Glen E. Clarke

Welcome to the CompTIA PenTest+ Certification For Dummies online cheat sheet! Here, you'll find quick facts to remember on test day to help you answer questions found on the CompTIA PenTest+ certification exam. It includes some of the major concepts you need to know for the exam such as the phases of the penetration testing process, OSINT tools, exploitation tools, wireless cracking tools, Nmap command-line switches, and parts of the penetration test report.

This Cheat Sheet gives you quick facts to remember on test day to help you answer questions found on the A+ Certification exams. Before the A+ exams, you’ll want to review some of the major Windows concepts, including boot files, recovery tools, RAID types, and troubleshooting utilities.Windows recovery toolsOne of the hardest tasks to perform when troubleshooting a system is fixing a system that will not boot.

The different types of printers in today’s busy world of computing are laser, inkjet, dot matrix, thermal, and virtual. You need to be familiar with each type for the compTIA certification A+ exams. Laser printers The laser printer — also known as a page printer because it prints one page at a time — is the most popular type of printer because it is fast and reliable, and offers the best-quality printout of the three types of printers.

The second category of pentesting tools that appears in the CompTIA PenTest+ objectives is credential testing tools. Credential testing tools help you crack passwords for user accounts on a system. There are a number of password cracking tools out there, but these are the tools the PenTest+ exam wants you to be familiar with.

The first category of tools that appears in the CompTIA PenTest+ objectives is scanners. A number of different types of scanners exist—some scanners will scan for open ports, while other scanners are designed to find vulnerabilities within a system. Nmap Nmap is a common network scanner used by pentesters to locate systems on the network and determine the ports that are open on those systems.

Penetration testing, also known as ethical hacking, involves an information technology (IT) professional using the techniques a hacker uses to bypass the security controls of a network and its system. A security control is a protection element, such as permissions or a firewall, that is designed to keep unauthorized individuals out of a system or network.

Active information gathering for a pentest involves polling the target systems to find out about the systems that are up and running, the ports that are open, and the software being used. This involves communicating with the systems and potentially being detected. For the PenTest+ certification exam, remember the difference between active and passive information gathering.

When you are conducting a penetration test, it is important to take a methodological approach to information gathering and divide the task up into two parts: passive information gathering and active information gathering. Passive information gathering should come first. It involves collecting public information from the internet about the company being assessed — without invoking any kind of communication with the target systems.