CompTIA PenTest+ Certification All-in-One Exam Guide, Second Edition (Exam PT0-002), 2nd Edition

CompTIA PenTest+ Certification All-in-One Exam Guide, Second Edition (Exam PT0-002), 2nd Edition

by Heather Linn
Released April 2022
Publisher(s): McGraw-Hill
ISBN: 9781264274901

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

This fully-updated guide delivers complete coverage of every topic on the current version of the CompTIA PenTest+ certification exam.

Get complete coverage of all the objectives included on the CompTIA PenTest+ certification exam PT0-002 from this comprehensive resource. Written by expert penetration testers, the book provides learning objectives at the beginning of each chapter, hands-on exercises, exam tips, and practice questions with in-depth explanations. Designed to help you pass the exam with ease, this definitive volume also serves as an essential on-the-job reference.

Covers all exam topics, including:

  • Planning and engagement
  • Information gathering
  • Vulnerability scanning
  • Network-based attacks
  • Wireless and radio frequency attacks
  • Web and database attacks
  • Cloud attacks
  • Specialized and fragile systems
  • Social Engineering and physical attacks
  • Post-exploitation tools and techniques
  • Post-engagement activities
  • Tools and code analysis
  • And more
Online content includes:
  • 170 practice exam questions
  • Interactive performance-based questions
  • Test engine that provides full-length practice exams or customizable quizzes by chapter or exam objective

