back

CompTIA PenTest+ (PT0-001)

Penetration testing and vulnerability management34 H 44 M

Official CompTIA online IT training. This course goes over exam objectives, pen testing tools, and reporting for CompTIA's PenTest+ certification exam.

ITProTV partner logo
Episodes
Episodes
  • Planning and Scoping
    • Overview
    • Planning an Engagement
    • Planning on Engagement Part 2
    • Planning an Engagement Part 3
    • Planning an Engagement Part 4
    • Legal Concepts
    • Scoping an Engagement
    • Scoping an Engagement Part 2
    • Compliance-Based Assessments
  • Information Gathering and Vulnerability Identification
    • Pentesting Tools: Use Cases
    • Pentesting Tools: Use Cases Part 2
    • Pentesting Tools: Scanners
    • Pentesting Tools: Credential Testing
    • Pentesting Tools: Credential Testing Part 2
    • Pentesting Tools: Web Directory Enum
    • Pentesting Tools: Debuggers
    • Pentesting Tools: OSINT
    • Pentesting Tools: Wireless
    • Pentesting Tools: Web Proxies
    • Pentesting Tools: Social Engineering
    • Pentesting Tools: Remote Access
    • Pentesting Tools: Networking
    • Pentesting Tools: Misc
    • Pentesting Tools: Mobile
    • Nmap
    • Common Pentest Objectives
    • Analyze Scripts: Bash
    • Analyze Scripts: Bash Part 2
    • Analyze Scripts: Bash Part 3
    • Analyze Scripts: Python
    • Analyze Scripts: Python Part 2
    • Analyze Scripts: Python Part 3
    • Analyze Scripts: Ruby
    • Analyze Scripts: Ruby Part 2
    • Analyze Scripts: PowerShell
    • Analyze Scripts: Powershell Part 2
  • Attacks and Exploits
    • Info Gathering Techniques
    • Info Gathering Techniques Part 2
    • Info Gathering Techniques Part 3
    • Info Gathering Techniques Part 4
    • Perform Vulnerability Scans
    • Perform Vulnerability Scans Part 2
    • Perform Vulnerability Scans Part 3
    • Perform Vulnerability Scans Part 4
    • Vulnerability Scan Results
    • Exploration Preparation
    • Exploration Preparation Part 2
    • Weaknesses in Specialized Systems
    • Weaknesses in Specialized Systems Part 2
  • Penetration Testing Tools
    • Social Engineering
    • Social Engineering Part 2
    • Network Vulnerability: Name Resolution
    • Network Vulnerability: SNMP, SMTP and FTP
    • Network Vulnerability: Pass-the-Hash
    • Network Vulnerabilities: MITM
    • Network Vulnerability Denial of Service
    • Network Vulnerabilities: NAC Bypass, VLAN Hopping
    • App Vulnerabilities Injection Attacks
    • App Vulnerabilities Injection Attacks Part 2
    • App Vulnerabilities: Injection Attacks Part 3
    • App Vulnerabilities: File Inclusions
    • App Vulnerabilities: File Inclusions Part 2
    • App Vulnerabilities: XSS, CSRF, Clickjacking
    • App Vulnerabilities: XSS, CSRF, Clickjacking Pt2
    • App Vulnerabilities: Authentication, Authorization
    • App Vulnerabilities: Insecure Coding
    • App Vulnerabilities: Insecure Coding Part 2
    • Wireless and RF Vulnerabilities
    • Wireless and RF Vulnerabilities Part 2
    • Host-Based Vulnerabilities
    • Host Based Vulnerabilities Part 2
    • Host Based Vulnerabilites Part 3
    • Host-Based Vulnerabilities Part 4
    • Host-Based Vulnerabilities Part 5
    • Site Security
    • Site Security Part 2
    • Post-Exploitation
    • Post-Exploitation Part 2
  • Reporting and Communication
    • Reports
    • Post Report Activities
    • Vulnerability Mitigation Strategies
    • Communication Importance

Overview

9 M

  • Episode Description
  • Transcript

In this series, we will take you through the material necessary to prepare for the CompTIA Pentest+ exam. Here we'll show you important and practical topics such as pentest pre-planning methods, legal concepts, and proper scoping tactics.

