AREA RISERVATA
 800-177596
 CHI SIAMO
 CONTATTACI
 AREA RISERVATA
 CONTATTACI
 800-177596

Vega Training

Formazione Certificata Ovunque

Certificazione CompTIA PenTest+

Corsi Comptia linux, Corsi Comptia Server

Certificazione CompTIA PenTest+

Panoramica | Svolgimento e Durata | Prerequisiti
Argomenti D’esame   |  Corsi di Preparazione

Panoramica   Svolgimento e Durata
Prerequisiti
Argomenti D’esame    Corsi di Preparazione

PANORAMICA

Corso e Certificazione Penetration Test, CompTIA PenTest+

Esame PT0-002;

La certificazione CompTIA PenTest+ attesta le competenze nell’ambito della pratica di “testare” un sistema informatico, una rete o un’applicazione web per trovare vulnerabilità di sicurezza che un utente malintenzionato potrebbe sfruttare. I concetti verificati dall’esame certificano il ruolo professionale del Penetration Tester, ovvero quella figura delegata ad effettuare valutazioni di sicurezza dei server, dei sistemi e dispositivi di rete, progettare e crea nuovi strumenti e test di penetrazione.

Per conseguire la Certificazione CompTIA PenTest+ è necessario sostenere con successo il seguente esame:
Esame PT0-002 CompTIA PenTest+;

Corsi propedeutici alla certificazione

Corso di Preparazione:
Corso Penetration Test
Contattaci ora per ricevere tutti i dettagli e per richiedere, senza alcun impegno, di parlare direttamente con uno dei nostri Docenti Cyber Security CLICCA QUI.
Oppure chiamaci subito al nostro numero verde  800-177596.

 SVOLGIMENTO E DURATA

Esame PT0-002 CompTIA PenTest+ durata 165 minuti 85 quesiti;

Negli esami sono presenti quesiti formulati in lingua inglese in forme differenti: Risposta Multipla; completamento di testo, collegamenti concettuali Drag and Drop; vere e proprie simulazioni laboratoriali.

 PREREQUISITI

Frequentare il Corso Penetration Test.

ARGOMENTI D’ESAME

Esame CompTIA PenTest+ PT0-002;

