Comptia Pentest+ - Exam Pt0-002

Read more

Prepare for success on the new PenTest+ certification exam and an exciting career in penetration testing
 
In the revamped Second Edition of CompTIA PenTest+ Study Guide: Exam PT0-002, veteran information security experts Dr. Mike Chapple and David Seidl deliver a comprehensive roadmap to the foundational and advanced skills every pentester (penetration tester) needs to secure their CompTIA PenTest+ certification, ace their next interview, and succeed in an exciting new career in a growing field.
 
You'll learn to perform security assessments of traditional servers, desktop and mobile operating systems, cloud installations, Internet-of-Things devices, and industrial or embedded systems. You'll plan and scope a penetration testing engagement including vulnerability scanning, understand legal and regulatory compliance requirements, analyze test results, and produce a written report with remediation techniques.
 
This book will:
* Prepare you for success on the newly introduced CompTIA PenTest+ PT0-002 Exam
* Multiply your career opportunities with a certification that complies with ISO 17024 standards and meets Department of Defense Directive 8140/8570.01-M requirements
* Allow access to the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms
 
Perfect for anyone preparing for the updated CompTIA PenTest+ certification exam, CompTIA PenTest+ Study Guide: Exam PT0-002 is also a must-read resource for aspiring penetration testers and IT security professionals seeking to expand and improve their skillset.

List of contents

Introduction xxv
 
Assessment Test xxxix
 
Chapter 1 Penetration Testing 1
 
What Is Penetration Testing? 2
 
Cybersecurity Goals 2
 
Adopting the Hacker Mindset 4
 
Ethical Hacking 5
 
Reasons for Penetration Testing 5
 
Benefits of Penetration Testing 6
 
Regulatory Requirements for Penetration Testing 7
 
Who Performs Penetration Tests? 8
 
Internal Penetration Testing Teams 8
 
External Penetration Testing Teams 9
 
Selecting Penetration Testing Teams 10
 
The CompTIA Penetration Testing Process 10
 
Planning and Scoping 11
 
Information Gathering and Vulnerability Scanning 11
 
Attacks and Exploits 12
 
Reporting and Communication 13
 
Tools and Code Analysis 13
 
The Cyber Kill Chain 14
 
Reconnaissance 15
 
Weaponization 16
 
Delivery 16
 
Exploitation 16
 
Installation 16
 
Command and Control 16
 
Actions on Objectives 17
 
Tools of the Trade 17
 
Reconnaissance 20
 
Vulnerability Scanners 21
 
Social Engineering 21
 
Credential Testing Tools 22
 
Debuggers and Software Testing Tools 22
 
Network Testing 23
 
Remote Access 23
 
Exploitation 24
 
Steganography 24
 
Cloud Tools 25
 
Summary 25
 
Exam Essentials 25
 
Lab Exercises 26
 
Activity 1.1: Adopting the Hacker Mindset 26
 
Activity 1.2: Using the Cyber Kill Chain 26
 
Review Questions 27
 
Chapter 2 Planning and Scoping Penetration Tests 31
 
Scoping and Planning Engagements 34
 
Assessment Types 35
 
Known Environments and Unknown Environments 35
 
The Rules of Engagement 37
 
Scoping Considerations--A Deeper Dive 39
 
Support Resources for Penetration Tests 42
 
Penetration Testing Standards and Methodologies 44
 
Key Legal Concepts for Penetration Tests 46
 
Contracts 46
 
Data Ownership and Retention 47
 
Permission to Attack (Authorization) 47
 
Environmental Differences and Location Restrictions 48
 
Regulatory Compliance Considerations 49
 
Summary 51
 
Exam Essentials 52
 
Lab Exercises 53
 
Review Questions 54
 
Chapter 3 Information Gathering 59
 
Footprinting and Enumeration 63
 
OSINT 64
 
Location and Organizational Data 65
 
Infrastructure and Networks 68
 
Security Search Engines 74
 
Google Dorks and Search Engine Techniques 77
 
Password Dumps and Other Breach Data 77
 
Source Code Repositories 78
 
Passive Enumeration and Cloud Services 78
 
Active Reconnaissance and Enumeration 78
 
Hosts 79
 
Services 79
 
Networks, Topologies, and Network Traffic 85
 
Packet Crafting and Inspection 88
 
Enumeration 90
 
Information Gathering and Code 97
 
Avoiding Detection 99
 
Information Gathering and Defenses 99
 
Defenses Against Active Reconnaissance 100
 
Preventing Passive Information Gathering 100
 
Summary 100
 
Exam Essentials 101
 
Lab Exercises 102
 
Activity 3.1: Manual OSINT Gathering 102
 
Activity 3.2: Exploring Shodan 102
 
Activity 3.3: Running an Nmap Scan 103
 
Review Questions 104
 
Chapter 4 Vulnerability Scanning 109
 
Identifying Vulnerability Management Requirements 112
 
Regulatory Environment 112
 
Corporate Policy 1

About the author

MIKE CHAPPLE, Security+, CySA+, CISSP, is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame. He's a cybersecurity professional and educator with over 20 years of experience. Mike provides cybersecurity certification resources at his website, CertMike.com.
DAVID SEIDL, Security+, CySA+, CISSP, PenTest+, is Vice President for Information Technology and CIO at Miami University. David co-led Notre Dame's move to the cloud, and has written multiple cybersecurity certification books.

Summary

Prepare for success on the new PenTest+ certification exam and an exciting career in penetration testing

In the revamped Second Edition of CompTIA PenTest+ Study Guide: Exam PT0-002, veteran information security experts Dr. Mike Chapple and David Seidl deliver a comprehensive roadmap to the foundational and advanced skills every pentester (penetration tester) needs to secure their CompTIA PenTest+ certification, ace their next interview, and succeed in an exciting new career in a growing field.

You'll learn to perform security assessments of traditional servers, desktop and mobile operating systems, cloud installations, Internet-of-Things devices, and industrial or embedded systems. You'll plan and scope a penetration testing engagement including vulnerability scanning, understand legal and regulatory compliance requirements, analyze test results, and produce a written report with remediation techniques.

This book will:
* Prepare you for success on the newly introduced CompTIA PenTest+ PT0-002 Exam
* Multiply your career opportunities with a certification that complies with ISO 17024 standards and meets Department of Defense Directive 8140/8570.01-M requirements
* Allow access to the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms

Perfect for anyone preparing for the updated CompTIA PenTest+ certification exam, CompTIA PenTest+ Study Guide: Exam PT0-002 is also a must-read resource for aspiring penetration testers and IT security professionals seeking to expand and improve their skillset.