SlideShare a Scribd company logo

CompTIA PenTest+ BETA EXAM CODE PT1-001

Download as PPTX, PDF
J
Joseph Holbrook, Chief Learning Officer (CLO)

“CompTIA PenTest+ is a certification for intermediate level cybersecurity professionals who are tasked with penetration testing to identify, exploit, report, and manage vulnerabilities on a network.” What is the CompTIA PenTest+ Exam Objectives Exam Format Areas to Focus on – Frameworks (NIST, FISMA, FIPS, ISO) DOD 8570 Observations Course Coming April 2018

Technology
1 of 32
Joseph Holbrook, Cloud Consulting Architect and Technical Trainer CompTIA Subject Matter Expert (SME) Cloudbursting Corp(AWS Partner) in Jacksonville, FL. 03/30/2018 COMPTIA PENTEST+ BETA EXAM CODE PT1-001
• Joe Holbrook, owner of Cloudbursting Corp in Jacksonville, FL. • Cloud Consulting Architect & Technical Trainer who has been consulting in the Cloud Computing, IT Security Data Storage areas for over 15 years. • Government contractor and consultant for 10 years. DOD 8570 • IT Security mainly around Cryptography and secure communications for Federal Gov. • CompTIA Subject Matter Expert (SME) • Holds numerous vendor and CompTIA Certs ABOUT YOUR INSTRUCTOR CLOUDBURSTING CORP 3/31/2018 2
Understand what your being tested on! WHAT ARE WE COVERING TODAY
1. What is the CompTIA PenTest+ 2. Exam Objectives 3. Exam Format 4. Areas to Focus on – Frameworks (NIST, FISMA, FIPS, ISO) 5. DOD 8570 6. Observations 7. Course Coming April 2018 WHAT ARE WE COVERING TODAY Cloudbursting Corp 3/31/2018 4
“CompTIA PenTest+ is a certification for intermediate level cybersecurity professionals who are tasked with penetration testing to identify, exploit, report, and manage vulnerabilities on a network.” WHAT IS COMPTIA PENTEST EXAM? Cloudbursting Corp 3/31/2018 5
• Plan and scope an assessment • Understand legal and compliance requirements • Perform vulnerability scanning and penetration testing using appropriate tools and techniques • Analyze the results In addition, the candidate will be able to: • Produce a written report containing proposed remediation techniques • Effectively communicate results to management • Provide practical recommendations DUTIES FOR A PENETRATION TESTER CLOUDBURSTING CORP 3/31/2018 6
Understand what your being tested on! EXAM OBJECTIVES
EXAM OBJECTIVES CLOUDBURSTING CORP 3/31/2018 8
1.0 Planning and Scoping 1.1 Explain the importance of planning for an engagement. 1.2 Explain key legal concepts 1.3 Explain the importance of scoping an engagement properly 1.4 Explain the key aspects of compliance-based assessments OBJECTIVES CLOUDBURSTING CORP 3/31/2018 9
2.0 Information Gathering and Vulnerability Identification • 2.1 Given a scenario, conduct information gathering using appropriate techniques. • 2.2 Given a scenario, perform a vulnerability scan • 2.3 Given a scenario, analyze vulnerability scan results • 2.4 Explain the process of leveraging information to prepare for exploitation • 2.5 Explain weaknesses related to specialized systems OBJECTIVES CLOUDBURSTING CORP 3/31/2018 10
3.0 Attacks and Exploits • 3.1 Compare and contrast social engineering attacks • 3.2 Given a scenario, exploit network-based vulnerabilities • 3.3 Given a scenario, exploit wireless and RF-based vulnerabilities • 3.4 Given a scenario, exploit application-based vulnerabilities • 3.5 Given a scenario, exploit local host vulnerabilities • 3.6 Summarize physical security attacks related to facilities • 3.7 Given a scenario, perform post-exploitation techniques OBJECTIVES CLOUDBURSTING CORP 3/31/2018 11
4.0 Penetration Testing Tools • 4.1 Given a scenario, use Nmap to conduct information gathering exercises • 4.2 Compare and contrast various use cases of tools • 4.3 Given a scenario, analyze tool output or data related to a penetration test • 4.4 Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell) OBJECTIVES CLOUDBURSTING CORP 3/31/2018 12
5.0 Reporting and Communication • 4.1 Given a scenario, use report writing and handling best practices • 4.2 Explain post-report delivery activities • 4.3 Given a scenario, recommend mitigation strategies for discovered vulnerabilities • 4.4 Explain the importance of communication during the penetration testing process OBJECTIVES CLOUDBURSTING CORP 3/31/2018 13
Understand what your being tested on! EXAM FORMAT
• Around 80 questions (165 minutes ) • Passing score: 750 on a scale 100-900 • Multiple Choice and Performance Based Questions • ​Pass/fail information will not be available until summer 2018; candidates will be notified. Only a numbered score is issued at the end of the beta exam. No exam objectives appear in beta exam results. EXAM FORMAT CLOUDBURSTING CORP TBC
CYBERSECURITY CAREER PATH Cloudbursting Corp3/31/2018 16
EXAM DETAILS OVERVIEW CLOUDBURSTING CORP 3/31/2018 17
Understand what your being tested on! AREAS TO FOCUS ON - FRAMEWORKS
• http://csrc.nist.gov/groups/SMA/fisma/assessment.html • Guide for Assessing the Security Controls in Federal Information Systems and Organizations • The purpose of NIST Special Publication 800-53A (as amended) is to establish common assessment procedures to assess the effectiveness of security controls in federal information systems, specifically those controls listed in NIST Special Publication 800-53 (as amended), GET TO KNOW NIST ASSESSMENTS CLOUDBURSTING CORP 3/31/2018 19
• https://www.nist.gov/cyberframework GET TO KNOW NIST CYBER FRAMEWORK CLOUDBURSTING CORP 3/31/2018 20
• ESSENCE OF FIPS 200 - MINIMUM SECURITY REQUIREMENTS FOR FEDERAL INFORMATION AND INFORMATION SYSTEMS • FIPS 200 defines following 17 security areas covered under confidentiality, integrity, and availability (CIA) of federal information systems and the information processed, stored, and transmitted by those systems. • For the actual requirements, it refers to NIST Special Publication 800-53 and says that federal agencies must meet its requirements. https://doi.org/10.6028/NIST.FIPS.200 GET TO KNOW FIPS 200 FRAMEWORK CLOUDBURSTING CORP 3/31/2018 21
• The Federal Information Security Management Act of 2002 was updated in Public Law 113 to Federal Information Security Modernization Act of 2014. For more information, see http://csrc.nist.gov/groups/SMA/fisma/overview.html. • Protecting the Nation's Critical Information Infrastructure GET TO KNOW FISMA ACT CLOUDBURSTING CORP 3/31/2018 22
• https://nvd.nist.gov/ GET TO KNOW NIST VULNERABILITY DATABASE CLOUDBURSTING CORP 3/31/2018 23
GET TO KNOW NIST TECH GUIDE CLOUDBURSTING CORP 3/31/2018 24
Understand what your being tested on! DOD 8570 & ISO/ANSI 17024
CSA+ is ISO/ANSI 17024 accredited and is awaiting approval by the U.S. Department of Defense (DoD) for directive 8140/8570.01-M requirements. https://certification.comptia.org/it-career- news/post/view/2015/09/11/what-are-u-s-dod-8140-8570-and-8570-01- m-and-what-do-they-mean-for-your-career- DOD 8570 & ISO/ANSI 17024 CLOUDBURSTING CORP 3/31/2018 26
The DoD 8570 Information Assurance Training, Certification and Workforce Management program addresses this threat by proactively educating and certifying commercial contractors, and military and civilian personnel to perform their critical duties as Information Assurance professionals. Under the 8570 Mandate, all personnel with "privileged access" to DoD systems must obtain an ANSI-approved commercial certification. DOD 8570 & ISO/ANSI 17024 CLOUDBURSTING CORP 3/31/2018 27
Understand what your being tested on! SOME THOUGHTS ON EXAM
My observations • Exam is clearly experienced based • NMAP is tested highly as other tools • Expect to have 10% or more performance based • Study materials not fully available • 10% of questions were on tools such as NMAP, OpenVAS, Nessus, etc. • Another 10% covered areas such as exploitation. • Harder and more technical than the CEH Exam. OBSERVATIONS CLOUDBURSTING CORP 3/31/2018 29
My observations • The exam covers scripting somewhat deeper than I would have expected. Know how to debug, error handling, debugging, etc. PHP, Python and Bash appeared. • Study materials from GPEN, GWAPT , OSCP and CEH until proper PenTest Materials come out. • Before taking the exam if you have Security Plus or CASP PenTesting materials review it. • White Hat, Red Hats… OBSERVATIONS CLOUDBURSTING CORP 3/31/2018 30
My observations • One recommendation is to review MetaSploit • Know to exploit SQL • Know mobile exploits (Bluetooth, Android) • Wifi attacks. • Web Crawling (Scrapy) • Password attacks(BruteForce, Digests) OBSERVATIONS CLOUDBURSTING CORP 3/31/2018 31
• Course to be released • Udemy • April 2018 COURSE ON UDEMY –RELEASE DATE APRIL 2018 CLOUDBURSTING CORP 3/31/2018 32

Recommended

CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationInfosec
 
CMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentCMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentInfosec
 
CompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examCompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examInfosec
 
Isaca career paths - the highest paying certifications in the industry
Isaca career paths - the highest paying certifications in the industryIsaca career paths - the highest paying certifications in the industry
Isaca career paths - the highest paying certifications in the industryInfosec
 
CompTIA Managed Services Community Meeting: ChannelCon 2013
CompTIA Managed Services Community Meeting: ChannelCon 2013CompTIA Managed Services Community Meeting: ChannelCon 2013
CompTIA Managed Services Community Meeting: ChannelCon 2013CompTIA
 
Solar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesSolar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesInfosec
 
Comp tia security sy0 601 domain 3 implementation
Comp tia security sy0 601 domain 3 implementationComp tia security sy0 601 domain 3 implementation
Comp tia security sy0 601 domain 3 implementationShivamSharma909
 
Comptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseComptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseShivamSharma909
 

Recommended

CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationInfosec
 
CMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentCMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentInfosec
 
CompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examCompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examInfosec
 
Isaca career paths - the highest paying certifications in the industry
Isaca career paths - the highest paying certifications in the industryIsaca career paths - the highest paying certifications in the industry
Isaca career paths - the highest paying certifications in the industryInfosec
 
CompTIA Managed Services Community Meeting: ChannelCon 2013
CompTIA Managed Services Community Meeting: ChannelCon 2013CompTIA Managed Services Community Meeting: ChannelCon 2013
CompTIA Managed Services Community Meeting: ChannelCon 2013CompTIA
 
Solar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesSolar winds supply chain breach - Insights from the trenches
Solar winds supply chain breach - Insights from the trenchesInfosec
 
Comp tia security sy0 601 domain 3 implementation
Comp tia security sy0 601 domain 3 implementationComp tia security sy0 601 domain 3 implementation
Comp tia security sy0 601 domain 3 implementationShivamSharma909
 
Comptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseComptia security sy0 601 domain 4 operation and incident response
Comptia security sy0 601 domain 4 operation and incident responseShivamSharma909
 
Cybersecurity Test and Evaluation (TE) Training : Tonex Training
Cybersecurity Test and Evaluation (TE) Training : Tonex TrainingCybersecurity Test and Evaluation (TE) Training : Tonex Training
Cybersecurity Test and Evaluation (TE) Training : Tonex TrainingBryan Len
 
CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)Chanaka Lasantha
 
Third party datasecurity assurance questionnaire
Third party datasecurity assurance questionnaireThird party datasecurity assurance questionnaire
Third party datasecurity assurance questionnairePriyanka Aash
 
CompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examCompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examInfosec
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsSynopsys Software Integrity Group
 
Webinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in ReviewWebinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in ReviewSynopsys Software Integrity Group
 
NASA OIG Report
NASA OIG ReportNASA OIG Report
NASA OIG ReportPriyanka Aash
 
Web Applications Security Assessment In The Portuguese World Wide Web Panorama
Web Applications Security Assessment In The Portuguese World Wide Web PanoramaWeb Applications Security Assessment In The Portuguese World Wide Web Panorama
Web Applications Security Assessment In The Portuguese World Wide Web Panoramanfteodoro
 
Webinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or RealityWebinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or RealitySynopsys Software Integrity Group
 
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsScott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsTrish McGinity, CCSK
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Kyle Lai
 
Threat Modeling for IoT Systems
Threat Modeling for IoT SystemsThreat Modeling for IoT Systems
Threat Modeling for IoT SystemsDenim Group
 
Webinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created EqualWebinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created EqualSynopsys Software Integrity Group
 
Cv
Cv Cv
Cv HaithamSalah13
 
Webinar – Security Tool Misconfiguration and Abuse
Webinar – Security Tool Misconfiguration and AbuseWebinar – Security Tool Misconfiguration and Abuse
Webinar – Security Tool Misconfiguration and AbuseSynopsys Software Integrity Group
 
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp
 
Activity1 c1
Activity1 c1Activity1 c1
Activity1 c1FORMAEMPLEO
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? PECB
 
Embracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud ComputingEmbracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud ComputingPECB
 
CompTIA PenTest+ Exam (PT0-001) Exam Review
CompTIA PenTest+ Exam (PT0-001) Exam ReviewCompTIA PenTest+ Exam (PT0-001) Exam Review
CompTIA PenTest+ Exam (PT0-001) Exam ReviewJoseph Holbrook, Chief Learning Officer (CLO)
 
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptxInfosec
 
Meeting the Cybersecurity Skills Challenge with CompTIA Security+
Meeting the Cybersecurity Skills Challenge with CompTIA Security+Meeting the Cybersecurity Skills Challenge with CompTIA Security+
Meeting the Cybersecurity Skills Challenge with CompTIA Security+CompTIA
 

More Related Content

What's hot

Cybersecurity Test and Evaluation (TE) Training : Tonex Training
Cybersecurity Test and Evaluation (TE) Training : Tonex TrainingCybersecurity Test and Evaluation (TE) Training : Tonex Training
Cybersecurity Test and Evaluation (TE) Training : Tonex TrainingBryan Len
 
CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)Chanaka Lasantha
 
Third party datasecurity assurance questionnaire
Third party datasecurity assurance questionnaireThird party datasecurity assurance questionnaire
Third party datasecurity assurance questionnairePriyanka Aash
 
CompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examCompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examInfosec
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsSynopsys Software Integrity Group
 
Web Applications Security Assessment In The Portuguese World Wide Web Panorama
Web Applications Security Assessment In The Portuguese World Wide Web PanoramaWeb Applications Security Assessment In The Portuguese World Wide Web Panorama
Web Applications Security Assessment In The Portuguese World Wide Web Panoramanfteodoro
 
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsScott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsTrish McGinity, CCSK
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Kyle Lai
 
Threat Modeling for IoT Systems
Threat Modeling for IoT SystemsThreat Modeling for IoT Systems
Threat Modeling for IoT SystemsDenim Group
 
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? PECB
 
Embracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud ComputingEmbracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud ComputingPECB
 

What's hot (19)

Cybersecurity Test and Evaluation (TE) Training : Tonex Training
Cybersecurity Test and Evaluation (TE) Training : Tonex TrainingCybersecurity Test and Evaluation (TE) Training : Tonex Training
Cybersecurity Test and Evaluation (TE) Training : Tonex Training
 
CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)
 
Third party datasecurity assurance questionnaire
Third party datasecurity assurance questionnaireThird party datasecurity assurance questionnaire
Third party datasecurity assurance questionnaire
 
CompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examCompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new exam
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
 
Webinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in ReviewWebinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in Review
 
NASA OIG Report
NASA OIG ReportNASA OIG Report
NASA OIG Report
 
Web Applications Security Assessment In The Portuguese World Wide Web Panorama
Web Applications Security Assessment In The Portuguese World Wide Web PanoramaWeb Applications Security Assessment In The Portuguese World Wide Web Panorama
Web Applications Security Assessment In The Portuguese World Wide Web Panorama
 
Webinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or RealityWebinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or Reality
 
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsScott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certs
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016
 
Threat Modeling for IoT Systems
Threat Modeling for IoT SystemsThreat Modeling for IoT Systems
Threat Modeling for IoT Systems
 
Webinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created EqualWebinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created Equal
 
Cv
Cv Cv
Cv
 
Webinar – Security Tool Misconfiguration and Abuse
Webinar – Security Tool Misconfiguration and AbuseWebinar – Security Tool Misconfiguration and Abuse
Webinar – Security Tool Misconfiguration and Abuse
 
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
 
Activity1 c1
Activity1 c1Activity1 c1
Activity1 c1
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
 
Embracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud ComputingEmbracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud Computing
 

Similar to CompTIA PenTest+ BETA EXAM CODE PT1-001

2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptxInfosec
 
Meeting the Cybersecurity Skills Challenge with CompTIA Security+
Meeting the Cybersecurity Skills Challenge with CompTIA Security+Meeting the Cybersecurity Skills Challenge with CompTIA Security+
Meeting the Cybersecurity Skills Challenge with CompTIA Security+CompTIA
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowInfosec
 
Meeting Today’s IT Support Challenges with CompTIA A+
Meeting Today’s IT Support Challenges with CompTIA A+Meeting Today’s IT Support Challenges with CompTIA A+
Meeting Today’s IT Support Challenges with CompTIA A+CompTIA
 
Comptia security-sy0-401
Comptia security-sy0-401Comptia security-sy0-401
Comptia security-sy0-401pgupta101
 
CompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the examCompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the examInfosec
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfJack Nichelson
 
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Dr. Ahmed Al Zaidy
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...Ignyte Assurance Platform
 
Quick Study for SY0-401 CompTIA Security+ Certification Exam with Practice
Quick Study for SY0-401 CompTIA Security+ Certification Exam with PracticeQuick Study for SY0-401 CompTIA Security+ Certification Exam with Practice
Quick Study for SY0-401 CompTIA Security+ Certification Exam with PracticePopeTeri
 
Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape...
Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape... Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape...
Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape...NetCom Learning
 
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowCMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowPECB
 
CompTIA CySA+ certification (CS0-003) changes: Everything you need to know
CompTIA CySA+ certification (CS0-003) changes: Everything you need to knowCompTIA CySA+ certification (CS0-003) changes: Everything you need to know
CompTIA CySA+ certification (CS0-003) changes: Everything you need to knowInfosec
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 

Similar to CompTIA PenTest+ BETA EXAM CODE PT1-001 (20)

CompTIA PenTest+ Exam (PT0-001) Exam Review
CompTIA PenTest+ Exam (PT0-001) Exam ReviewCompTIA PenTest+ Exam (PT0-001) Exam Review
CompTIA PenTest+ Exam (PT0-001) Exam Review
 
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptx
 
Meeting the Cybersecurity Skills Challenge with CompTIA Security+
Meeting the Cybersecurity Skills Challenge with CompTIA Security+Meeting the Cybersecurity Skills Challenge with CompTIA Security+
Meeting the Cybersecurity Skills Challenge with CompTIA Security+
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC Breakdown
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to know
 
Meeting Today’s IT Support Challenges with CompTIA A+
Meeting Today’s IT Support Challenges with CompTIA A+Meeting Today’s IT Support Challenges with CompTIA A+
Meeting Today’s IT Support Challenges with CompTIA A+
 
Comptia security-sy0-401
Comptia security-sy0-401Comptia security-sy0-401
Comptia security-sy0-401
 
CompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the examCompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the exam
 
Funsec3e ppt ch14
Funsec3e ppt ch14Funsec3e ppt ch14
Funsec3e ppt ch14
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
 
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
 
CMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBsCMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBs
 
CompTIA Cybersecurity Analyst Certification Tips and Tricks
CompTIA Cybersecurity Analyst Certification Tips and TricksCompTIA Cybersecurity Analyst Certification Tips and Tricks
CompTIA Cybersecurity Analyst Certification Tips and Tricks
 
Quick Study for SY0-401 CompTIA Security+ Certification Exam with Practice
Quick Study for SY0-401 CompTIA Security+ Certification Exam with PracticeQuick Study for SY0-401 CompTIA Security+ Certification Exam with Practice
Quick Study for SY0-401 CompTIA Security+ Certification Exam with Practice
 
Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape...
Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape... Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape...
Beyond Keystroke Logging and Trojans: How to Navigate the Changing Landscape...
 
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowCMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
 
CompTIA CySA+ certification (CS0-003) changes: Everything you need to know
CompTIA CySA+ certification (CS0-003) changes: Everything you need to knowCompTIA CySA+ certification (CS0-003) changes: Everything you need to know
CompTIA CySA+ certification (CS0-003) changes: Everything you need to know
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
 

More from Joseph Holbrook, Chief Learning Officer (CLO)

More from Joseph Holbrook, Chief Learning Officer (CLO) (20)

Cloud Computing Opportunities in the Goverment Military Sectors
Cloud Computing Opportunities in the Goverment Military SectorsCloud Computing Opportunities in the Goverment Military Sectors
Cloud Computing Opportunities in the Goverment Military Sectors
 
Top 10 key areas to learn in cloud in 2020
Top 10 key areas to learn in cloud in 2020Top 10 key areas to learn in cloud in 2020
Top 10 key areas to learn in cloud in 2020
 
"Creating a Competitive Edge Using Blockchain Technology"
"Creating a Competitive Edge Using Blockchain Technology""Creating a Competitive Edge Using Blockchain Technology"
"Creating a Competitive Edge Using Blockchain Technology"
 
How to design, code, deploy and execute a smart contract
How to design, code, deploy and execute a smart contractHow to design, code, deploy and execute a smart contract
How to design, code, deploy and execute a smart contract
 
How to Build a Threat Detection Strategy in the AWS Cloud
How to Build a Threat Detection Strategy in the AWS CloudHow to Build a Threat Detection Strategy in the AWS Cloud
How to Build a Threat Detection Strategy in the AWS Cloud
 
AWS and DevOps Session 1
AWS and DevOps Session 1AWS and DevOps Session 1
AWS and DevOps Session 1
 
Blockchain Breakout Session Tech Coast Conference Jacksonville
Blockchain Breakout Session Tech Coast Conference JacksonvilleBlockchain Breakout Session Tech Coast Conference Jacksonville
Blockchain Breakout Session Tech Coast Conference Jacksonville
 
Blockchain Fundamentals Quickstart
Blockchain Fundamentals Quickstart Blockchain Fundamentals Quickstart
Blockchain Fundamentals Quickstart
 
Blockchain Proof or Concepts for Pre Sales Engineers
Blockchain Proof or Concepts for Pre Sales EngineersBlockchain Proof or Concepts for Pre Sales Engineers
Blockchain Proof or Concepts for Pre Sales Engineers
 
DevOps on GCP Course Compared to AWS
DevOps on GCP Course Compared to AWSDevOps on GCP Course Compared to AWS
DevOps on GCP Course Compared to AWS
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals Webinar
 
Blockchain Fundamentals for Technology Engineers
Blockchain Fundamentals for Technology EngineersBlockchain Fundamentals for Technology Engineers
Blockchain Fundamentals for Technology Engineers
 
Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019
 
Cloud Computing and the Culture of Innovation
Cloud Computing and the Culture of Innovation Cloud Computing and the Culture of Innovation
Cloud Computing and the Culture of Innovation
 
Udemy Cash Flow Workshop Jacksonville IT Pro Workshop 2018
Udemy Cash Flow Workshop Jacksonville IT Pro Workshop 2018Udemy Cash Flow Workshop Jacksonville IT Pro Workshop 2018
Udemy Cash Flow Workshop Jacksonville IT Pro Workshop 2018
 
GCP Cloud Storage Security
GCP Cloud Storage SecurityGCP Cloud Storage Security
GCP Cloud Storage Security
 
Google Cloud Platform Intro to Data and Storage Services
Google Cloud Platform Intro to Data and Storage ServicesGoogle Cloud Platform Intro to Data and Storage Services
Google Cloud Platform Intro to Data and Storage Services
 
INTRO TO BLOCKCHAINS AND CRYPTOCURRENCY
INTRO TO BLOCKCHAINS AND CRYPTOCURRENCYINTRO TO BLOCKCHAINS AND CRYPTOCURRENCY
INTRO TO BLOCKCHAINS AND CRYPTOCURRENCY
 
Google Cloud Platform Data Storage
Google Cloud Platform Data StorageGoogle Cloud Platform Data Storage
Google Cloud Platform Data Storage
 
Intro to Google Cloud Platform Data Engineering.- Endpoints
Intro to Google Cloud Platform Data Engineering.- EndpointsIntro to Google Cloud Platform Data Engineering.- Endpoints
Intro to Google Cloud Platform Data Engineering.- Endpoints
 

Recently uploaded

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 

Recently uploaded (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 

CompTIA PenTest+ BETA EXAM CODE PT1-001

  • 1. Joseph Holbrook, Cloud Consulting Architect and Technical Trainer CompTIA Subject Matter Expert (SME) Cloudbursting Corp(AWS Partner) in Jacksonville, FL. 03/30/2018 COMPTIA PENTEST+ BETA EXAM CODE PT1-001
  • 2. • Joe Holbrook, owner of Cloudbursting Corp in Jacksonville, FL. • Cloud Consulting Architect & Technical Trainer who has been consulting in the Cloud Computing, IT Security Data Storage areas for over 15 years. • Government contractor and consultant for 10 years. DOD 8570 • IT Security mainly around Cryptography and secure communications for Federal Gov. • CompTIA Subject Matter Expert (SME) • Holds numerous vendor and CompTIA Certs ABOUT YOUR INSTRUCTOR CLOUDBURSTING CORP 3/31/2018 2
  • 3. Understand what your being tested on! WHAT ARE WE COVERING TODAY
  • 4. 1. What is the CompTIA PenTest+ 2. Exam Objectives 3. Exam Format 4. Areas to Focus on – Frameworks (NIST, FISMA, FIPS, ISO) 5. DOD 8570 6. Observations 7. Course Coming April 2018 WHAT ARE WE COVERING TODAY Cloudbursting Corp 3/31/2018 4
  • 5. “CompTIA PenTest+ is a certification for intermediate level cybersecurity professionals who are tasked with penetration testing to identify, exploit, report, and manage vulnerabilities on a network.” WHAT IS COMPTIA PENTEST EXAM? Cloudbursting Corp 3/31/2018 5
  • 6. • Plan and scope an assessment • Understand legal and compliance requirements • Perform vulnerability scanning and penetration testing using appropriate tools and techniques • Analyze the results In addition, the candidate will be able to: • Produce a written report containing proposed remediation techniques • Effectively communicate results to management • Provide practical recommendations DUTIES FOR A PENETRATION TESTER CLOUDBURSTING CORP 3/31/2018 6
  • 7. Understand what your being tested on! EXAM OBJECTIVES
  • 9. 1.0 Planning and Scoping 1.1 Explain the importance of planning for an engagement. 1.2 Explain key legal concepts 1.3 Explain the importance of scoping an engagement properly 1.4 Explain the key aspects of compliance-based assessments OBJECTIVES CLOUDBURSTING CORP 3/31/2018 9
  • 10. 2.0 Information Gathering and Vulnerability Identification • 2.1 Given a scenario, conduct information gathering using appropriate techniques. • 2.2 Given a scenario, perform a vulnerability scan • 2.3 Given a scenario, analyze vulnerability scan results • 2.4 Explain the process of leveraging information to prepare for exploitation • 2.5 Explain weaknesses related to specialized systems OBJECTIVES CLOUDBURSTING CORP 3/31/2018 10
  • 11. 3.0 Attacks and Exploits • 3.1 Compare and contrast social engineering attacks • 3.2 Given a scenario, exploit network-based vulnerabilities • 3.3 Given a scenario, exploit wireless and RF-based vulnerabilities • 3.4 Given a scenario, exploit application-based vulnerabilities • 3.5 Given a scenario, exploit local host vulnerabilities • 3.6 Summarize physical security attacks related to facilities • 3.7 Given a scenario, perform post-exploitation techniques OBJECTIVES CLOUDBURSTING CORP 3/31/2018 11
  • 12. 4.0 Penetration Testing Tools • 4.1 Given a scenario, use Nmap to conduct information gathering exercises • 4.2 Compare and contrast various use cases of tools • 4.3 Given a scenario, analyze tool output or data related to a penetration test • 4.4 Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell) OBJECTIVES CLOUDBURSTING CORP 3/31/2018 12
  • 13. 5.0 Reporting and Communication • 4.1 Given a scenario, use report writing and handling best practices • 4.2 Explain post-report delivery activities • 4.3 Given a scenario, recommend mitigation strategies for discovered vulnerabilities • 4.4 Explain the importance of communication during the penetration testing process OBJECTIVES CLOUDBURSTING CORP 3/31/2018 13
  • 14. Understand what your being tested on! EXAM FORMAT
  • 15. • Around 80 questions (165 minutes ) • Passing score: 750 on a scale 100-900 • Multiple Choice and Performance Based Questions • ​Pass/fail information will not be available until summer 2018; candidates will be notified. Only a numbered score is issued at the end of the beta exam. No exam objectives appear in beta exam results. EXAM FORMAT CLOUDBURSTING CORP TBC
  • 18. Understand what your being tested on! AREAS TO FOCUS ON - FRAMEWORKS
  • 19. • http://csrc.nist.gov/groups/SMA/fisma/assessment.html • Guide for Assessing the Security Controls in Federal Information Systems and Organizations • The purpose of NIST Special Publication 800-53A (as amended) is to establish common assessment procedures to assess the effectiveness of security controls in federal information systems, specifically those controls listed in NIST Special Publication 800-53 (as amended), GET TO KNOW NIST ASSESSMENTS CLOUDBURSTING CORP 3/31/2018 19
  • 20. • https://www.nist.gov/cyberframework GET TO KNOW NIST CYBER FRAMEWORK CLOUDBURSTING CORP 3/31/2018 20
  • 21. • ESSENCE OF FIPS 200 - MINIMUM SECURITY REQUIREMENTS FOR FEDERAL INFORMATION AND INFORMATION SYSTEMS • FIPS 200 defines following 17 security areas covered under confidentiality, integrity, and availability (CIA) of federal information systems and the information processed, stored, and transmitted by those systems. • For the actual requirements, it refers to NIST Special Publication 800-53 and says that federal agencies must meet its requirements. https://doi.org/10.6028/NIST.FIPS.200 GET TO KNOW FIPS 200 FRAMEWORK CLOUDBURSTING CORP 3/31/2018 21
  • 22. • The Federal Information Security Management Act of 2002 was updated in Public Law 113 to Federal Information Security Modernization Act of 2014. For more information, see http://csrc.nist.gov/groups/SMA/fisma/overview.html. • Protecting the Nation's Critical Information Infrastructure GET TO KNOW FISMA ACT CLOUDBURSTING CORP 3/31/2018 22
  • 23. • https://nvd.nist.gov/ GET TO KNOW NIST VULNERABILITY DATABASE CLOUDBURSTING CORP 3/31/2018 23
  • 24. GET TO KNOW NIST TECH GUIDE CLOUDBURSTING CORP 3/31/2018 24
  • 25. Understand what your being tested on! DOD 8570 & ISO/ANSI 17024
  • 26. CSA+ is ISO/ANSI 17024 accredited and is awaiting approval by the U.S. Department of Defense (DoD) for directive 8140/8570.01-M requirements. https://certification.comptia.org/it-career- news/post/view/2015/09/11/what-are-u-s-dod-8140-8570-and-8570-01- m-and-what-do-they-mean-for-your-career- DOD 8570 & ISO/ANSI 17024 CLOUDBURSTING CORP 3/31/2018 26
  • 27. The DoD 8570 Information Assurance Training, Certification and Workforce Management program addresses this threat by proactively educating and certifying commercial contractors, and military and civilian personnel to perform their critical duties as Information Assurance professionals. Under the 8570 Mandate, all personnel with "privileged access" to DoD systems must obtain an ANSI-approved commercial certification. DOD 8570 & ISO/ANSI 17024 CLOUDBURSTING CORP 3/31/2018 27
  • 28. Understand what your being tested on! SOME THOUGHTS ON EXAM
  • 29. My observations • Exam is clearly experienced based • NMAP is tested highly as other tools • Expect to have 10% or more performance based • Study materials not fully available • 10% of questions were on tools such as NMAP, OpenVAS, Nessus, etc. • Another 10% covered areas such as exploitation. • Harder and more technical than the CEH Exam. OBSERVATIONS CLOUDBURSTING CORP 3/31/2018 29
  • 30. My observations • The exam covers scripting somewhat deeper than I would have expected. Know how to debug, error handling, debugging, etc. PHP, Python and Bash appeared. • Study materials from GPEN, GWAPT , OSCP and CEH until proper PenTest Materials come out. • Before taking the exam if you have Security Plus or CASP PenTesting materials review it. • White Hat, Red Hats… OBSERVATIONS CLOUDBURSTING CORP 3/31/2018 30
  • 31. My observations • One recommendation is to review MetaSploit • Know to exploit SQL • Know mobile exploits (Bluetooth, Android) • Wifi attacks. • Web Crawling (Scrapy) • Password attacks(BruteForce, Digests) OBSERVATIONS CLOUDBURSTING CORP 3/31/2018 31
  • 32. • Course to be released • Udemy • April 2018 COURSE ON UDEMY –RELEASE DATE APRIL 2018 CLOUDBURSTING CORP 3/31/2018 32