• Skip to primary navigation
  • Skip to content
  • Skip to footer
 AREA RISERVATA
 800-177596
 CHI SIAMO
 CONTATTACI
 AREA RISERVATA
 CONTATTACI
 800-177596
Vega Training

Vega Training

Formazione Certificata Ovunque

  • Corsi
  • Categorie Corsi
  • Certificazioni
  • Tecnologie
  • Calendario
  • Articoli Tecnici
  • Blog

Certificazione CompTIA PenTest+

Corsi Comptia linux, Corsi Comptia Server

Certificazione CompTIA PenTest+

Panoramica | Svolgimento e Durata | Prerequisiti
Argomenti D’esame   |  Corsi di Preparazione

Panoramica   Svolgimento e Durata
Prerequisiti
Argomenti D’esame    Corsi di Preparazione

PANORAMICA

Corso e Certificazione Penetration Test, CompTIA PenTest+

Esame PT0-001;

La certificazione CompTIA PenTest+ attesta le competenze nell’ambito della pratica di “testare” un sistema informatico, una rete o un’applicazione web per trovare vulnerabilità di sicurezza che un utente malintenzionato potrebbe sfruttare. I concetti verificati dall’esame certificano il ruolo professionale del Penetration Tester, ovvero quella figura delegata ad effettuare valutazioni di sicurezza dei server, dei sistemi e dispositivi di rete, progettare e crea nuovi strumenti e test di penetrazione.

Per conseguire la Certificazione CompTIA PenTest+ è necessario sostenere con successo il seguente esame:
Esame PT0-001 CompTIA PenTest+;

Corsi propedeutici alla certificazione

Corso di Preparazione:
Corso Penetration Test
Contattaci ora per ricevere tutti i dettagli e per richiedere, senza alcun impegno, di parlare direttamente con uno dei nostri Docenti Cyber Security CLICCA QUI.
Oppure chiamaci subito al nostro numero verde  800-177596.

 SVOLGIMENTO E DURATA

Esame PT0-001 CompTIA PenTest+ durata 165 minuti 85 quesiti;

Negli esami sono presenti quesiti formulati in lingua inglese in forme differenti: Risposta Multipla; completamento di testo, collegamenti concettuali Drag and Drop; vere e proprie simulazioni laboratoriali.

 PREREQUISITI

Frequentare il Corso Penetration Test.

ARGOMENTI D’ESAME

Esame CompTIA PenTest+ PT0-001;

