CompTIA PenTest+ Study Guide, 2nd Edition

CompTIA PenTest+ Study Guide, 2nd Edition

by Mike Chapple, David Seidl
Released November 2021
Publisher(s): Sybex
ISBN: 9781119823810

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Prepare for success on the new PenTest+ certification exam and an exciting career in penetration testing 

In the revamped Second Edition of CompTIA PenTest+ Study Guide: Exam PT0-002, veteran information security experts Dr. Mike Chapple and David Seidl deliver a comprehensive roadmap to the foundational and advanced skills every pentester (penetration tester) needs to secure their CompTIA PenTest+ certification, ace their next interview, and succeed in an exciting new career in a growing field. 

You’ll learn to perform security assessments of traditional servers, desktop and mobile operating systems, cloud installations, Internet-of-Things devices, and industrial or embedded systems. You’ll plan and scope a penetration testing engagement including vulnerability scanning, understand legal and regulatory compliance requirements, analyze test results, and produce a written report with remediation techniques. 

This book will: 

  • Prepare you for success on the newly introduced CompTIA PenTest+ PT0-002 Exam 
  • Multiply your career opportunities with a certification that complies with ISO 17024 standards and meets Department of Defense Directive 8140/8570.01-M requirements 
  • Allow access to the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms 

Perfect for anyone preparing for the updated CompTIA PenTest+ certification exam, CompTIA PenTest+ Study Guide: Exam PT0-002 is also a must-read resource for aspiring penetration testers and IT security professionals seeking to expand and improve their skillset. 

Table of contents

  1. Cover
  2. Title Page
  3. Copyright
  4. Dedication
  5. Acknowledgments
  6. About the Author
  7. About the Technical Editor
  8. Introduction
    1. CompTIA
    2. The PenTest+ Exam
    3. What Does This Book Cover?
    4. CompTIA PenTest+ Certification Exam Objectives
    5. Assessment Test
    6. Answers to Assessment Test
  9. Chapter 1: Penetration Testing
    1. What Is Penetration Testing?
    2. Reasons for Penetration Testing
    3. Who Performs Penetration Tests?
    4. The CompTIA Penetration Testing Process
    5. The Cyber Kill Chain
    6. Tools of the Trade
    7. Summary
    8. Exam Essentials
    9. Lab Exercises
    10. Review Questions
  10. Chapter 2: Planning and Scoping Penetration Tests
    1. Scoping and Planning Engagements
    2. Penetration Testing Standards and Methodologies
    3. Key Legal Concepts for Penetration Tests
    4. Regulatory Compliance Considerations
    5. Summary
    6. Exam Essentials
    7. Lab Exercises
    8. Review Questions
  11. Chapter 3: Information Gathering
    1. Footprinting and Enumeration
    2. Active Reconnaissance and Enumeration
    3. Information Gathering and Defenses
    4. Summary
    5. Exam Essentials
    6. Lab Exercises
    7. Review Questions
  12. Chapter 4: Vulnerability Scanning
    1. Identifying Vulnerability Management Requirements
    2. Configuring and Executing Vulnerability Scans
    3. Software Security Testing
    4. Developing a Remediation Workflow
    5. Overcoming Barriers to Vulnerability Scanning
    6. Summary
    7. Exam Essentials
    8. Lab Exercises
    9. Review Questions
  13. Chapter 5: Analyzing Vulnerability Scans
    1. Reviewing and Interpreting Scan Reports
    2. Validating Scan Results
    3. Common Vulnerabilities
    4. Summary
    5. Exam Essentials
    6. Lab Exercises
    7. Review Questions
  14. Chapter 6: Exploiting and Pivoting
    1. Exploits and Attacks
    2. Exploitation Toolkits
    3. Exploit Specifics
    4. Leveraging Exploits
    5. Persistence and Evasion
    6. Pivoting
    7. Covering Your Tracks
    8. Summary
    9. Exam Essentials
    10. Lab Exercises
    11. Review Questions
  15. Chapter 7: Exploiting Network Vulnerabilities
    1. Identifying Exploits
    2. Conducting Network Exploits
    3. Exploiting Windows Services
    4. Identifying and Exploiting Common Services
    5. Wireless Exploits
    6. Summary
    7. Exam Essentials
    8. Lab Exercises
    9. Review Questions
  16. Chapter 8: Exploiting Physical and Social Vulnerabilities
    1. Physical Facility Penetration Testing
    2. Social Engineering
    3. Summary
    4. Exam Essentials
    5. Lab Exercises
    6. Review Questions
  17. Chapter 9: Exploiting Application Vulnerabilities
    1. Exploiting Injection Vulnerabilities
    2. Exploiting Authentication Vulnerabilities
    3. Exploiting Authorization Vulnerabilities
    4. Exploiting Web Application Vulnerabilities
    5. Unsecure Coding Practices
    6. Steganography
    7. Application Testing Tools
    8. Summary
    9. Exam Essentials
    10. Lab Exercises
    11. Review Questions
  18. Chapter 10: Attacking Hosts, Cloud Technologies, and Specialized Systems
    1. Attacking Hosts
    2. Credential Attacks and Testing Tools
    3. Remote Access
    4. Attacking Virtual Machines and Containers
    5. Attacking Cloud Technologies
    6. Attacking Mobile Devices
    7. Attacking IoT, ICS, Embedded Systems, and SCADA Devices
    8. Attacking Data Storage
    9. Summary
    10. Exam Essentials
    11. Lab Exercises
    12. Review Questions
  19. Chapter 11: Reporting and Communication
    1. The Importance of Communication
    2. Recommending Mitigation Strategies
    3. Writing a Penetration Testing Report
    4. Wrapping Up the Engagement
    5. Summary
    6. Exam Essentials
    7. Lab Exercises
    8. Review Questions
  20. Chapter 12: Scripting for Penetration Testing
    1. Scripting and Penetration Testing
    2. Variables, Arrays, and Substitutions
    3. Comparison Operations
    4. String Operations
    5. Flow Control
    6. Input and Output (I/O)
    7. Error Handling
    8. Advanced Data Structures
    9. Reusing Code
    10. The Role of Coding in Penetration Testing
    11. Summary
    12. Exam Essentials
    13. Lab Exercises
    14. Review Questions
  21. Appendix A: Answers to Review Questions
  22. Appendix B: Solution to Lab Exercise
    1. Solution to Activity 5.2: Analyzing a CVSS Vector
  23. Index
  24. End User License Agreement

Product information

  • Title: CompTIA PenTest+ Study Guide, 2nd Edition
  • Author(s): Mike Chapple, David Seidl
  • Release date: November 2021
  • Publisher(s): Sybex
  • ISBN: 9781119823810