CompTIA PenTest+ PT0-002 Cert Guide - Omar Santos

CompTIA PenTest+ PT0-002 Cert Guide

Omar Santos (Autor)

Media-Kombination
624 Seiten
2022 | 2nd edition
Pearson IT Certification
978-0-13-756606-8 (ISBN)
71,85 inkl. MwSt
Trust the best-selling Cert Guide series from Pearson IT Certification to help you learn, prepare, and practice for exam success. They are built with the objective of providing assessment, review, and practice to help ensure you are fully prepared for your certification exam.

CompTIA PenTest+ PT0-002 Cert Guide presents you with an organized test preparation routine through the use of proven series elements and techniques. Do I Know This Already? quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

CompTIA PenTest+ PT0-002 Cert Guide focuses specifically on the objectives for the CompTIA PenTest+ PT0-002 exam. Leading security expert Omar Santos shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

This complete study package includes





A test-preparation routine proven to help you pass the exams
Do I Know This Already? quizzes, which allow you to decide how much time you need to spend on each section
Chapter-ending exercises, which help you drill on key concepts you must know thoroughly
An online interactive Flash Cards application to help you drill on Key Terms by chapter
A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies
Study plan suggestions and templates to help you organize and optimize your study time



The companion website contains the powerful Pearson Test Prep practice test software complete with two complete practice exams.

Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success.

This study guide helps you master all the topics on the CompTIA PenTest+ PT0-002 exam, including





Planning and Scoping a Penetration Testing Assessment
Information Gathering and Vulnerability Identification
Social Engineering Attacks and Physical Security Vulnerabilities
Exploiting Wired and Wireless Networks
Exploiting Application-Based Vulnerabilities
Cloud, Mobile, and IoT Security
Performing Post-Exploitation Techniques
Reporting and Communication
Tools and Code Analysis



Includes Exclusive Offers For Up to 80% Off Practice Tests

Pearson Test Prep online system requirements:

Browsers: Chrome version 73 and above, Safari version 12 and above, Microsoft Edge 44 and above.

Devices: Desktop and laptop computers, tablets running on Android v8.0 and iOS v13, smartphones with a minimum screen size of 4.7”. Internet access required.

Pearson Test Prep offline system requirements:

Windows 10, Windows 8.1; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases

Also available from Pearson IT Certification for CompTIA PenTest+ PT0-002 study is the CompTIA PenTest+ PT0-002 Cert Guide Premium Edition eBook and Practice Test. This digital-only certification preparation product combines an eBook with enhanced Pearson Test Prep Practice Tests.

This integrated learning package





Enables you to focus on individual topic areas or take complete, timed exams
Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
Provides unique sets of exam-realistic practice questions
Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Omar Santos is an active member of the cybersecurity community who leads several industry-wide initiatives. He is a best-selling author and trainer. Omar is the author of more than 20 books and video courses, as well as numerous whitepapers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), Security Research and Operations, where he mentors and leads engineers and incident managers during the investigation and resolution of cybersecurity vulnerabilities. Omar co-leads the DEF CON Red Team Village, is the chair of the OASIS Common Security Advisory Framework (CSAF) technical committee, is the co-chair of the Forum of Incident Response and Security Teams (FIRST) Open Source Security working group, and has been the chair of several initiatives in the Industry Consortium for Advancement of Security on the Internet (ICASI). His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of their critical infrastructures. You can find additional information about Omar’s current projects at h4cker.org and can follow Omar on Twitter @santosomar.

Introduction xxix

Chapter 1 Introduction to Ethical Hacking and Penetration Testing 3

“Do I Know This Already?” Quiz 3

Foundation Topics 7

Understanding Ethical Hacking and Penetration Testing 7

Exploring Penetration Testing Methodologies 9

Building Your Own Lab 15

Exam Preparation Tasks 20

Review All Key Topics 20

Define Key Terms 20

Q&A 20

Chapter 2 Planning and Scoping a Penetration Testing Assessment 23

“Do I Know This Already?” Quiz 23

Foundation Topics 26

Comparing and Contrasting Governance, Risk, and Compliance Concepts 26

Explaining the Importance of Scoping and Organizational or Customer Requirements 39

Demonstrating an Ethical Hacking Mindset by Maintaining Professionalism and Integrity 48