Table of contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. Contents
  6. Acknowledgments
  7. Introduction
  8. Chapter 1 Planning and Engagement
    1. Governance, Risk, and Compliance
      1. Regulatory and Compliance Considerations
    2. Testing Limitations
      1. Time-Based Limitations
      2. Asset Scope Limitations
      3. Tool Limitations
      4. Allowed and Disallowed Tests
    3. Contracts and Documentation
      1. Master Services Agreement
      2. Nondisclosure Agreement
      3. Statement of Work
      4. Rules of Engagement
      5. Permission to Test
    4. Scope and Requirements
      1. Standards
      2. Environmental Considerations for Scoping
      3. Target Selection
      4. Contract Review
      5. Communication Planning
    5. Professionalism and Integrity
      1. Communication
      2. Integrity
      3. Risks to the Tester
    6. Chapter Review
      1. Questions
      2. Answers
    7. References
  9. Chapter 2 Information Gathering and Vulnerability Scanning
    1. Passive Reconnaissance
      1. DNS Recon
      2. OSINT
      3. Search Engines
    2. Active Reconnaissance
      1. Host Enumeration
      2. Service Identification and Fingerprinting
      3. Web Content Enumeration
      4. User Enumeration
      5. Defense Detection and Detection Avoidance
    3. Vulnerability Scanning and Analysis
      1. Credentialed vs. Noncredentialed Scanning
      2. Compliance and Configuration Auditing
      3. Vulnerability Research Sources
    4. Chapter Review
      1. Questions
      2. Answers
    5. References
  10. Chapter 3 Network-Based Attacks
    1. Name Resolution Exploits
      1. DNS Spoofing and Cache Poisoning
      2. Attacking LLMNR and NetBIOS
    2. Password Attacks
      1. Brute-Force and Dictionary Attacks
      2. Password Spraying
      3. Hash Cracking
    3. Stress Testing Applications and Protocols
    4. Network Packet Manipulation
      1. Analyzing and Inspecting Packets
      2. Forge and Decode Packets
    5. Layer 2 Attacks
      1. Attacking the Spanning Tree Protocol
      2. VLAN Hopping
      3. Bypassing Network Access Controls
    6. Researching an Attack
      1. An Attack on FTP
      2. An Attack on Samba and NFS
    7. Chapter Review
      1. Questions
      2. Answers
  11. Chapter 4 Wireless and RF Attacks
    1. 802.11 Wireless
      1. Wireless Networking Overview
      2. Wireless Testing Equipment
      3. Attacking Wireless
    2. Attacking Bluetooth
      1. Bluetooth Specifications
      2. Device Discovery
      3. Bluetooth Attacks
    3. RFID and NFC
    4. Chapter Review
      1. Questions
      2. Answers
    5. References
  12. Chapter 5 Web and Database Attacks
    1. OWASP Top Ten
    2. Injection Attacks
      1. Command Injection
      2. SQL Injection
      3. LDAP Injection
      4. Cross-Site Scripting
      5. Cross-Site Request Forgery
    3. Attacking Authentication and Session Management
      1. Brute-Force Login Pages
      2. Session Management Testing
    4. Data Exposure and Insecure Configuration
      1. Weak Access Controls
      2. Exposing Sensitive Data
      3. Directory and Path Traversals
      4. Sensitive Data Exposure
    5. Inclusion Attacks
    6. Race Conditions
    7. Chapter Review
      1. Questions
      2. Answers
  13. Chapter 6 Attacking the Cloud
    1. Account and Privilege Attacks
      1. Credential Harvesting
      2. Privesc
      3. Account Takeover
      4. Password Spraying
    2. Misconfigured Cloud Assets
      1. Identity and Access Management
      2. Federation
      3. Object Storage
      4. Containerization Technologies
    3. Cloud-Centric Attacks
      1. Denial of Service
      2. Cloud Malware Injection
      3. Side-Channel Attacks
      4. Software Development Kits
    4. Chapter Review
      1. Questions
      2. Answers
  14. Chapter 7 Specialized and Fragile Systems
    1. Mobile Devices
      1. Testing Concepts
      2. Mobile Hardware
      3. Mobile Operating Systems Overview
      4. Mobile Applications Overview
      5. Testing iOS
      6. Testing Android
    2. Virtual and Containerized Systems
    3. Other Nontraditional Systems
      1. SCADA and Industrial Control Systems
      2. Embedded Systems
    4. Chapter Review
      1. Questions
      2. Answers
  15. Chapter 8 Social Engineering and Physical Attacks
    1. Physical Security and Social Engineering
      1. Pretexting and Impersonation
      2. Methods of Influence
    2. Social Engineering and Physical Attacks
      1. Phishing Attacks
      2. Other Web Attacks
      3. Social Engineering Tools
      4. Dumpster Diving
      5. USB Dropping
      6. Shoulder Surfing
      7. Tailgating
      8. Badges
      9. Basic Physpen Tools
    3. Countermeasures
    4. Chapter Review
      1. Questions
      2. Answers
    5. References
  16. Chapter 9 Post-Exploitation
    1. Enumeration
      1. Discovery
      2. Credential Access
    2. Privilege Escalation
      1. Linux Privilege Escalation
      2. Windows Privilege Escalation
    3. Covert Channels and Data Exfiltration
      1. SSH Tunneling
      2. Shell Types
      3. Command and Control
      4. Data Exfiltration
    4. Lateral Movement
      1. Living Off the Land
      2. Passing the Hash
      3. RPC/DCOM
      4. Remote Desktop Protocol
      5. WinRM
    5. Maintaining Persistence
      1. Windows
      2. Linux
    6. Covering Your Tracks
      1. Clearing Command History
      2. Timestomping
      3. File Deletion
    7. Chapter Review
      1. Questions
      2. Answers
  17. Chapter 10 Post-Engagement Activities
    1. The Anatomy of a Pentest Report
      1. Reporting Audience
      2. Report Contents
      3. Storage and Secure Distribution
      4. Attestations
    2. Findings, Recommendations, and Analysis
      1. Recommendations
      2. Common Themes and Root Causes
    3. Post-Engagement Activities
      1. Cleanup
      2. Client Acceptance
      3. Lessons Learned
      4. Retesting and Follow-up
    4. Chapter Review
      1. Questions
      2. Answers
    5. References
  18. Chapter 11 Tools and Code Analysis
    1. Logic Constructs
      1. Conditionals
      2. Loops
      3. Boolean Operators
      4. Arithmetic and String Operators
    2. Data Structures
      1. Key Values and Keys
      2. Arrays, Dictionaries, and Lists
      3. Trees
      4. CSV, XML, and JSON
    3. Other Programming Concepts
      1. Procedures
      2. Functions
      3. Classes
      4. Libraries
    4. Practical Examples
      1. Bash
      2. Python
      3. Perl
      4. Ruby
      5. JavaScript
      6. PowerShell
    5. Specialized Examples
      1. Bash Shells
      2. Bash Automation
      3. PowerShell Shells
      4. PowerShell: Enumerating AD Users and Computers
      5. Python Port Scanner
      6. Python Encoding
      7. Using Python to Upgrade to a Fully Interactive Shell
      8. Using Perl to Modify IP Addresses in a File
      9. Perl Reverse Shell
      10. JavaScript Downloader
    6. Chapter Review
      1. Questions
      2. Answers
  19. Chapter 12 Tools Inventory
  20. Appendix A Objective Map
    1. Objective Map: Exam PT0-002
  21. Appendix B About the Online Content
    1. System Requirements
    2. Your Total Seminars Training Hub Account
      1. Privacy Notice
    3. Single User License Terms and Conditions
    4. TotalTester Online
    5. Other Book Resources
      1. Performance-Based Questions
      2. Downloadable Content
    6. Technical Support
  22. Glossary
  23. Index

Product information

  • Title: CompTIA PenTest+ Certification All-in-One Exam Guide, Second Edition (Exam PT0-002), 2nd Edition
  • Author(s): Heather Linn
  • Release date: April 2022
  • Publisher(s): McGraw-Hill
  • ISBN: 9781264274901