SlideShare a Scribd company logo

CompTIA PenTest+ Exam (PT0-001) Exam Review

Download as PPTX, PDF
J
Joseph Holbrook, Chief Learning Officer (CLO)

ompTIA PenTest+ is a certification for intermediate skills level cybersecurity professionals who are tasked with hands-on penetration testing to identify, exploit, report, and manage vulnerabilities on a network

Technology
1 of 32
Joseph Holbrook, Cloud Consulting Architect and Technical Trainer CompTIA Subject Matter Expert (SME) Cloudbursting Corp(AWS Partner) in Jacksonville, FL. 03/30/2018 COMPTIA PENTEST+ BETA EXAM CODE PT1-001
• Joe Holbrook, owner of Cloudbursting Corp in Jacksonville, FL. • Cloud Consulting Architect & Technical Trainer who has been consulting in the Cloud Computing, IT Security Data Storage areas for over 15 years. • Government contractor and consultant for 10 years. DOD 8570 • IT Security mainly around Cryptography and secure communications for Federal Gov. • CompTIA Subject Matter Expert (SME) • Holds numerous vendor and CompTIA Certs ABOUT YOUR INSTRUCTOR CLOUDBURSTING CORP 4/23/2018 2
Understand what your being tested on! WHAT ARE WE COVERING TODAY
1. What is the CompTIA PenTest+ 2. Exam Objectives 3. Exam Format 4. Areas to Focus on – Frameworks (NIST, FISMA, FIPS, ISO) 5. DOD 8570 6. Observations 7. Course Coming April 2018 WHAT ARE WE COVERING TODAY Cloudbursting Corp 4/23/2018 4
“CompTIA PenTest+ is a certification for intermediate level cybersecurity professionals who are tasked with penetration testing to identify, exploit, report, and manage vulnerabilities on a network.” WHAT IS COMPTIA PENTEST EXAM? Cloudbursting Corp 4/23/2018 5
• Plan and scope an assessment • Understand legal and compliance requirements • Perform vulnerability scanning and penetration testing using appropriate tools and techniques • Analyze the results In addition, the candidate will be able to: • Produce a written report containing proposed remediation techniques • Effectively communicate results to management • Provide practical recommendations DUTIES FOR A PENETRATION TESTER CLOUDBURSTING CORP 4/23/2018 6
Understand what your being tested on! EXAM OBJECTIVES
EXAM OBJECTIVES CLOUDBURSTING CORP 4/23/2018 8
1.0 Planning and Scoping 1.1 Explain the importance of planning for an engagement. 1.2 Explain key legal concepts 1.3 Explain the importance of scoping an engagement properly 1.4 Explain the key aspects of compliance-based assessments OBJECTIVES CLOUDBURSTING CORP 4/23/2018 9
2.0 Information Gathering and Vulnerability Identification • 2.1 Given a scenario, conduct information gathering using appropriate techniques. • 2.2 Given a scenario, perform a vulnerability scan • 2.3 Given a scenario, analyze vulnerability scan results • 2.4 Explain the process of leveraging information to prepare for exploitation • 2.5 Explain weaknesses related to specialized systems OBJECTIVES CLOUDBURSTING CORP 4/23/2018 10
3.0 Attacks and Exploits • 3.1 Compare and contrast social engineering attacks • 3.2 Given a scenario, exploit network-based vulnerabilities • 3.3 Given a scenario, exploit wireless and RF-based vulnerabilities • 3.4 Given a scenario, exploit application-based vulnerabilities • 3.5 Given a scenario, exploit local host vulnerabilities • 3.6 Summarize physical security attacks related to facilities • 3.7 Given a scenario, perform post-exploitation techniques OBJECTIVES CLOUDBURSTING CORP 4/23/2018 11
4.0 Penetration Testing Tools • 4.1 Given a scenario, use Nmap to conduct information gathering exercises • 4.2 Compare and contrast various use cases of tools • 4.3 Given a scenario, analyze tool output or data related to a penetration test • 4.4 Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell) OBJECTIVES CLOUDBURSTING CORP 4/23/2018 12
5.0 Reporting and Communication • 4.1 Given a scenario, use report writing and handling best practices • 4.2 Explain post-report delivery activities • 4.3 Given a scenario, recommend mitigation strategies for discovered vulnerabilities • 4.4 Explain the importance of communication during the penetration testing process OBJECTIVES CLOUDBURSTING CORP 4/23/2018 13
Understand what your being tested on! EXAM FORMAT
• Around 80 questions (165 minutes ) • Passing score: 750 on a scale 100-900 • Multiple Choice and Performance Based Questions • ​Pass/fail information will not be available until summer 2018; candidates will be notified. Only a numbered score is issued at the end of the beta exam. No exam objectives appear in beta exam results. EXAM FORMAT CLOUDBURSTING CORP TBC
CYBERSECURITY CAREER PATH Cloudbursting Corp4/23/2018 16
EXAM DETAILS OVERVIEW CLOUDBURSTING CORP 4/23/2018 17
Understand what your being tested on! AREAS TO FOCUS ON - FRAMEWORKS
• http://csrc.nist.gov/groups/SMA/fisma/assessment.html • Guide for Assessing the Security Controls in Federal Information Systems and Organizations • The purpose of NIST Special Publication 800-53A (as amended) is to establish common assessment procedures to assess the effectiveness of security controls in federal information systems, specifically those controls listed in NIST Special Publication 800-53 (as amended), GET TO KNOW NIST ASSESSMENTS CLOUDBURSTING CORP 4/23/2018 19
• https://www.nist.gov/cyberframework GET TO KNOW NIST CYBER FRAMEWORK CLOUDBURSTING CORP 4/23/2018 20
• ESSENCE OF FIPS 200 - MINIMUM SECURITY REQUIREMENTS FOR FEDERAL INFORMATION AND INFORMATION SYSTEMS • FIPS 200 defines following 17 security areas covered under confidentiality, integrity, and availability (CIA) of federal information systems and the information processed, stored, and transmitted by those systems. • For the actual requirements, it refers to NIST Special Publication 800-53 and says that federal agencies must meet its requirements. https://doi.org/10.6028/NIST.FIPS.200 GET TO KNOW FIPS 200 FRAMEWORK CLOUDBURSTING CORP 4/23/2018 21
• The Federal Information Security Management Act of 2002 was updated in Public Law 113 to Federal Information Security Modernization Act of 2014. For more information, see http://csrc.nist.gov/groups/SMA/fisma/overview.html. • Protecting the Nation's Critical Information Infrastructure GET TO KNOW FISMA ACT CLOUDBURSTING CORP 4/23/2018 22
• https://nvd.nist.gov/ GET TO KNOW NIST VULNERABILITY DATABASE CLOUDBURSTING CORP 4/23/2018 23
GET TO KNOW NIST TECH GUIDE CLOUDBURSTING CORP 4/23/2018 24
Understand what your being tested on! DOD 8570 & ISO/ANSI 17024
CSA+ is ISO/ANSI 17024 accredited and is awaiting approval by the U.S. Department of Defense (DoD) for directive 8140/8570.01-M requirements. https://certification.comptia.org/it-career- news/post/view/2015/09/11/what-are-u-s-dod-8140-8570-and-8570-01- m-and-what-do-they-mean-for-your-career- DOD 8570 & ISO/ANSI 17024 CLOUDBURSTING CORP 4/23/2018 26
The DoD 8570 Information Assurance Training, Certification and Workforce Management program addresses this threat by proactively educating and certifying commercial contractors, and military and civilian personnel to perform their critical duties as Information Assurance professionals. Under the 8570 Mandate, all personnel with "privileged access" to DoD systems must obtain an ANSI-approved commercial certification. DOD 8570 & ISO/ANSI 17024 CLOUDBURSTING CORP 4/23/2018 27
Understand what your being tested on! SOME THOUGHTS ON EXAM
My observations • Exam is clearly experienced based • NMAP is tested highly as other tools • Expect to have 10% or more performance based • Study materials not fully available • 10% of questions were on tools such as NMAP, OpenVAS, Nessus, etc. • Another 10% covered areas such as exploitation. • Harder and more technical than the CEH Exam. OBSERVATIONS CLOUDBURSTING CORP 4/23/2018 29
My observations • The exam covers scripting somewhat deeper than I would have expected. Know how to debug, error handling, debugging, etc. PHP, Python and Bash appeared. • Study materials from GPEN, GWAPT , OSCP and CEH until proper PenTest Materials come out. • Before taking the exam if you have Security Plus or CASP PenTesting materials review it. • White Hat, Red Hats… OBSERVATIONS CLOUDBURSTING CORP 4/23/2018 30
My observations • One recommendation is to review MetaSploit • Know to exploit SQL • Know mobile exploits (Bluetooth, Android) • Wifi attacks. • Web Crawling (Scrapy) • Password attacks(BruteForce, Digests) OBSERVATIONS CLOUDBURSTING CORP 4/23/2018 31
• Course to be released • Udemy • April 2018 COURSE ON UDEMY –RELEASE DATE APRIL 2018 CLOUDBURSTING CORP 4/23/2018 32

Recommended

CompTIA PenTest+ BETA EXAM CODE PT1-001
CompTIA PenTest+ BETA EXAM CODE PT1-001CompTIA PenTest+ BETA EXAM CODE PT1-001
CompTIA PenTest+ BETA EXAM CODE PT1-001Joseph Holbrook, Chief Learning Officer (CLO)
 
CompTIA Security+: Everything you need to know about the SY0-601 update
CompTIA Security+: Everything you need to know about the SY0-601 updateCompTIA Security+: Everything you need to know about the SY0-601 update
CompTIA Security+: Everything you need to know about the SY0-601 updateInfosec
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowInfosec
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationInfosec
 
CompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examCompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examInfosec
 
Comp tia network_n10-005
Comp tia network_n10-005Comp tia network_n10-005
Comp tia network_n10-005sunil kumar
 
Isaca career paths - the highest paying certifications in the industry
Isaca career paths - the highest paying certifications in the industryIsaca career paths - the highest paying certifications in the industry
Isaca career paths - the highest paying certifications in the industryInfosec
 
CompTIA Security+ Objectives
CompTIA Security+ ObjectivesCompTIA Security+ Objectives
CompTIA Security+ Objectivessombat nirund
 

Recommended

CompTIA PenTest+ BETA EXAM CODE PT1-001
CompTIA PenTest+ BETA EXAM CODE PT1-001CompTIA PenTest+ BETA EXAM CODE PT1-001
CompTIA PenTest+ BETA EXAM CODE PT1-001Joseph Holbrook, Chief Learning Officer (CLO)
 
CompTIA Security+: Everything you need to know about the SY0-601 update
CompTIA Security+: Everything you need to know about the SY0-601 updateCompTIA Security+: Everything you need to know about the SY0-601 update
CompTIA Security+: Everything you need to know about the SY0-601 updateInfosec
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowInfosec
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationInfosec
 
CompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examCompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examInfosec
 
Comp tia network_n10-005
Comp tia network_n10-005Comp tia network_n10-005
Comp tia network_n10-005sunil kumar
 
Isaca career paths - the highest paying certifications in the industry
Isaca career paths - the highest paying certifications in the industryIsaca career paths - the highest paying certifications in the industry
Isaca career paths - the highest paying certifications in the industryInfosec
 
CompTIA Security+ Objectives
CompTIA Security+ ObjectivesCompTIA Security+ Objectives
CompTIA Security+ Objectivessombat nirund
 
CMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentCMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentInfosec
 
CompTIA Managed Services Community Meeting: ChannelCon 2013
CompTIA Managed Services Community Meeting: ChannelCon 2013CompTIA Managed Services Community Meeting: ChannelCon 2013
CompTIA Managed Services Community Meeting: ChannelCon 2013CompTIA
 
Webinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in ReviewWebinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in ReviewSynopsys Software Integrity Group
 
Solar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesSolar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesInfosec
 
Comp tia security sy0 601 domain 3 implementation
Comp tia security sy0 601 domain 3 implementationComp tia security sy0 601 domain 3 implementation
Comp tia security sy0 601 domain 3 implementationShivamSharma909
 
CompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examCompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examInfosec
 
PenTest+: Everything you need to know about CompTIA’s new certification
PenTest+: Everything you need to know about CompTIA’s new certificationPenTest+: Everything you need to know about CompTIA’s new certification
PenTest+: Everything you need to know about CompTIA’s new certificationInfosec
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsSynopsys Software Integrity Group
 
Comptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseComptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseShivamSharma909
 
Webinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or RealityWebinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or RealitySynopsys Software Integrity Group
 
CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)Chanaka Lasantha
 
CompTIA IT Skills Presentation
CompTIA IT Skills PresentationCompTIA IT Skills Presentation
CompTIA IT Skills Presentationsombat nirund
 
Flight East 2018 Presentation–You've got your open source audit report, now w...
Flight East 2018 Presentation–You've got your open source audit report, now w...Flight East 2018 Presentation–You've got your open source audit report, now w...
Flight East 2018 Presentation–You've got your open source audit report, now w...Synopsys Software Integrity Group
 
Activity1 c1
Activity1 c1Activity1 c1
Activity1 c1FORMAEMPLEO
 
Web Applications Security Assessment In The Portuguese World Wide Web Panorama
Web Applications Security Assessment In The Portuguese World Wide Web PanoramaWeb Applications Security Assessment In The Portuguese World Wide Web Panorama
Web Applications Security Assessment In The Portuguese World Wide Web Panoramanfteodoro
 
Third party datasecurity assurance questionnaire
Third party datasecurity assurance questionnaireThird party datasecurity assurance questionnaire
Third party datasecurity assurance questionnairePriyanka Aash
 
Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Synopsys Software Integrity Group
 
Cybersecurity Test and Evaluation (TE) Training : Tonex Training
Cybersecurity Test and Evaluation (TE) Training : Tonex TrainingCybersecurity Test and Evaluation (TE) Training : Tonex Training
Cybersecurity Test and Evaluation (TE) Training : Tonex TrainingBryan Len
 
Webinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created EqualWebinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created EqualSynopsys Software Integrity Group
 
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsScott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsTrish McGinity, CCSK
 
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptxInfosec
 
Meeting Today’s IT Support Challenges with CompTIA A+
Meeting Today’s IT Support Challenges with CompTIA A+Meeting Today’s IT Support Challenges with CompTIA A+
Meeting Today’s IT Support Challenges with CompTIA A+CompTIA
 

More Related Content

What's hot

CMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentCMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentInfosec
 
CompTIA Managed Services Community Meeting: ChannelCon 2013
CompTIA Managed Services Community Meeting: ChannelCon 2013CompTIA Managed Services Community Meeting: ChannelCon 2013
CompTIA Managed Services Community Meeting: ChannelCon 2013CompTIA
 
Solar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesSolar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesInfosec
 
Comp tia security sy0 601 domain 3 implementation
Comp tia security sy0 601 domain 3 implementationComp tia security sy0 601 domain 3 implementation
Comp tia security sy0 601 domain 3 implementationShivamSharma909
 
CompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examCompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examInfosec
 
PenTest+: Everything you need to know about CompTIA’s new certification
PenTest+: Everything you need to know about CompTIA’s new certificationPenTest+: Everything you need to know about CompTIA’s new certification
PenTest+: Everything you need to know about CompTIA’s new certificationInfosec
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsSynopsys Software Integrity Group
 
Comptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseComptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseShivamSharma909
 
CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)Chanaka Lasantha
 
CompTIA IT Skills Presentation
CompTIA IT Skills PresentationCompTIA IT Skills Presentation
CompTIA IT Skills Presentationsombat nirund
 
Flight East 2018 Presentation–You've got your open source audit report, now w...
Flight East 2018 Presentation–You've got your open source audit report, now w...Flight East 2018 Presentation–You've got your open source audit report, now w...
Flight East 2018 Presentation–You've got your open source audit report, now w...Synopsys Software Integrity Group
 
Web Applications Security Assessment In The Portuguese World Wide Web Panorama
Web Applications Security Assessment In The Portuguese World Wide Web PanoramaWeb Applications Security Assessment In The Portuguese World Wide Web Panorama
Web Applications Security Assessment In The Portuguese World Wide Web Panoramanfteodoro
 
Third party datasecurity assurance questionnaire
Third party datasecurity assurance questionnaireThird party datasecurity assurance questionnaire
Third party datasecurity assurance questionnairePriyanka Aash
 
Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Synopsys Software Integrity Group
 
Cybersecurity Test and Evaluation (TE) Training : Tonex Training
Cybersecurity Test and Evaluation (TE) Training : Tonex TrainingCybersecurity Test and Evaluation (TE) Training : Tonex Training
Cybersecurity Test and Evaluation (TE) Training : Tonex TrainingBryan Len
 
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsScott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsTrish McGinity, CCSK
 

What's hot (20)

CMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentCMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessment
 
CompTIA Managed Services Community Meeting: ChannelCon 2013
CompTIA Managed Services Community Meeting: ChannelCon 2013CompTIA Managed Services Community Meeting: ChannelCon 2013
CompTIA Managed Services Community Meeting: ChannelCon 2013
 
Webinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in ReviewWebinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in Review
 
Solar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesSolar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenches
 
Comp tia security sy0 601 domain 3 implementation
Comp tia security sy0 601 domain 3 implementationComp tia security sy0 601 domain 3 implementation
Comp tia security sy0 601 domain 3 implementation
 
CompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examCompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new exam
 
PenTest+: Everything you need to know about CompTIA’s new certification
PenTest+: Everything you need to know about CompTIA’s new certificationPenTest+: Everything you need to know about CompTIA’s new certification
PenTest+: Everything you need to know about CompTIA’s new certification
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
 
Comptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseComptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident response
 
Webinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or RealityWebinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or Reality
 
CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)
 
CompTIA IT Skills Presentation
CompTIA IT Skills PresentationCompTIA IT Skills Presentation
CompTIA IT Skills Presentation
 
Flight East 2018 Presentation–You've got your open source audit report, now w...
Flight East 2018 Presentation–You've got your open source audit report, now w...Flight East 2018 Presentation–You've got your open source audit report, now w...
Flight East 2018 Presentation–You've got your open source audit report, now w...
 
Activity1 c1
Activity1 c1Activity1 c1
Activity1 c1
 
Web Applications Security Assessment In The Portuguese World Wide Web Panorama
Web Applications Security Assessment In The Portuguese World Wide Web PanoramaWeb Applications Security Assessment In The Portuguese World Wide Web Panorama
Web Applications Security Assessment In The Portuguese World Wide Web Panorama
 
Third party datasecurity assurance questionnaire
Third party datasecurity assurance questionnaireThird party datasecurity assurance questionnaire
Third party datasecurity assurance questionnaire
 
Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What?
 
Cybersecurity Test and Evaluation (TE) Training : Tonex Training
Cybersecurity Test and Evaluation (TE) Training : Tonex TrainingCybersecurity Test and Evaluation (TE) Training : Tonex Training
Cybersecurity Test and Evaluation (TE) Training : Tonex Training
 
Webinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created EqualWebinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created Equal
 
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsScott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certs
 

Similar to CompTIA PenTest+ Exam (PT0-001) Exam Review

2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptxInfosec
 
Meeting Today’s IT Support Challenges with CompTIA A+
Meeting Today’s IT Support Challenges with CompTIA A+Meeting Today’s IT Support Challenges with CompTIA A+
Meeting Today’s IT Support Challenges with CompTIA A+CompTIA
 
Meeting the Cybersecurity Skills Challenge with CompTIA Security+
Meeting the Cybersecurity Skills Challenge with CompTIA Security+Meeting the Cybersecurity Skills Challenge with CompTIA Security+
Meeting the Cybersecurity Skills Challenge with CompTIA Security+CompTIA
 
CompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the examCompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the examInfosec
 
Comptia security-sy0-401
Comptia security-sy0-401Comptia security-sy0-401
Comptia security-sy0-401pgupta101
 
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Dr. Ahmed Al Zaidy
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfJack Nichelson
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 
CompTIA Cloud Essentials Objectives
CompTIA Cloud Essentials ObjectivesCompTIA Cloud Essentials Objectives
CompTIA Cloud Essentials Objectivessombat nirund
 
CS0-002 Exam Questinos | CS0002 Guidebook
CS0-002 Exam Questinos | CS0002 GuidebookCS0-002 Exam Questinos | CS0002 Guidebook
CS0-002 Exam Questinos | CS0002 Guidebookbronxfugly43
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...Ignyte Assurance Platform
 
CompTIA CAS-002 VCE Outline
CompTIA CAS-002 VCE OutlineCompTIA CAS-002 VCE Outline
CompTIA CAS-002 VCE OutlineExamcollection
 
How to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical InformationHow to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical InformationKoenig Solutions Ltd.
 

Similar to CompTIA PenTest+ Exam (PT0-001) Exam Review (20)

2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
 
Meeting Today’s IT Support Challenges with CompTIA A+
Meeting Today’s IT Support Challenges with CompTIA A+Meeting Today’s IT Support Challenges with CompTIA A+
Meeting Today’s IT Support Challenges with CompTIA A+
 
Meeting the Cybersecurity Skills Challenge with CompTIA Security+
Meeting the Cybersecurity Skills Challenge with CompTIA Security+Meeting the Cybersecurity Skills Challenge with CompTIA Security+
Meeting the Cybersecurity Skills Challenge with CompTIA Security+
 
CompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the examCompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the exam
 
CompTIA Cybersecurity Analyst Certification Tips and Tricks
CompTIA Cybersecurity Analyst Certification Tips and TricksCompTIA Cybersecurity Analyst Certification Tips and Tricks
CompTIA Cybersecurity Analyst Certification Tips and Tricks
 
Comptia security-sy0-401
Comptia security-sy0-401Comptia security-sy0-401
Comptia security-sy0-401
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC Breakdown
 
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14
 
Funsec3e ppt ch14
Funsec3e ppt ch14Funsec3e ppt ch14
Funsec3e ppt ch14
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
 
CompTIA Cloud Essentials Objectives
CompTIA Cloud Essentials ObjectivesCompTIA Cloud Essentials Objectives
CompTIA Cloud Essentials Objectives
 
mile2 about us presentation2
mile2 about us presentation2mile2 about us presentation2
mile2 about us presentation2
 
CS0-002 Exam Questinos | CS0002 Guidebook
CS0-002 Exam Questinos | CS0002 GuidebookCS0-002 Exam Questinos | CS0002 Guidebook
CS0-002 Exam Questinos | CS0002 Guidebook
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
 
CMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBsCMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBs
 
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
 
CompTIA CAS-002 VCE Outline
CompTIA CAS-002 VCE OutlineCompTIA CAS-002 VCE Outline
CompTIA CAS-002 VCE Outline
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
 
How to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical InformationHow to Create Plan-of-Action to Secure Critical Information
How to Create Plan-of-Action to Secure Critical Information
 

More from Joseph Holbrook, Chief Learning Officer (CLO)

More from Joseph Holbrook, Chief Learning Officer (CLO) (20)

Cloud Computing Opportunities in the Goverment Military Sectors
Cloud Computing Opportunities in the Goverment Military SectorsCloud Computing Opportunities in the Goverment Military Sectors
Cloud Computing Opportunities in the Goverment Military Sectors
 
Top 10 key areas to learn in cloud in 2020
Top 10 key areas to learn in cloud in 2020Top 10 key areas to learn in cloud in 2020
Top 10 key areas to learn in cloud in 2020
 
"Creating a Competitive Edge Using Blockchain Technology"
"Creating a Competitive Edge Using Blockchain Technology""Creating a Competitive Edge Using Blockchain Technology"
"Creating a Competitive Edge Using Blockchain Technology"
 
How to design, code, deploy and execute a smart contract
How to design, code, deploy and execute a smart contractHow to design, code, deploy and execute a smart contract
How to design, code, deploy and execute a smart contract
 
How to Build a Threat Detection Strategy in the AWS Cloud
How to Build a Threat Detection Strategy in the AWS CloudHow to Build a Threat Detection Strategy in the AWS Cloud
How to Build a Threat Detection Strategy in the AWS Cloud
 
AWS and DevOps Session 1
AWS and DevOps Session 1AWS and DevOps Session 1
AWS and DevOps Session 1
 
Blockchain Breakout Session Tech Coast Conference Jacksonville
Blockchain Breakout Session Tech Coast Conference JacksonvilleBlockchain Breakout Session Tech Coast Conference Jacksonville
Blockchain Breakout Session Tech Coast Conference Jacksonville
 
Blockchain Fundamentals Quickstart
Blockchain Fundamentals Quickstart Blockchain Fundamentals Quickstart
Blockchain Fundamentals Quickstart
 
Blockchain Proof or Concepts for Pre Sales Engineers
Blockchain Proof or Concepts for Pre Sales EngineersBlockchain Proof or Concepts for Pre Sales Engineers
Blockchain Proof or Concepts for Pre Sales Engineers
 
DevOps on GCP Course Compared to AWS
DevOps on GCP Course Compared to AWSDevOps on GCP Course Compared to AWS
DevOps on GCP Course Compared to AWS
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals Webinar
 
Blockchain Fundamentals for Technology Engineers
Blockchain Fundamentals for Technology EngineersBlockchain Fundamentals for Technology Engineers
Blockchain Fundamentals for Technology Engineers
 
Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019
 
Cloud Computing and the Culture of Innovation
Cloud Computing and the Culture of Innovation Cloud Computing and the Culture of Innovation
Cloud Computing and the Culture of Innovation
 
Udemy Cash Flow Workshop Jacksonville IT Pro Workshop 2018
Udemy Cash Flow Workshop Jacksonville IT Pro Workshop 2018Udemy Cash Flow Workshop Jacksonville IT Pro Workshop 2018
Udemy Cash Flow Workshop Jacksonville IT Pro Workshop 2018
 
GCP Cloud Storage Security
GCP Cloud Storage SecurityGCP Cloud Storage Security
GCP Cloud Storage Security
 
Google Cloud Platform Intro to Data and Storage Services
Google Cloud Platform Intro to Data and Storage ServicesGoogle Cloud Platform Intro to Data and Storage Services
Google Cloud Platform Intro to Data and Storage Services
 
INTRO TO BLOCKCHAINS AND CRYPTOCURRENCY
INTRO TO BLOCKCHAINS AND CRYPTOCURRENCYINTRO TO BLOCKCHAINS AND CRYPTOCURRENCY
INTRO TO BLOCKCHAINS AND CRYPTOCURRENCY
 
Google Cloud Platform Data Storage
Google Cloud Platform Data StorageGoogle Cloud Platform Data Storage
Google Cloud Platform Data Storage
 
Intro to Google Cloud Platform Data Engineering.- Endpoints
Intro to Google Cloud Platform Data Engineering.- EndpointsIntro to Google Cloud Platform Data Engineering.- Endpoints
Intro to Google Cloud Platform Data Engineering.- Endpoints
 

Recently uploaded

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 

Recently uploaded (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 

CompTIA PenTest+ Exam (PT0-001) Exam Review

  • 1. Joseph Holbrook, Cloud Consulting Architect and Technical Trainer CompTIA Subject Matter Expert (SME) Cloudbursting Corp(AWS Partner) in Jacksonville, FL. 03/30/2018 COMPTIA PENTEST+ BETA EXAM CODE PT1-001
  • 2. • Joe Holbrook, owner of Cloudbursting Corp in Jacksonville, FL. • Cloud Consulting Architect & Technical Trainer who has been consulting in the Cloud Computing, IT Security Data Storage areas for over 15 years. • Government contractor and consultant for 10 years. DOD 8570 • IT Security mainly around Cryptography and secure communications for Federal Gov. • CompTIA Subject Matter Expert (SME) • Holds numerous vendor and CompTIA Certs ABOUT YOUR INSTRUCTOR CLOUDBURSTING CORP 4/23/2018 2
  • 3. Understand what your being tested on! WHAT ARE WE COVERING TODAY
  • 4. 1. What is the CompTIA PenTest+ 2. Exam Objectives 3. Exam Format 4. Areas to Focus on – Frameworks (NIST, FISMA, FIPS, ISO) 5. DOD 8570 6. Observations 7. Course Coming April 2018 WHAT ARE WE COVERING TODAY Cloudbursting Corp 4/23/2018 4
  • 5. “CompTIA PenTest+ is a certification for intermediate level cybersecurity professionals who are tasked with penetration testing to identify, exploit, report, and manage vulnerabilities on a network.” WHAT IS COMPTIA PENTEST EXAM? Cloudbursting Corp 4/23/2018 5
  • 6. • Plan and scope an assessment • Understand legal and compliance requirements • Perform vulnerability scanning and penetration testing using appropriate tools and techniques • Analyze the results In addition, the candidate will be able to: • Produce a written report containing proposed remediation techniques • Effectively communicate results to management • Provide practical recommendations DUTIES FOR A PENETRATION TESTER CLOUDBURSTING CORP 4/23/2018 6
  • 7. Understand what your being tested on! EXAM OBJECTIVES
  • 9. 1.0 Planning and Scoping 1.1 Explain the importance of planning for an engagement. 1.2 Explain key legal concepts 1.3 Explain the importance of scoping an engagement properly 1.4 Explain the key aspects of compliance-based assessments OBJECTIVES CLOUDBURSTING CORP 4/23/2018 9
  • 10. 2.0 Information Gathering and Vulnerability Identification • 2.1 Given a scenario, conduct information gathering using appropriate techniques. • 2.2 Given a scenario, perform a vulnerability scan • 2.3 Given a scenario, analyze vulnerability scan results • 2.4 Explain the process of leveraging information to prepare for exploitation • 2.5 Explain weaknesses related to specialized systems OBJECTIVES CLOUDBURSTING CORP 4/23/2018 10
  • 11. 3.0 Attacks and Exploits • 3.1 Compare and contrast social engineering attacks • 3.2 Given a scenario, exploit network-based vulnerabilities • 3.3 Given a scenario, exploit wireless and RF-based vulnerabilities • 3.4 Given a scenario, exploit application-based vulnerabilities • 3.5 Given a scenario, exploit local host vulnerabilities • 3.6 Summarize physical security attacks related to facilities • 3.7 Given a scenario, perform post-exploitation techniques OBJECTIVES CLOUDBURSTING CORP 4/23/2018 11
  • 12. 4.0 Penetration Testing Tools • 4.1 Given a scenario, use Nmap to conduct information gathering exercises • 4.2 Compare and contrast various use cases of tools • 4.3 Given a scenario, analyze tool output or data related to a penetration test • 4.4 Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell) OBJECTIVES CLOUDBURSTING CORP 4/23/2018 12
  • 13. 5.0 Reporting and Communication • 4.1 Given a scenario, use report writing and handling best practices • 4.2 Explain post-report delivery activities • 4.3 Given a scenario, recommend mitigation strategies for discovered vulnerabilities • 4.4 Explain the importance of communication during the penetration testing process OBJECTIVES CLOUDBURSTING CORP 4/23/2018 13
  • 14. Understand what your being tested on! EXAM FORMAT
