tools
- Module 10: Practice Questions
Module 11: Targeting Mobile Devices
- Review Activity: Mobile Device Vulnerabilities
- Review Activity: Attacks on Mobile Devices
- Review Activity: Assessment Tools for Mobile Devices
- Module 11: Practice Question
Module 12: Attacking Specialized Systems
- Review Activity: Attacks on the IoT
- Review Activity: Other Vulnerable Systems
- Review Activity: Virtual Machine Vulnerabilities
- Module 12: Practice Questions
Module 13: Web Application-Based Attacks
- Review Activity: Web Vulnerabilities
- Video: Researching Attack Vectors and Performing Application-Based Attacks
- Review Activity: Session Attacks
- Review Activity: Injection Attacks
- Video: Performing a Social Engineering Attack
- Review Activity: Tools
- Module 13: Practice Questions
Module 14: Performing System Hacking
- Review Activity: System Hacking
- Review Activity: Remote Access Tools
- Video: Researching Attack Vectors and Performing Attacks on Cloud Technologies
- Review Activity: Exploit Code
- Module 14: Practice Questions
Module 15: Scripting and Software Development
- Video: Analyzing a Script or Code Sample
- Review Activity: Scripts and Code Samples
- Review Activity: Logic Constructs
- Review Activity: Penetration Testing
- Module 15: Practice Questions
Module 16: Leveraging the Attack: Pivot and Penetrate
- Review Activity: Credentials
- Review Activity: The System
- Review Activity: Persistence
- Module 16: Practice Questions
Module 17: Communicating During the PenTesting Process
- Review Activity: The Communication Path
- Review Activity: Communication Triggers
- Review Activity: Built-In Tools for Reporting
- Module 17: Practice Questions
Module 18: Summarizing Report Components
- Review Activity: Report Audience
- Review Activity: Report Contents
- Review Activity: Best Practices for Reports
- Module 18: Practice Questions
Module 19: Recommending Remediation
- Review Activity: Technical Controls
- Video: Analyzing the Finding and Recommending the Appropriate Remediation
- Review Activity: Administrative and Operational Controls
- Review Activity: Physical Controls
- Module 19: Practice Questions
Module 20: Performing Post-Report Delivery Activities
- Review Activity: Post-Engagement Cleanup
- Review Activity: Follow-Up Actions
- Module 20: Practice Questions
Certification
CompTIA PenTest+
Take your penetration testing knowledge to the next level
CompTIA PenTest+ is the most comprehensive exam covering all penetration testing stages.
Demonstrate Competency of Current Trends
Unlike other penetration testing exams that only cover a portion of stages with essay questions and hands-on, CompTIA PenTest+ uses both performance-based and knowledge-based questions to ensure all stages are addressed.
Become an Expert in Vulnerability Management
CompTIA PenTest+ is the only exam on the market covering hands-on vulnerability assessment, scanning, and analysis, as well as planning, scoping, and managing weaknesses.
Prove You Know the Latest Techniques
CompTIA PenTest+ requires a candidate to demonstrate the most relevant pen testing skills for the cloud, hybrid environments, web applications, Internet of Things (IoT) and traditional on-premises.
Exam Details
| Exam Code | PT0-002 |
| Launch Date | October 28, 2021 |
| Exam Description | The CompTIA PenTest+ will certify the successful candidate has the knowledge and skills required to plan and scope a penetration testing engagement including vulnerability scanning, understand legal and compliance requirements, analyze results, and produce a written report with remediation techniques. |
| Number of Questions | Maximum of 85 questions |
| Type of Questions | Performance-based and multiple choice |
| Length of Test | 165 minutes |
| Passing Score | 750 (on a scale of 100-900) |
| Recommended Experience | Network+, Security+ or equivalent knowledge. Minimum of 3-4 years of hands-on information security or related experience. While there is no required prerequisite, PenTest+ is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus. |
| Languages | English, Japanese to follow |
| Retirement | Usually three years after launch |
FAQs
How can I prepare for the exam?
You can join our face-to-face public or virtual or Bespoke class. Just choose the right class type for your learning needs and goal.
As an alternative, you can join the training offered by CompTIA. They have a wealth of certification training that is designed to help you to succeed in the exam.
How can I keep my CompTIA PenTest+ certification up to date?
Keep your certification up to date with CompTIA’s Continuing Education (CE) program. It’s designed to be a continued validation of your expertise and a tool to expand your skillset. It’s also the ace up your sleeve when you’re ready to take the next step in your career. Learn more.
What jobs you can land with CompTIA PenTest+
- Security Consultant
- Cloud Penetration Tester
- Web App Penetration Tester
- Cloud Security Specialist
- Network Security Specialist
- Network Security Operations
- Threat Intelligence Analyst
- Vulnerability Analyst
- Penetration Tester
Is this an HRDC claimable course?
Yes, this is an HRDC claimable course
At this time, this course is available for private class and in-house training only. Please contact us for any inquiries.