Certificazione CompTIA PenTest+
PANORAMICA
PANORAMICA
Esame PT0-001;
La certificazione CompTIA PenTest+ attesta le competenze nell’ambito della pratica di “testare” un sistema informatico, una rete o un’applicazione web per trovare vulnerabilità di sicurezza che un utente malintenzionato potrebbe sfruttare. I concetti verificati dall’esame certificano il ruolo professionale del Penetration Tester, ovvero quella figura delegata ad effettuare valutazioni di sicurezza dei server, dei sistemi e dispositivi di rete, progettare e crea nuovi strumenti e test di penetrazione.
Per conseguire la Certificazione CompTIA PenTest+ è necessario sostenere con successo il seguente esame:
Esame PT0-001 CompTIA PenTest+;
CORSI PROPEDEUTICI
Affrontare un esame di certificazione richiede una preparazione specifica.
Per questa certificazione consigliamo:
SVOLGIMENTO E DURATA
SVOLGIMENTO E DURATAEsame PT0-001 CompTIA PenTest+ durata 165 minuti 85 quesiti;
Negli esami sono presenti quesiti formulati in lingua inglese in forme differenti: Risposta Multipla; completamento di testo, collegamenti concettuali Drag and Drop; vere e proprie simulazioni laboratoriali.
PREREQUISITI
Nessun prerequisito.
ARGOMENTI D’ESAME
ARGOMENTI D’ESAMEEsame CompTIA PenTest+ PT0-001;
- Planning and Scoping
- Explain the importance of planning for an engagement
- Understanding the target audience
- Rules of engagement
- Communication escalation path
- Resources and requirements
- Impact analysis and remediation timelines
- Disclaimers
- Technical constraints
- Support resources
- Explain key legal concepts
- Contracts
- Environmental differences
- Written authorization
- Explain the importance of scoping an engagement properly
- Types of assessment
- Special scoping considerations
- Target selection
- Strategy
- Risk acceptance
- Tolerance to impact
- Scheduling
- Scope creep
- Threat actors
- Explain the key aspects of compliance-based assessments
- Information Gathering and Vulnerability Identification
- Given a scenario, conduct information gathering using appropriate techniques
- Scanning
- Enumeration
- Packet crafting
- Packet inspection
- Fingerprinting
- Cryptography
- Eavesdropping
- Decompilation
- Debugging
- Open Source Intelligence Gathering
- Given a scenario, perform a vulnerability scan
- Credentialed vs. non-credentialed
- Types of scans
- Container security
- Application scan
- Considerations of vulnerability scanning
- Given a scenario, analyze vulnerability scan results
- Asset categorization
- Adjudication
- Prioritization of vulnerabilities
- Common themes
- Explain the process of leveraging information to prepare for exploitation
- Map vulnerabilities to potential exploits
- Prioritize activities in preparation for penetration test
- Describe common techniques
- Describe common techniques to complete attack
- Explain weaknesses related to specialized systems
- Attacks and Exploits
- Compare and contrast social engineering attacks
- Phishing
- Elicitation
- Interrogation
- Impersonation
- Shoulder surfing
- USB key drop
- Motivation techniques
- Given a scenario, exploit network-based vulnerabilities
- Name resolution exploits
- SMB exploits
- SNMP exploits
- SMTP exploits
- FTP exploits
- DNS cache poisoning
- Pass the hash
- Man-in-the-middle
- DoS/stress test
- NAC bypass
- VLAN hopping
- Given a scenario, exploit wireless and RF-based vulnerabilities
- Evil twin
- Deauthentication attacks
- Fragmentation attacks
- WPS implementation weakness
- Bluejacking
- Bluesnarfing
- RFID cloning
- Jamming
- Repeating
- Given a scenario, exploit application-based vulnerabilities
- Injections
- Authentication
- Authorization
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF/XSRF)
- Clickjacking
- Security misconfiguration
- File inclusion
- Unsecure code practices
- Given a scenario, exploit local host vulnerabilities
- OS vulnerabilities
- Unsecure service and protocol configurations
- Privilege escalation
- Default account settings
- Sandbox escape
- Physical device security
- Summarize physical security attacks related to facilities
- Piggybacking/tailgating
- Fence jumping
- Dumpster diving
- Lock picking
- Lock bypass
- Egress sensor
- Badge cloning
- Given a scenario, perform post-exploitation techniques
- Lateral movement
- Persistence
- Covering your tracks
- Penetration Testing Tools
- Given a scenario, use Nmap to conduct information gathering exercises
- SYN scan vs. full connect scan
- Port selection
- Service identification
- OS fingerprinting
- Disabling ping
- Compare and contrast various use cases of tools
- Use cases
- Tools
- Given a scenario, analyze tool output or data related to a penetration test
- Password cracking
- Pass the hash
- Setting up a bind shell
- Getting a reverse shell
- Proxying a connection
- Uploading a web shell
- Injections
- Given a scenario, analyze a basic script
- Reporting and Communication
- Given a scenario, use report writing and handling best practices
- Normalization of data
- Written report of findings and remediation
- Risk appetite
- Storage time for report
- Secure handling and disposition of reports
- Explain post-report delivery activities
- Post-engagement cleanup
- Client acceptance
- Lessons learned
- Follow-up actions/retest
- Attestation of findings
- Given a scenario, recommend mitigation strategies for discovered vulnerabilities
- Solutions
- Findings
- Remediation
- Explain the importance of communication during the penetration testing process
- Communication path
- Communication triggers
- Reasons for communication
- Goal reprioritization
CORSI PROPEDEUTICI
CONTATTACI
