CompTIA PenTest plus (PT0-001)
CompTIA PenTest+ Exam
o Number of Questions: Maximum of 110
o Type of Questions: Multiple choice and performance based
o Duration: 165 minutes
This exam is currently in beta, which means that your exam scores will only be available in
summer 2018. The beta exam scores are only numbered scores and will not include a breakdown
of exam objectives. The beta status will end when 400 people have taken the beta exam or April
- What you’ll learn:
Upon Completion of this Course, you will accomplish following:-
Explain the importance of planning for an engagement
Explain key legal concepts.
Explain the importance of scoping an engagement properly.
Explain the key aspects of compliance-based assessments.
Conduct information gathering using appropriate techniques
Perform a vulnerability scan.
Analyse vulnerability scan results
Explain the process of leveraging information to prepare for exploitation.
Explain weaknesses related to specialised systems
Compare and contrast social engineering attacks
Exploit network-based vulnerabilities
Exploit wireless and RF-based vulnerabilities
Exploit application-based vulnerabilities
Exploit local host vulnerabilities
Summarise physical security attacks related to facilities
Perform post-exploitation techniques
Use Nmap to conduct information gathering exercises
Compare and contrast various use cases of tools
Analyse tool output or data related to a penetration test
Analyse a basic script (limited to Bash, Python, Ruby, and PowerShell) Reporting and Communication
Use report writing and handling best practices
Explain post-report delivery activities
Recommend mitigation strategies for discovered vulnerabilities
Explain the importance of communication during the penetration testing process
Network+, Security+ or equivalent knowledge. Minimum of 3-4 years of hands-on information security or related experience. While there is no required prerequisite, PenTest+ is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus.
Planning and Scoping
Information Gathering and Vulnerability Identification.
Attacks and Exploits
Penetration Testing Tools
Reporting and Communication