[MUSIC] Hello and thank you for watching ITProTV. We're gonna be talking with Daniel Lowrie about the PenTest+ exam series. Daniel, how are you today, can you tell us what the course is about. >> Not a problem, Zach, glad to be here and yes, we can definitely dive into our upcoming PenTest+ series. It's gonna be a lot of fun. The Pentest Plus is an exam to try to measure the skills of security professionals and give them something tangible in which to prove they are that security professional. That's the whole purpose to this, when it comes to the Pentest+ certification from CompTIA. Great certification, I think you're really gonna enjoy the course if you are at all security minded. >> And Daniel, you just test them and who it's for but a little bit more involved. Who is the show targeted towards? >> Yeah, great question. I brought up the CompTIA website on my laptop here, we can take a look at some of the details that they give on the exam and they do actually touch on that very question. So here we go. It is for cybersecurity professionals tasked with penetration testing and vulnerability management. So a very defined set of skills with those two type of topics right there. It talks about why it's different and its availability, a little bit about the exam, assesses the most up-to-date penetration testing and vulnerability assessment. And management skills necessary to determine the resiliency of a network against attack. Okay, that's good. Successful candidates, that's what we're talking about, will have intermediate skills required to customize assessment frameworks to effectively collaborate on and report findings. So it's also big thing. Candidates will also have the best practices to communicate. Recommended strategies to improve the overall state of IT security. It does meet government's standards here ISO 17024 standard specifically. And if you come down here to the certification pathway, they kind of show you where this fits in CompTIA ecosystem as far as where you should be and what it's meant for along those lines. So CompTIA joins the level of intermediate there with the PenTest+ series, which is more of the defensive side of things whereas Pentest+ is more of the offensive side of things. We're actually gonna come in, and we're gonna learn how to break into things and have a lot of fun with the hacking skills, buff you up on that stuff so we can pass this exam. And that gives us that intermediary state of a skill level as far as CompTIA is concerned. >> Awesome, and Daniel, can we take a little closer look at what topics are covered? >> Yeah, sure they do have that here. As a matter of fact, if you look at that, what skills will you learn, great question, right? Planning and scoping. So explain the importance of planning and the key aspects of compliance-based assessments, a big deal nowadays. So having those skills [INAUDIBLE] gonna be very, very important. Information gathering and vulnerability identification. If you can't do the footwork on the front end, you're not gonna be able to have the fun on the back end and be able to gain an authorized access to your client's machines. So this is a really important phase and they really take their time and effort to walk you through. You'll love the tools and techniques and skills you're gonna need, so that you can perform these information gathering and vulnerability assessment identification areas, right? Attacks and exploits, that's where the real fun begins, all right? Where we're actually going to learn the tools and techniques that are used commonly to exploit and or attack a given vulnerable system and gain that unauthorized remote access. Also looking at penetration testing tools as a whole, there's a lot tools for us to reach out and use as a resource. Which ones are right for us? Which ones should we be using with this type of assessment? We're gonna go through a laundry list of different tools and show you where they apply, how they apply, what we can use them for, and a little bit of other functionality. As we move into more of the attack phase of things, we will see tools at a deeper level. Tools that are pertinent for the attack at large. So that we will get that deeper understanding. But we do need to have a good knowledge base of the different tools that are out there. So that we have a way to say okay, that's the tool I should be using for this specific engagement. And then of course, the last but not least, reporting and communication. Probably the most important function if you ask a [INAUDIBLE] of what's going on when you perform test is how well can you report and communicate with us as your clients? This is the deliverable at the end of your engagements. Something you give them tangibly either through electronic format, a printed format, or both. Probably also, a presentation is gonna go along with it. Got to learn how we do that. Was that look like? What goes into a report? How do we deliver that report? All those things and more are gonna be talked about and touched upon inside of this series. >> So we are actually excited about the PenTest+, what do we actually need to know about physically doing the exam. >> Yeah, great question because each test has its own idiosyncrasies, right? Like how many questions are on it? How long do I have? How much does it cost me? And so on and so forth. So let's move on down here where they talk about that. Exam details, so here is the exam code. Probably need that a little bit. It's a launch date, which was very recently, the exam description and here we go, we have a maximum number of 85 questions for this exam been they are performance based and multiple choice based. So you're gonna get the A, B, C, or D, sometimes you'll have the type of where you move the right answer into the right spot and you have to put them in order. Mix and match kind of things where you have problems and solutions on one side of the other. And you have to make them line up correctly. So you might see those types, those are performance-based types. May be look at a network diagram, how to answer questions based off of those. Those types of things, right? Then the length of test,165 minutes, CompTIA's always great by giving us enough time, not too much time but not too little either. Make sure that we have enough time to go through our answers thoroughly and pass our exam. A passing score is a 750 on a scale from 100 to 900. So you do have to have a pretty good score to get yourself that certification in hand. But I'm confident if you follow through here that that shouldn't be too difficult of a task for you. Do all your studying and be prepared and you'll get that passing score I'm sure. Recommended experience kind of goes back to who this goes to network plus security plus or equivalent knowledge. That's a minimum of three to four years of hands on information security or related experience. That is kind of an important thing to remind yourself of, right? So while there is no required prerequisite to take the PenTest+ exam, okay, that's good if I have just decided, you know what, I think I can do it. There's nothing stopping me from taking the exam. Hear an opportunity as they say, right? PenTest+ is intended to follow CompTIA Security+ or equivalent experience and has a technical hands-on focus. And the talk around the water cooler is that that hands on focus is a very important aspect of this. So make sure you follow along, you build labs. You do the things, use the tools. See if you can get it to work as we do, as we go throughout this series and do the stuff we're doing and that's gonna lend a lot of help for you if you don't already have that kind of expertise. All right, then the price, right, $349. That's gonna change and vary if you're in a different country. But for us here in the United States, it's gonna be 350 bones for us to hammer down. That's right within the wheel house of this type of exam. So it's not too expensive that the average person couldn't afford it, but it does take a bit of investment and into your time and yourself to make sure you pass it so you don't have to take it again, right? I think that's about it. Other than that, you'll just sign up with, I wanna say this is under Pearson. Do they tell us over here? You can also get practice exams and exam objectives, bill that out. If we hit Buy Exam, that should take us to getting the vouchers. They do have deluxe bundles, different options that they have for us. So pick the one you like, so if I wanted this one I could hit that and see where that takes us. Give me the product code, yes, yes, yes. I am in North America in the United States and I just have a shopping cart. Once I have filled that out if I have a coupon I can enter it here. I'm surprised it's not telling me who the vendor is but I think it's Pearson Vue or Prometric. I think it's Pearson Vue. But it's not telling me right here. So that's one thing I'll have to learn as well as I don't remember, I don't remember off the top of my head. But, if you buy it you'll have the voucher, and then you'll go to your favorite vendor that supports this test and you'll be off to the races. >> Thank you, Daniel. You've done a great job. And if PenTest+ sounds like something you would be interested in, and I think you should be interested in it. Make sure you watch every single episode inside the course library. And thank you for watching ITProTV, ITProTV is binge worthy. [MUSIC]

Just you? Training a whole team? There's an ITProTV plan that fits.

With more than 4,000 hours of engaging video training for IT professionals, you'll find the courses you and your team need to stay current and get the latest certifications.