Cover Image

CompTIA PenTest+ certification passport (exam PT0-001) / Heather Linn.

This effective self-study guide serves as an accelerated review of all exam objectives for the CompTIA PenTest+ certification exam This concise, quick-review test preparation guide offers 100% coverage of all exam objectives for the new CompTIA PenTest+ exam. Designed as an accelerated review of all...

Full description

Saved in:
Bibliographic Details
Online Access: Full Text (via Skillsoft)
Main Author: Linn, Heather (Author)
Format: Electronic eBook
Language:English
Published: New York [NY] : McGraw-Hill Education, [2020]
Subjects:
Penetration testing (Computer security) > Examinations > Study guides.
Computer networks > Security measures > Examinations > Study guides.
Telecommunications engineers > Certification > Examinations > Study guides.
Computer networks > Security measures > Examinations
Telecommunications engineers > Certification > Examinations
Study guides
Table of Contents:
  • Cover
  • Title Page
  • Copyright Page
  • Dedication
  • Contents at a Glance
  • Contents
  • Acknowledgments
  • Introduction
  • 1.0 Planning and Scoping
  • Objective 1.1 Explain the importance of planning for an engagement
  • Understanding the Target Audience
  • Rules of Engagement
  • Communication
  • Resources and Requirements
  • Confidentiality of Findings
  • Known vs. Unknown
  • Budget
  • Impact Analysis and Remediation Timelines
  • Disclaimers
  • Technical Constraints
  • Support Resources
  • REVIEW
  • 1.1 QUESTIONS
  • 1.1 ANSWERS
  • Objective 1.2 Explain key legal concepts
  • Contracts
  • Environmental Differences
  • Written Authorization
  • REVIEW
  • 1.2 QUESTIONS
  • 1.2 ANSWERS
  • Objective 1.3 Explain the importance of scoping an engagement properly
  • Types of Penetration Testing
  • Goals-Based/Objectives-Based Penetration Testing
  • Compliance-Based Penetration Testing
  • Red Team Testing
  • Special Scoping Considerations
  • Target Selection
  • Targets
  • Testing Considerations
  • Strategy
  • Risk Acceptance
  • Tolerance to Impact
  • Scheduling
  • Scope Creep
  • Threat Actors
  • Threat Models
  • REVIEW
  • 1.3 QUESTIONS
  • 1.3 ANSWERS
  • Objective 1.4 Explain the key aspects of compliance-based assessments
  • Compliance-Based Assessments, Limitations, and Caveats
  • Rules to Complete Assessment
  • Password Policies and Key Management
  • Data Isolation
  • Limitations
  • Clearly Defined Objectives Based on Regulations
  • REVIEW
  • 1.4 QUESTIONS
  • 1.4 ANSWERS
  • 2.0 Information Gathering and Vulnerability Identification
  • Objective 2.1 Given a scenario, conduct information gathering using appropriate techniques
  • Scanning
  • Enumeration
  • Hosts
  • Networks
  • Domains
  • Users and Groups
  • Network Shares
  • Web Pages
  • Services and Applications
  • Token Enumeration
  • Social Network Enumeration
  • Fingerprinting
  • Packet Crafting
  • Packet Inspection
  • Cryptography
  • Certificate Inspection
  • Eavesdropping
  • RF Communication Monitoring
  • Sniffing
  • Decompilation
  • Debugging
  • Open-Source Intelligence Gathering
  • REVIEW
  • 2.1 QUESTIONS
  • 2.1 ANSWERS
  • Objective 2.2 Given a scenario, perform a vulnerability scan
  • Credentialed vs. Noncredentialed
  • Credentialed Scans
  • Noncredentialed scans
  • Types of Scans
  • Container Security
  • Application Scanning
  • DAST
  • SAST
  • Considerations of Vulnerability Scanning
  • Time to Run Scans
  • Protocols Used
  • Network Topology and Bandwidth Limitations
  • Fragile Systems/Nontraditional Assets
  • REVIEW
  • 2.2 QUESTIONS
  • 2.2 ANSWERS
  • Objective 2.3 Given a scenario, analyze vulnerability scan results
  • Asset Categorization
  • Adjudication
  • Prioritization of Vulnerabilities
  • Common Themes
  • REVIEW
  • 2.3 QUESTIONS
  • 2.3 ANSWERS
  • Objective 2.4 Explain the process of leveraging information to prepare for exploitation
  • Map Vulnerabilities to Potential Exploits

Similar Items