  • Planning and Scoping
  • Explain the importance of planning for an engagement
  • Understanding the target audience
  • Rules of engagement
  • Communication escalation path
  • Resources and requirements
  • Impact analysis and remediation timelines
  • Disclaimers
  • Technical constraints
  • Support resources
  • Explain key legal concepts
  • Contracts
  • Environmental differences
  • Written authorization
  • Explain the importance of scoping an engagement properly
  • Types of assessment
  • Special scoping considerations
  • Target selection
  • Strategy
  • Risk acceptance
  • Tolerance to impact
  • Scheduling
  • Scope creep
  • Threat actors
  • Explain the key aspects of compliance-based assessments
  • Information Gathering and Vulnerability Identification
  • Given a scenario, conduct information gathering using appropriate techniques
  • Scanning
  • Enumeration
  • Packet crafting
  • Packet inspection
  • Fingerprinting
  • Cryptography
  • Eavesdropping
  • Decompilation
  • Debugging
  • Open Source Intelligence Gathering
  • Given a scenario, perform a vulnerability scan
  • Credentialed vs. non-credentialed
  • Types of scans
  • Container security
  • Application scan
  • Considerations of vulnerability scanning
  • Given a scenario, analyze vulnerability scan results
  • Asset categorization
  • Adjudication
  • Prioritization of vulnerabilities
  • Common themes
  • Explain the process of leveraging information to prepare for exploitation
  • Map vulnerabilities to potential exploits
  • Prioritize activities in preparation for penetration test
  • Describe common techniques
  • Describe common techniques to complete attack
  • Explain weaknesses related to specialized systems
  • Attacks and Exploits
  • Compare and contrast social engineering attacks
  • Phishing
  • Elicitation
  • Interrogation
  • Impersonation
  • Shoulder surfing
  • USB key drop
  • Motivation techniques
  • Given a scenario, exploit network-based vulnerabilities
  • Name resolution exploits
  • SMB exploits
  • SNMP exploits
  • SMTP exploits
  • FTP exploits
  • DNS cache poisoning
  • Pass the hash
  • Man-in-the-middle
  • DoS/stress test
  • NAC bypass
  • VLAN hopping
  • Given a scenario, exploit wireless and RF-based vulnerabilities
  • Evil twin
  • Deauthentication attacks
  • Fragmentation attacks
  • WPS implementation weakness
  • Bluejacking
  • Bluesnarfing
  • RFID cloning
  • Jamming
  • Repeating
  • Given a scenario, exploit application-based vulnerabilities
  • Injections
  • Authentication
  • Authorization
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF/XSRF)
  • Clickjacking
  • Security misconfiguration
  • File inclusion
  • Unsecure code practices
  • Given a scenario, exploit local host vulnerabilities
  • OS vulnerabilities
  • Unsecure service and protocol configurations
  • Privilege escalation
  • Default account settings
  • Sandbox escape
  • Physical device security
  • Summarize physical security attacks related to facilities
  • Piggybacking/tailgating
  • Fence jumping
  • Dumpster diving
  • Lock picking
  • Lock bypass
  • Egress sensor
  • Badge cloning
  • Given a scenario, perform post-exploitation techniques
  • Lateral movement
  • Persistence
  • Covering your tracks
  • Penetration Testing Tools
  • Given a scenario, use Nmap to conduct information gathering exercises
  • SYN scan vs. full connect scan
  • Port selection
  • Service identification
  • OS fingerprinting
  • Disabling ping
  • Compare and contrast various use cases of tools
  • Use cases
  • Tools
  • Given a scenario, analyze tool output or data related to a penetration test
  • Password cracking
  • Pass the hash
  • Setting up a bind shell
  • Getting a reverse shell
  • Proxying a connection
  • Uploading a web shell
  • Injections
  • Given a scenario, analyze a basic script
  • Reporting and Communication
  • Given a scenario, use report writing and handling best practices
  • Normalization of data
  • Written report of findings and remediation
  • Risk appetite
  • Storage time for report
  • Secure handling and disposition of reports
  • Explain post-report delivery activities
  • Post-engagement cleanup
  • Client acceptance
  • Lessons learned
  • Follow-up actions/retest
  • Attestation of findings
  • Given a scenario, recommend mitigation strategies for discovered vulnerabilities
  • Solutions
  • Findings
  • Remediation
  • Explain the importance of communication during the penetration testing process
  • Communication path
  • Communication triggers
  • Reasons for communication
  • Goal reprioritization

 CORSI DI PREPARAZIONE

Corso Penetration Test;

 SOSTIENI DIRETTAMENTE L’ESAME

Sei già pronto per sostenere l’esame e non hai bisogno di seguire il corso ?
Segui il link https://store.vegatraining.eu/prodotto/esami-online-certificazione-comptia-pentest/ per accedere a tutti i servizi di supporto all’esame. Potrai semplicemente acquistare il voucher per la prenotazione, oppure richiedere ulteriori servizi come il test di simulazione, guida all’esame online, supporto alla prenotazione, fino al nostro servizio di tutoraggio one to one verticale sui contenuti dell’esame.

CONTATTACI
UN NOSTRO CONSULENTE
TECNICO

Servizio attivo dal lunedì al giovedì 09.00-13.00 e 15.00-19.00 e Il venerdì dalle 09.00-13.00.

FORMAZIONE A DISTANZA

APPROFONDISCI

FORMAZIONE AZIENDALE

APPROFONDISCI

LABORATORIO LAVORO

APPROFONDISCI

LABORATORIO REMOTO

APPROFONDISCI

RICHIEDI CONSULENZA

APPROFONDISCI
ALTRE CERTIFICAZIONI
Cisco CCNA
DevNet Associate
CCNP Enterprise
Huawei HCIA R&S
CCNP Service Provider
CCNP Collaboration
Cisco Cybersecurity
CompTIA PenTest+
Fortinet NSE4
Fortinet NSE5
CCNP Security
Check Point CCSA
Palo Alto PCNSA
Check Point CCSE
CompTIA Linux+
Docker DCA
Kubernetes CKA
CompTIA A+
Windows Server 2019
Azure Administrator
AWS Solutions Architect
Google Cloud Engineer
Alibaba Cloud Computing
Azure Developer
VMware VCP-DCV
CCNP Data Center
Oracle SQL
Azure Database Admin
Azure Data Scientist Associate
Power BI
Java OCA
Programming C#
Python PCAP Associate
Altre Certificazioni