The CompTIA PenTest+ certification verifies that successful candidates have the knowledge and skills required to plan and scope an assessment, understand legal and compliance requirements, perform vulnerability scanning and penetration testing, analyze data, and effectively report and communicate results.

Course Objectives

Planning and Scoping

• Explain the importance of planning for an engagement
• Explain key legal concepts
• Explain the importance of scoping an engagement properly
• Explain the key aspects of compliance-based assessments

          
Information Gathering and Vulnerability Identification

• Given a scenario, conduct information gathering using appropriate techniques.
• Given a scenario, perform a vulnerability scan
• Given a scenario, analyze vulnerability scan results
• Explain the process of leveraging information to prepare for exploitation
• Explain weaknesses related to specialized systems

          
Attacks and Exploits

• Compare and contrast social engineering attacks
• Given a scenario, exploit network-based vulnerabilities
• Given a scenario, exploit wireless and RF-based vulnerabilities.
• Given a scenario, exploit application-based vulnerabilities
• Given a scenario, exploit local host vulnerabilities
• Summarize physical security attacks related to facilities
• Given a scenario, perform post-exploitation techniques

      
Penetration Testing Tools

• Given a scenario, use Nmap to conduct information gathering
• exercises
• Compare and contrast various use cases of tools
• Given a scenario, analyze tool output or data related to a penetration test
• Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell)

Reporting and Communication

• Given a scenario, use report writing and handling best practices
• Explain post-report delivery activities
• Given a scenario, recommend mitigation strategies for discovered vulnerabilities
• Explain the importance of communication during the penetration testing process.