Exam Number: PT0-001
The CompTIA PenTest+ exam will certify the successful candidate has the knowledge and skills required to:
• Plan and scope an assessment
• Understand legal and compliance requirements
• Perform vulnerability scanning and penetration testing using appropriate tools and techniques
• Analyze the results
In addition, the candidate will be able to:
• Produce a written report containing proposed remediation techniques
• Effectively communicate results to management
• Provide practical recommendations
1.0 Planning and Scoping
-Explain the importance of planning for an engagement.
-Explain key legal concepts.
-Explain the importance of scoping an engagement properly.
-Explain the key aspects of compliance-based assessments.
2.0 Information Gathering and Vulnerability Identification
-Given a scenario, conduct information gathering using appropriate techniques.
-Given a scenario, perform a vulnerability scan.
-Given a scenario, analyze vulnerability scan results.
-Explain the process of leveraging information to prepare for exploitation.
-Explain weaknesses related to specialized systems.
3.0 Attacks and Exploits
-Compare and contrast social engineering attacks.
-Given a scenario, exploit network-based vulnerabilities.
-Given a scenario, exploit wireless and RF-based vulnerabilities.
-Given a scenario, exploit application-based vulnerabilities.
-Given a scenario, exploit local host vulnerabilities.
-Summarize physical security attacks related to facilities.
-Given a scenario, perform post-exploitation techniques.
4.0 Penetration Testing Tools
-Given a scenario, use Nmap to conduct information gathering exercises.
-Compare and contrast various use cases of tools.
-Given a scenario, analyze tool output or data related to a penetration test.
-Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell).
5.0 Reporting and Communication
-Given a scenario, use report writing and handling best practices.
-Explain post-report delivery activities.
-Given a scenario, recommend mitigation strategies for discovered vulnerabilities.
-Explain the importance of communication during the penetration testing process.