Main MenuBook & Article Categories
- Main Menu
Book & Article Categories
- Main Menu
Collections
Explore all collections
CompTIA PenTest+: Expert Guides and Resources
Oops! Something went wrong while submitting the form.
Articles & Books From CompTIA PenTest+
Prepare for the CompTIA PenTest+ certification CompTIA's PenTest+ Certification is an essential certification to building a successful penetration testing career. Test takers must pass an 85-question exam to be certified, and this book—plus the online test bank—will help you reach your certification goal. CompTIA PenTest+ Certification For Dummies includes a map to the exam’s objectives and helps you get up to speed on planning and scoping, information gathering and vulnerability identification, attacks and exploits, penetration testing tools and reporting, and communication skills.
Cheat Sheet / Updated 03-08-2022
Welcome to the CompTIA PenTest+ Certification For Dummies online cheat sheet! Here, you'll find quick facts to remember on test day to help you answer questions found on the CompTIA PenTest+ certification exam. It includes some of the major concepts you need to know for the exam such as the phases of the penetration testing process, OSINT tools, exploitation tools, wireless cracking tools, Nmap command-line switches, and parts of the penetration test report.
Article / Updated 03-23-2021
The second category of pentesting tools that appears in the CompTIA PenTest+ objectives is credential testing tools. Credential testing tools help you crack passwords for user accounts on a system. There are a number of password cracking tools out there, but these are the tools the PenTest+ exam wants you to be familiar with.
Article / Updated 03-23-2021
The first category of tools that appears in the CompTIA PenTest+ objectives is scanners. A number of different types of scanners exist—some scanners will scan for open ports, while other scanners are designed to find vulnerabilities within a system. Nmap Nmap is a common network scanner used by pentesters to locate systems on the network and determine the ports that are open on those systems.
Article / Updated 03-22-2021
Active information gathering for a pentest involves polling the target systems to find out about the systems that are up and running, the ports that are open, and the software being used. This involves communicating with the systems and potentially being detected. For the PenTest+ certification exam, remember the difference between active and passive information gathering.
Article / Updated 03-22-2021
When you are conducting a penetration test, it is important to take a methodological approach to information gathering and divide the task up into two parts: passive information gathering and active information gathering. Passive information gathering should come first. It involves collecting public information from the internet about the company being assessed — without invoking any kind of communication with the target systems.
Article / Updated 03-22-2021
Take a look at some penetration testing terminology you need to be familiar with for the CompTIA PenTest+ certification exam. Types of assessments The CompTIA PenTest+ certification objectives reference some key terms in regard to the different types of assessments that can be performed. The following are some common types of pentest assessments: Goals-based/objectives-based: This type of assessment is focused on a specific purpose.
Article / Updated 03-22-2021
For the PenTest+ certification exam, you are expected to have an understanding of the basics of pentest report writing, including familiarity with the different sections of the report, what goes into the report, and how to securely store and transmit the report.At the completion of a pentest, the pentest report is a valuable asset for a business.
Article / Updated 03-22-2021
Penetration testing, also known as ethical hacking, involves an information technology (IT) professional using the techniques a hacker uses to bypass the security controls of a network and its system. A security control is a protection element, such as permissions or a firewall, that is designed to keep unauthorized individuals out of a system or network.
Article / Updated 03-22-2021
Social engineering from a security standpoint refers to the deliberate use of deception to try to trick a user into compromising system security through social contact such as an email message, a text message, or a phone call. Social engineering attacks are a common way to test the effectiveness of a company’s security education program.