  • Planning and Scoping
  • Explain the importance of planning for an engagement
  • Understanding the target audience
  • Rules of engagement
  • Communication escalation path
  • Resources and requirements
  • Impact analysis and remediation timelines
  • Disclaimers
  • Technical constraints
  • Support resources
  • Explain key legal concepts
  • Contracts
  • Environmental differences
  • Written authorization
  • Explain the importance of scoping an engagement properly
  • Types of assessment
  • Special scoping considerations
  • Target selection
  • Strategy
  • Risk acceptance
  • Tolerance to impact
  • Scheduling
  • Scope creep
  • Threat actors
  • Explain the key aspects of compliance-based assessments
  • Information Gathering and Vulnerability Identification
  • Given a scenario, conduct information gathering using appropriate techniques
  • Scanning
  • Enumeration
  • Packet crafting
  • Packet inspection
  • Fingerprinting
  • Cryptography
  • Eavesdropping
  • Decompilation
  • Debugging
  • Open Source Intelligence Gathering
  • Given a scenario, perform a vulnerability scan
  • Credentialed vs. non-credentialed
  • Types of scans
  • Container security
  • Application scan
  • Considerations of vulnerability scanning
  • Given a scenario, analyze vulnerability scan results
  • Asset categorization
  • Adjudication
  • Prioritization of vulnerabilities
  • Common themes
  • Explain the process of leveraging information to prepare for exploitation
  • Map vulnerabilities to potential exploits
  • Prioritize activities in preparation for penetration test
  • Describe common techniques
  • Describe common techniques to complete attack
  • Explain weaknesses related to specialized systems
  • Attacks and Exploits
  • Compare and contrast social engineering attacks
  • Phishing
  • Elicitation
  • Interrogation
  • Impersonation
  • Shoulder surfing
  • USB key drop
  • Motivation techniques
  • Given a scenario, exploit network-based vulnerabilities
  • Name resolution exploits
  • SMB exploits
  • SNMP exploits
  • SMTP exploits
  • FTP exploits
  • DNS cache poisoning
  • Pass the hash
  • Man-in-the-middle
  • DoS/stress test
  • NAC bypass
  • VLAN hopping
  • Given a scenario, exploit wireless and RF-based vulnerabilities
  • Evil twin
  • Deauthentication attacks
  • Fragmentation attacks
  • WPS implementation weakness
  • Bluejacking
  • Bluesnarfing
  • RFID cloning
  • Jamming
  • Repeating
  • Given a scenario, exploit application-based vulnerabilities
  • Injections
  • Authentication
  • Authorization
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF/XSRF)
  • Clickjacking
  • Security misconfiguration
  • File inclusion
  • Unsecure code practices
  • Given a scenario, exploit local host vulnerabilities
  • OS vulnerabilities
  • Unsecure service and protocol configurations
  • Privilege escalation
  • Default account settings
  • Sandbox escape
  • Physical device security
  • Summarize physical security attacks related to facilities
  • Piggybacking/tailgating
  • Fence jumping
  • Dumpster diving
  • Lock picking
  • Lock bypass
  • Egress sensor
  • Badge cloning
  • Given a scenario, perform post-exploitation techniques
  • Lateral movement
  • Persistence
  • Covering your tracks
  • Penetration Testing Tools
  • Given a scenario, use Nmap to conduct information gathering exercises
  • SYN scan vs. full connect scan
  • Port selection
  • Service identification
  • OS fingerprinting
  • Disabling ping
  • Compare and contrast various use cases of tools
  • Use cases
  • Tools
  • Given a scenario, analyze tool output or data related to a penetration test
  • Password cracking
  • Pass the hash
  • Setting up a bind shell
  • Getting a reverse shell
  • Proxying a connection
  • Uploading a web shell
  • Injections
  • Given a scenario, analyze a basic script
  • Reporting and Communication
  • Given a scenario, use report writing and handling best practices
  • Normalization of data
  • Written report of findings and remediation
  • Risk appetite
  • Storage time for report
  • Secure handling and disposition of reports
  • Explain post-report delivery activities
  • Post-engagement cleanup
  • Client acceptance
  • Lessons learned
  • Follow-up actions/retest
  • Attestation of findings
  • Given a scenario, recommend mitigation strategies for discovered vulnerabilities
  • Solutions
  • Findings
  • Remediation
  • Explain the importance of communication during the penetration testing process
  • Communication path
  • Communication triggers
  • Reasons for communication
  • Goal reprioritization

 CORSI DI PREPARAZIONE

Corso Penetration Test;

CONTATTACI
UN NOSTRO CONSULENTE
TECNICO

Servizio attivo dal lunedì al giovedì 09.00-13.00 e 15.00-19.00 e Il venerdì dalle 09.00-13.00.

FORMAZIONE A DISTANZA

APPROFONDISCI

FORMAZIONE AZIENDALE

APPROFONDISCI

LABORATORIO LAVORO

APPROFONDISCI

LABORATORIO REMOTO

APPROFONDISCI

RICHIEDI CONSULENZA

APPROFONDISCI
ALTRE CERTIFICAZIONI
Cisco CCNA
DevNet Associate
CCNP Enterprise
Huawei HCIA R&S
CCNP Service Provider
CCNP Collaboration
Cisco Cybersecurity
CompTIA PenTest+
Fortinet NSE4
Fortinet NSE5
CCNP Security
Check Point CCSA
Check Point CCSE
CompTIA Linux+
Docker DCA
Kubernetes CKA
CompTIA A+
Windows Server 2016
Azure Administrator
Azure Developer
VMware VCP-DCV
VMware VCP-NV
CCNP Data Center
Oracle SQL
SQL Server Admin
Azure Data Scientist Associate
Power BI
Java OCA
Programming C#
Programming Python
Altre Certificazioni

Footer

CHI SIAMO


Formazione Aziendale
Formazione a Distanza
Casi di successo
Partner e convenzioni
About Vega Training

DIRITTI E PRIVACY


Privacy
Cookie
Certificazione ISO
Contatti

QUICK LINKS


Corsi Cisco
Corsi Microsoft
Corsi Check Point
Corsi CompTIA
Corsi Huawei
Corsi Fortinet
Corsi VMware

CONTATTI



Dall’estero: +39 02 87168254
[email protected]

Vega Training® SRL - Piva: 01985170743 - Copyright 2021