Exam Preparation Tasks 50

Review All Key Topics 50

Define Key Terms 51

Q&A 51

Chapter 3 Information Gathering and Vulnerability Scanning 55

“Do I Know This Already?” Quiz 55

Foundation Topics 59

Performing Passive Reconnaissance 59

Performing Active Reconnaissance 93

Understanding the Art of Performing Vulnerability Scans 125

Understanding How to Analyze Vulnerability Scan Results 136

Exam Preparation Tasks 141

Review All Key Topics 142

Define Key Terms 142

Q&A 143

Chapter 4 Social Engineering Attacks 145

“Do I Know This Already?” Quiz 145

Foundation Topics 149

Pretexting for an Approach and Impersonation 149

Social Engineering Attacks 151

Physical Attacks 155

Methods of Influence 170

Exam Preparation Tasks 171

Review All Key Topics 171

Define Key Terms 172

Q&A 172

Chapter 5 Exploiting Wired and Wireless Networks 175

“Do I Know This Already?” Quiz 175

Foundation Topics 180

Exploiting Network-Based Vulnerabilities 180

Exploiting Wireless Vulnerabilities 216

Exam Preparation Tasks 234

Review All Key Topics 234

Define Key Terms 235

Q&A 235

Chapter 6 Exploiting Application-Based Vulnerabilities 237

“Do I Know This Already?” Quiz 237

Foundation Topics 244

Overview of Web Application-Based Attacks for Security Professionals and the OWASP Top 10 244

How to Build Your Own Web Application Lab 255

Understanding Business Logic Flaws 256

Understanding Injection-Based Vulnerabilities 257

Exploiting Authentication-Based Vulnerabilities 273

Exploiting Authorization-Based Vulnerabilities 279

Understanding Cross-Site Scripting (XSS) Vulnerabilities 281

Understanding Cross-Site Request Forgery (CSRF/XSRF) and Server-Side Request Forgery Attacks 288

Understanding Clickjacking 289

Exploiting Security Misconfigurations 289

Exploiting File Inclusion Vulnerabilities 292

Exploiting Insecure Code Practices 293

Exam Preparation Tasks 301

Review All Key Topics 301

Define Key Terms 302

Q&A 303

Chapter 7 Cloud, Mobile, and IoT Security 305

“Do I Know This Already?” Quiz 305

Foundation Topics 309

Researching Attack Vectors and Performing Attacks on Cloud Technologies 309

Explaining Common Attacks and Vulnerabilities Against Specialized Systems 324

Exam Preparation Tasks 336

Review All Key Topics 337

Define Key Terms 337

Q&A 338

Chapter 8 Performing Post-Exploitation Techniques 341

“Do I Know This Already?” Quiz 341

Foundation Topics 345

Creating a Foothold and Maintaining Persistence After Compromising a System 345

Understanding How to Perform Lateral Movement, Detection Avoidance, and Enumeration 355

Exam Preparation Tasks 371

Review All Key Topics 371

Define Key Terms 372

Q&A 372

Chapter 9 Reporting and Communication 375

“Do I Know This Already?” Quiz 375

Foundation Topics 379

Comparing and Contrasting Important Components of Written Reports 379

Analyzing the Findings and Recommending the Appropriate Remediation Within a Report 385

Explaining the Importance of Communication During the Penetration Testing Process 390

Explaining Post-Report Delivery Activities 393

Exam Preparation Tasks 395

Review All Key Topics 395

Define Key Terms 395

Q&A 396

Chapter 10 Tools and Code Analysis 399

“Do I Know This Already?” Quiz 399

Foundation Topics 403

Understanding the Basic Concepts of Scripting and Software

Development 403

Understanding the Different Use Cases of Penetration Testing Tools and Analyzing Exploit Code 409

Exam Preparation Tasks 505

Review All Key Topics 506

Define Key Terms 508

Q&A 508

Chapter 11 Final Preparation 513

Tools for Final Preparation 513

Suggested Plan for Final Review/Study 517

Summary 518

Glossary of Key Terms 519

Appendix A Answers to the “Do I Know This Already?” Quizzes and Q&A Sections 537

Appendix B CompTIA® PenTest+ PT0-002 Cert Guide Exam Updates 559

Online Elements:

Appendix C Study Planner

Glossary of Key Terms

TOC, 9780137566068, 10/21/2021

Erscheint lt. Verlag 18.2.2022
Reihe/Serie Certification Guide
Verlagsort Upper Saddle River
Sprache englisch
Maße 192 x 234 mm
Gewicht 1140 g
Themenwelt Mathematik / Informatik Informatik Netzwerke
Informatik Weitere Themen Zertifizierung
ISBN-10 0-13-756606-9 / 0137566069
ISBN-13 978-0-13-756606-8 / 9780137566068
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich