Complete Package CompTIA PenTest+ (Exam: PT0-002) incl. examvoucher

• Penetration testing is a coordinated and simulated cyberattack

• used to evaluate the security of a computer system or computer
• network. The initial and critical planning phase of penetration
• testing is key to a successful engagement process. In this course,
• you'll explore the fundamentals of penetration testing, including a
• comparison of governance, risk, and compliance concepts. You'll
• examine legal concepts such as service level agreements, statements
• of work, non-disclosure agreements, and master service agreements.
• You'll learn the importance of scoping and organizational and
• customer requirements, including common standards and
• methodologies, rules of engagement, environmental considerations,
• target list definition, and scope of the engagement validation.
• This course is one of a collection that helps prepare learners for
• the CompTIA PenTest+ (PT0-002) certification exam.

• Penetration testers must be ethical in order to avoid any

• illegal activities and to best serve clients. In this course,
• you'll learn how to develop and demonstrate an ethical hacking
• mindset by maintaining integrity and professionalism during
• penetration testing exercises. You'll explore the importance of
• performing background checks on penetration testing team members
• and adhering to the scope of engagement. You'll then examine how to
• identify, handle, and report on security breaches and potential
• findings of a criminal nature. You'll learn how to limit the use of
• tools for a particular engagement and invasiveness based on scope.
• Lastly, you'll learn the importance of maintaining data and
• information confidentiality of data and information and explore
• risks to penetration testing team members. This course is one of a
• collection that helps prepare learners for the CompTIA PenTest+
• (PT0-002) certification exam.

• One of the main responsibilities of a penetration tester is to

• gather information by way of reconnaissance. Simply put,
• reconnaissance is the process of collecting as much information as
• possible about a target. In this course, you'll learn how to gather
• information using various passive reconnaissance techniques such as
• DNS lookups, cryptographic flaws, and social media scraping. You'll
• learn how to differentiate between cloud and self-hosted
• reconnaissance and examine valuable data found in password dumps,
• metadata, and public source-code repositories. You'll also explore
• how to use open source intelligence techniques, tools, and sources
• to exploit weaknesses and gather intelligence. This course will
• help prepare learners for the CompTIA PenTest+ PT0-002
• certification exam.

• Active reconnaissance requires a penetration tester to engage

• and interact with the targeted system to gather information and
• identify vulnerabilities. To do this, penetration testers can use
• several different methods including automated scanning and manual
• testing techniques. In this course, you'll learn how to use active
• reconnaissance techniques such as enumeration and web site
• reconnaissance, which are commonly used to gather intelligence
• about hosts, services, and web sites. You'll also learn about
• packet crafting, tokens, wardriving, network traffic, active
• fingerprinting, and defense detection and avoidance techniques.
• This course is one of a collection that helps prepare learners for
• the CompTIA PenTest+ (PT0-002) certification exam.

• Vulnerability scanning is a process used to assess systems for

• known weaknesses. In this course, you'll learn how to configure
• vulnerability scanner settings and scan targets for
• vulnerabilities. You'll explore the different types of scanning
• methods, as well as vulnerability testing tools and common scanning
• themes. Next, you'll learn how to perform a scan analysis. You'll
• also examine the Nmap utility, which is designed to discover hosts
• and services on a computer network. You'll move on to explore Nmap
• Scripting Engine scripts and the numerous switches included in the
• Nmap utility that can helpful in penetration testing. Lastly,
• you'll learn about vulnerability testing tools that can help
• facilitate automation. This course is one of a collection that
• helps prepare learners for the CompTIA PenTest+ (PT0-002)
• certification exam.

• Network attacks are commonly performed to gain unauthorized

• access to an organization's network, with a goal of performing
• malicious activity or stealing data. In this course, you'll learn
• how to research attack vectors and perform network attacks. You'll
• learn about password attacks such as password spraying, hash
• cracking, brute force, and dictionary. You'll explore how to
• perform common network attacks such as ARP poisoning, on-path,
• kerberoasting, virtual local area network hopping, as well as
• Link-Local Multicast Name Resolution and NetBIOS Name Service
• poisoning. Finally, you'll explore common network attack tools such
• as Metasploit, Netcat, and Nmap. This course is one of a collection
• that helps prepare learners for the CompTIA PenTest+ (PT0-002)
• certification exam.

• The goal of a wireless network attack is generally to capture

• information sent across the network. In this course, you'll learn
• how to research attack vectors and perform wireless attacks. You'll
• explore common wireless network attack methods including
• eavesdropping, data modification, data corruption, relay attacks,
• spoofing, jamming, on-path, and capture handshakes. You'll then
• learn about common network attacks such as evil twin, bluejacking,
• bluesnarfing, radio-frequency identification cloning, amplification
• attacks, and Wi-Fi protected setup PIN attacks. Lastly, you'll
• discover how to use aircrack-ng suite and amplified antenna
• wireless network attack tools. This course is one of a collection
• that helps prepare learners for the CompTIA PenTest+ (PT0-002)
• certification exam.

• Application-based attacks are designed to deliberately cause a

• fault in a computer's operating system or applications. In this
• course, you'll learn how to research attack vectors and perform
• application-based attacks. You'll explore the benefits of the OWASP
• Top 10 standard awareness document, which is used to present the
• most critical security risks to web applications. You'll examine
• application-based attacks such as server-side request forgery,
• business logic flaws, and injection attacks. You'll move on to
• learn about application vulnerabilities such as race conditions,
• lack of code signing, and session attacks, as well as the
• characteristics of API attacks such as Restful, Soap, and
• Extensible Markup Language-Remote Procedure Call. Lastly, you'll
• learn about application-based attack tools and resources. This
• course is one of a collection that helps prepare learners for the
• CompTIA PenTest+ (PT0-002) certification exam.

• Penetration testers need to account for all types of systems

• available in an environment. In addition to servers and network
• appliances, this can also include cloud-based systems. In this
• course, you'll learn how to research attack vectors and perform
• attacks on cloud technologies. You'll explore common cloud-based
• attacks, such as credential harvesting, privilege escalation, and
• account takeovers. You'll learn how to identify misconfigured cloud
• assets, including identity and access management and
• containerization technologies. You'll move on to explore how cloud
• malware injection, denial of service, and side-channel attacks can
• exploit a system. Lastly, you'll learn about common cloud tools
• such as the software development kit. This course is one of a
• collection that helps prepare learners for the CompTIA PenTest+
• (PT0-002) certification exam.

• Specialized systems by nature can be very challenging for

• penetration testers. They can use proprietary operating systems and
• file systems, and may require advanced reverse engineering and
• sandbox analysis. However, specialized systems are also very
• susceptible when it comes to weaknesses and vulnerabilities. In
• this course, you'll learn how to identify common attacks and
• vulnerabilities against specialized systems, including mobile
• systems and Internet of Things devices. You'll also explore common
• vulnerabilities, including data storage system vulnerabilities,
• management interface vulnerabilities, vulnerabilities related to
• virtual environments, and vulnerabilities related to containerized
• workloads. This course is one of a collection that helps prepare
• learners for the CompTIA PenTest+ (PT0-002) certification exam.

• Social engineering involves the psychological manipulation of

• people and it's used to trick them into divulging information or
• performing certain actions. In this course, you'll learn how social
• engineering attacks are performed and how they can be used by
• attackers. You'll explore the pretext for a social engineering
• approach, as well as various social engineering attacks such as
• e-mail phishing, vishing, short message service, phishing,
• universal serial bus drop key, and watering hole. You'll then learn
• about tailgating, dumpster diving, shoulder surfing, and badge
• cloning physical attack methods. Lastly, you'll examine social
• engineering impersonation techniques, methods of influence, and
• tools. This course is one of a collection that helps prepare
• learners for the CompTIA PenTest+ (PT0-002) certification exam.

• Cybercriminals use post-exploitation techniques to maintain a

• level of access while they attempt to perform other actions during
• an open session. In this course, you'll learn about
• post-exploitation techniques and tools. You'll explore common
• post-exploitation tools such as Empire, Mimikatz, and BloodHound.
• Next, you'll examine post-exploitation techniques such as lateral
• movement, privilege escalation, and upgrading a restrictive shell.
• You'll learn techniques used to maintain foothold and persistence
• using trojans, backdoors, and daemons. Finally, you'll learn
• detection avoidance techniques, as well as enumeration techniques
• used to extract users, groups, forests, sensitive data, and
• unencrypted files. This course is one of a collection that helps
• prepare learners for the CompTIA PenTest+ (PT0-002) certification
• exam.

• A final written report is prepared by a penetration tester or

• testing team to document all findings and recommendations for the
• client once the engagement has completed. In this course, you'll
• learn the critical components of a written report, as well as the
• importance of communication during the penetration testing process.
• You'll explore how to analyze and report on findings, and how to
• securely distribute of the final product. Next, you'll examine
• common content to include in a written report such as an executive
• summary, scope details, methodology, findings, and conclusion.
• Lastly, you'll learn the steps required to properly analyze the
• findings and recommend the appropriate remediation within a report.
• This course is one of a collection that helps prepare learners for
• the CompTIA PenTest+ (PT0-002) certification exam.

• During penetration testing, tester activities can leave behind
• remnants that may alter a system. Any action performed during
• testing should be clearly documented. Upon completion of testing,
• penetration testers should perform a series of post-report delivery
• activities that include removing shells, removing tester created
• credentials, and removing any penetration testing tools. In this
• course, you'll explore post-report delivery activities such as
• post-engagement cleanup, client acceptance, lessons learned,
• attestation of findings, as well as data destruction processes and
• best practices. You'll also learn the importance of communication
• during the penetration testing process. This course is one of a
• collection that helps prepare learners for the CompTIA PenTest+
• (PT0-002) certification exam.

• Scripting languages can be used by penetration testers to help

• automate the execution of common tasks and increase the depth and
• scope of testing coverage. In this course, you'll learn the basic
• concepts of scripting and software development. Explore logic
• constructs concepts such as loops and conditionals, as well as the
• following operators; Boolean, string, and arithmetic. Discover
• other basic concepts of scripting including data structures,
• libraries, classes, procedures, and functions. You then explore how
• to analyze a script or code sample for use in a penetration test.
• Discover shells, programming languages, and exploit codes, and
• learn how to identify opportunities for automation. This course is
• one of a collection that helps prepare learners for the CompTIA
• PenTest+ (PT0-002) certification exam.

CompTIA PT0-002