  • 15. • Around 80 questions (165 minutes ) • Passing score: 750 on a scale 100-900 • Multiple Choice and Performance Based Questions • ​Pass/fail information will not be available until summer 2018; candidates will be notified. Only a numbered score is issued at the end of the beta exam. No exam objectives appear in beta exam results. EXAM FORMAT CLOUDBURSTING CORP TBC
  • 18. Understand what your being tested on! AREAS TO FOCUS ON - FRAMEWORKS
  • 19. • http://csrc.nist.gov/groups/SMA/fisma/assessment.html • Guide for Assessing the Security Controls in Federal Information Systems and Organizations • The purpose of NIST Special Publication 800-53A (as amended) is to establish common assessment procedures to assess the effectiveness of security controls in federal information systems, specifically those controls listed in NIST Special Publication 800-53 (as amended), GET TO KNOW NIST ASSESSMENTS CLOUDBURSTING CORP 4/23/2018 19
  • 20. • https://www.nist.gov/cyberframework GET TO KNOW NIST CYBER FRAMEWORK CLOUDBURSTING CORP 4/23/2018 20
  • 21. • ESSENCE OF FIPS 200 - MINIMUM SECURITY REQUIREMENTS FOR FEDERAL INFORMATION AND INFORMATION SYSTEMS • FIPS 200 defines following 17 security areas covered under confidentiality, integrity, and availability (CIA) of federal information systems and the information processed, stored, and transmitted by those systems. • For the actual requirements, it refers to NIST Special Publication 800-53 and says that federal agencies must meet its requirements. https://doi.org/10.6028/NIST.FIPS.200 GET TO KNOW FIPS 200 FRAMEWORK CLOUDBURSTING CORP 4/23/2018 21
  • 22. • The Federal Information Security Management Act of 2002 was updated in Public Law 113 to Federal Information Security Modernization Act of 2014. For more information, see http://csrc.nist.gov/groups/SMA/fisma/overview.html. • Protecting the Nation's Critical Information Infrastructure GET TO KNOW FISMA ACT CLOUDBURSTING CORP 4/23/2018 22
  • 23. • https://nvd.nist.gov/ GET TO KNOW NIST VULNERABILITY DATABASE CLOUDBURSTING CORP 4/23/2018 23
  • 24. GET TO KNOW NIST TECH GUIDE CLOUDBURSTING CORP 4/23/2018 24
  • 25. Understand what your being tested on! DOD 8570 & ISO/ANSI 17024
  • 26. CSA+ is ISO/ANSI 17024 accredited and is awaiting approval by the U.S. Department of Defense (DoD) for directive 8140/8570.01-M requirements. https://certification.comptia.org/it-career- news/post/view/2015/09/11/what-are-u-s-dod-8140-8570-and-8570-01- m-and-what-do-they-mean-for-your-career- DOD 8570 & ISO/ANSI 17024 CLOUDBURSTING CORP 4/23/2018 26
  • 27. The DoD 8570 Information Assurance Training, Certification and Workforce Management program addresses this threat by proactively educating and certifying commercial contractors, and military and civilian personnel to perform their critical duties as Information Assurance professionals. Under the 8570 Mandate, all personnel with "privileged access" to DoD systems must obtain an ANSI-approved commercial certification. DOD 8570 & ISO/ANSI 17024 CLOUDBURSTING CORP 4/23/2018 27
  • 28. Understand what your being tested on! SOME THOUGHTS ON EXAM
  • 29. My observations • Exam is clearly experienced based • NMAP is tested highly as other tools • Expect to have 10% or more performance based • Study materials not fully available • 10% of questions were on tools such as NMAP, OpenVAS, Nessus, etc. • Another 10% covered areas such as exploitation. • Harder and more technical than the CEH Exam. OBSERVATIONS CLOUDBURSTING CORP 4/23/2018 29
  • 30. My observations • The exam covers scripting somewhat deeper than I would have expected. Know how to debug, error handling, debugging, etc. PHP, Python and Bash appeared. • Study materials from GPEN, GWAPT , OSCP and CEH until proper PenTest Materials come out. • Before taking the exam if you have Security Plus or CASP PenTesting materials review it. • White Hat, Red Hats… OBSERVATIONS CLOUDBURSTING CORP 4/23/2018 30
  • 31. My observations • One recommendation is to review MetaSploit • Know to exploit SQL • Know mobile exploits (Bluetooth, Android) • Wifi attacks. • Web Crawling (Scrapy) • Password attacks(BruteForce, Digests) OBSERVATIONS CLOUDBURSTING CORP 4/23/2018 31
  • 32. • Course to be released • Udemy • April 2018 COURSE ON UDEMY –RELEASE DATE APRIL 2018 CLOUDBURSTING CORP 4/23/2018 32