CompTIA PenTest+ Study Guide

Prepare for success on the new PenTest+ certification exam and an exciting career in penetration testing

In the revamped Second Edition of CompTIA PenTest+ Study Guide: Exam PT0-002, veteran information security experts Dr. Mike Chapple and David Seidl deliver a comprehensive roadmap to the foundational and advanced skills every pentester (penetration tester) needs to secure their CompTIA PenTest+ certification, ace their next interview, and succeed in an exciting new career in a growing field.

You'll learn to perform security assessments of traditional servers, desktop and mobile operating systems, cloud installations, Internet-of-Things devices, and industrial or embedded systems. You'll plan and scope a penetration testing engagement including vulnerability scanning, understand legal and regulatory compliance requirements, analyze test results, and produce a written report with remediation techniques.

This book will:

• Prepare you for success on the newly introduced CompTIA PenTest+ PT0-002 Exam

• Multiply your career opportunities with a certification that complies with ISO 17024 standards and meets Department of Defense Directive 8140/8570.01-M requirements

• Allow access to the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms

Perfect for anyone preparing for the updated CompTIA PenTest+ certification exam, CompTIA PenTest+ Study Guide: Exam PT0-002 is also a must-read resource for aspiring penetration testers and IT security professionals seeking to expand and improve their skillset.

Auteur

MIKE CHAPPLE, Security+, CySA+, CISSP, is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame. He's a cybersecurity professional and educator with over 20 years of experience. Mike provides cybersecurity certification resources at his website, CertMike.com.

DAVID SEIDL, Security+, CySA+, CISSP, PenTest+, is Vice President for Information Technology and CIO at Miami University. David co-led Notre Dame's move to the cloud, and has written multiple cybersecurity certification books.

Texte du rabat

Everything You Need to Succeed on the New CompTIA PenTest+ Certification Exam

CompTIA's PenTest+ is an intermediate-level cybersecurity certification that verifies you are fully prepared to engage in the full penetration testing process, from planning an engagement through reconnaissance, vulnerability detection, exploitation and reporting. This complete CompTIA® PenTest+ Study Guide: Exam PT0-002, Second Edition gets you ready for the exam with a comprehensive review of all objectives. It helps you identify what you already know, learn what you don't, test your progress, and perfect your skills. Enhance your learning with access to the exclusive Sybex interactive online learning environment, including practice tests, electronic flashcards, and a searchable glossary of terms. It's the faster, smarter way to prepare. Coverage of the exam objectives in this Study Guide means you'll be ready for:

• Planning and Scoping Penetration Tests
• Information Gathering
• Vulnerability Scanning and Interpreting Results
• Exploiting Network Vulnerabilities
• Exploiting Physical and Social Vulnerabilities
• Exploiting Application and Host Vulnerabilities
• Scripting for Penetration Testing
• Reporting and Communication ABOUT THE COMPTIA PENTEST+ CERTIFICATION The CompTIA PenTest+ certification verifies that successful candidates have the knowledge and skills required to plan and scope an assessment, understand legal and compliance requirements, perform vulnerability scanning and penetration testing, analyze data, and effectively report and communicate results.

Résumé
Prepare for success on the new PenTest+ certification exam and an exciting career in penetration testing

In the revamped Second Edition of CompTIA PenTest+ Study Guide: Exam PT0-002, veteran information security experts Dr. Mike Chapple and David Seidl deliver a comprehensive roadmap to the foundational and advanced skills every pentester (penetration tester) needs to secure their CompTIA PenTest+ certification, ace their next interview, and succeed in an exciting new career in a growing field.

You'll learn to perform security assessments of traditional servers, desktop and mobile operating systems, cloud installations, Internet-of-Things devices, and industrial or embedded systems. You'll plan and scope a penetration testing engagement including vulnerability scanning, understand legal and regulatory compliance requirements, analyze test results, and produce a written report with remediation techniques.

This book will:

• Prepare you for success on the newly introduced CompTIA PenTest+ PT0-002 Exam
• Multiply your career opportunities with a certification that complies with ISO 17024 standards and meets Department of Defense Directive 8140/8570.01-M requirements
• Allow access to the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms
  Perfect for anyone preparing for the updated CompTIA PenTest+ certification exam, CompTIA PenTest+ Study Guide: Exam PT0-002 is also a must-read resource for aspiring penetration testers and IT security professionals seeking to expand and improve their skillset.

Contenu

Introduction xxv

Assessment Test xxxix

Chapter 1 Penetration Testing 1

What Is Penetration Testing? 2

Cybersecurity Goals 2

Adopting the Hacker Mindset 4

Ethical Hacking 5

Reasons for Penetration Testing 5

Benefits of Penetration Testing 6

Regulatory Requirements for Penetration Testing 7

Who Performs Penetration Tests? 8

Internal Penetration Testing Teams 8

External Penetration Testing Teams 9

Selecting Penetration Testing Teams 10

The CompTIA Penetration Testing Process 10

Planning and Scoping 11

Information Gathering and Vulnerability Scanning 11

Attacks and Exploits 12

Reporting and Communication 13

Tools and Code Analysis 13

The Cyber Kill Chain 14

Reconnaissance 15

Weaponization 16

Delivery 16

Exploitation 16

Installation 16

Command and Control 16

Actions on Objectives 17

Tools of the Trade 17

Reconnaissance 20

Vulnerability Scanners 21

Social Engineering 21

Credential Testing Tools 22

Debuggers and Software Testing Tools 22

Network Testing 23

Remote Access 23

Exploitation 24

Steganography 24

Cloud Tools 25

Summary 25

Exam Essentials 25

Lab Exercises 26

Activity 1.1: Adopting the Hacker Mindset 26

Activity 1.2: Using the Cyber Kill Chain 26

Review Questions 27

Chapter 2 Planning and Scoping Penetration Tests 31

Scoping and Planning Engagements 34

Assessment Types 35

Known Environments and Unknown Environments 35

The Rules of Engagement 37

Scoping ConsiderationsA Deeper Dive 39

Support Resources for Penetration Tests 42

Penetration Testing Standards and Methodologies 44

Key Legal Concepts for Penetration Tests 46

Contracts 46

Data Ownership and Retention 47

Permission to Attack (Authorization) 47

Environmental Differences and Location Restrictions 48

Regulatory Compliance Considerations 49

Summary 51

Exam Essentials 52

Lab Exercises 53

Review Questions 54

Chapter 3 Information Gathering 59

Footprinting and Enumeration 63

OSINT 64

Location and Organizational Data 65

Infrastructure and Networks 68

Security Search Engines 74

Google Dorks and Search Engine Techniques 77

Password Dumps and Other Breach Data 77

Source Code Repositories 78

Passive Enumeration and Cloud Services 78

Active Reconnaissance and Enumeration 78

Hosts 79

Services 79

Networks, Topologies, and Network…