CompTIA PenTest+ PT0-002 Cert Guide, 2nd edition

Published by Pearson IT Certification (December 28, 2021) © 2022

  • Omar Santos Best-selling Cisco Press author, expert trainer, and Principal Engineer at Cisco (PSIRT)

eTextbook

fromper month

  • Available for purchase from all major ebook resellers, including InformIT.com.
  • To request a review copy, click on the "Request a Review Copy" button.
$47.99

  • A print text (hardcover or paperback) 
  • Free shipping
  • Also available for purchase as an ebook from all major ebook resellers, including InformIT.com

uCertify

from$140.00

  • Includes the full Pearson e-text, pre- and post-assessments, quizzes, videos, and more
  • Provides hands-on skills to bridge conceptual knowledge and real-world application
  • Powerful student management tools yet easy to implement, customize, and manage

Learn, prepare, and practice for CompTIA PenTest+ PT0-002 exam success with this CompTIA PenTest+ PT0-002 Cert Guide from Pearson IT Certification, a leader in IT Certification learning.

CompTIA PenTest+ PT0-002 Cert Guide presents students with an organized test preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and allow students to decide how much time they need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help students drill on key concepts they must know thoroughly.

CompTIA PenTest+ PT0-002 Cert Guide focuses specifically on the objectives for the CompTIA PenTest+ PT0-002 exam. Leading security expert Omar Santos shares preparation hints and test-taking tips, helping students identify areas of weakness and improve both their conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing their understanding and retention of exam topics.

This complete study package includes:

  • A test-preparation routine proven to help students pass the exams
  • Do I Know This Already? quizzes, which allow students to decide how much time they need to spend on each section
  • Chapter-ending exercises, which help students drill on key concepts that must be known thoroughly
  • An online interactive Flash Cards application to help students drill on Key Terms by chapter
  • A final preparation chapter, which guides students through tools and resources to help students craft their review and test-taking strategies
  • Study plan suggestions and templates to help students organize and optimize their study time

Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps students master the concepts and techniques that ensure their exam success.

This study guide helps students master all the topics on the CompTIA PenTest+ PT0-002 exam, including:

  • Planning and Scoping a Penetration Testing Assessment
  • Information Gathering and Vulnerability Identification
  • Social Engineering Attacks and Physical Security Vulnerabilities
  • Exploiting Wired and Wireless Networks
  • Exploiting Application-Based Vulnerabilities
  • Cloud, Mobile, and IoT Security
  • Performing Post-Exploitation Techniques
  • Reporting and Communication
  • Tools and Code Analysis
  • In-depth, expert explanations of all attacks, countermeasures, and techniques covered on the PenTest+ exam
  • Practice with hundreds of challenging practice questions delivered through Pearson's state-of-the-art PCPT testing engine
  • Build and deepen students' knowledge with popular Cert Guide features such as Memory Tables and Exam Alerts

Covers the new and revised objectives for the CompTIA PenTest+ exam with increased coverage of pentesting, vulnerability assessments, and code analysis.

Introduction xxix

Chapter 1 Introduction to Ethical Hacking and Penetration Testing 3

    “Do I Know This Already?” Quiz 3

    Foundation Topics 7

    Understanding Ethical Hacking and Penetration Testing 7

    Exploring Penetration Testing Methodologies 9

    Building Your Own Lab 15

    Exam Preparation Tasks 20

    Review All Key Topics 20

    Define Key Terms 20

    Q&A 20

Chapter 2 Planning and Scoping a Penetration Testing Assessment 23

    “Do I Know This Already?” Quiz 23

    Foundation Topics 26

    Comparing and Contrasting Governance, Risk, and Compliance Concepts 26

    Explaining the Importance of Scoping and Organizational or Customer Requirements 39

    Demonstrating an Ethical Hacking Mindset by Maintaining Professionalism and Integrity 48

    Exam Preparation Tasks 50

    Review All Key Topics 50

    Define Key Terms 51

    Q&A 51

Chapter 3 Information Gathering and Vulnerability Scanning 55

    “Do I Know This Already?” Quiz 55

    Foundation Topics 59

    Performing Passive Reconnaissance 59

    Performing Active Reconnaissance 93

    Understanding the Art of Performing Vulnerability Scans 125

    Understanding How to Analyze Vulnerability Scan Results 136

    Exam Preparation Tasks 141

    Review All Key Topics 142

    Define Key Terms 142

    Q&A 143

Chapter 4 Social Engineering Attacks 145

    “Do I Know This Already?” Quiz 145

    Foundation Topics 149

    Pretexting for an Approach and Impersonation 149

    Social Engineering Attacks 151

    Physical Attacks 155

    Methods of Influence 170

    Exam Preparation Tasks 171

    Review All Key Topics 171

    Define Key Terms 172

    Q&A 172

Chapter 5 Exploiting Wired and Wireless Networks 175

    “Do I Know This Already?” Quiz 175

    Foundation Topics 180

    Exploiting Network-Based Vulnerabilities 180

    Exploiting Wireless Vulnerabilities 216

    Exam Preparation Tasks 234

    Review All Key Topics 234

    Define Key Terms 235

    Q&A 235

Chapter 6 Exploiting Application-Based Vulnerabilities 237

    “Do I Know This Already?” Quiz 237

    Foundation Topics 244

    Overview of Web Application-Based Attacks for Security Professionals and the OWASP Top 10 244

    How to Build Your Own Web Application Lab 255

    Understanding Business Logic Flaws 256

    Understanding Injection-Based Vulnerabilities 257

    Exploiting Authentication-Based Vulnerabilities 273

    Exploiting Authorization-Based Vulnerabilities 279

    Understanding Cross-Site Scripting (XSS) Vulnerabilities 281

    Understanding Cross-Site Request Forgery (CSRF/XSRF) and Server-Side Request Forgery Attacks 288

    Understanding Clickjacking 289

    Exploiting Security Misconfigurations 289

    Exploiting File Inclusion Vulnerabilities 292

    Exploiting Insecure Code Practices 293

    Exam Preparation Tasks 301

    Review All Key Topics 301

    Define Key Terms 302

    Q&A 303

Chapter 7 Cloud, Mobile, and IoT Security 305

    “Do I Know This Already?” Quiz 305

    Foundation Topics 309

    Researching Attack Vectors and Performing Attacks on Cloud Technologies 309

    Explaining Common Attacks and Vulnerabilities Against Specialized Systems 324

    Exam Preparation Tasks 336

    Review All Key Topics 337

    Define Key Terms 337

    Q&A 338

Chapter 8 Performing Post-Exploitation Techniques 341

    “Do I Know This Already?” Quiz 341

    Foundation Topics 345

    Creating a Foothold and Maintaining Persistence After Compromising a System 345

    Understanding How to Perform Lateral Movement, Detection Avoidance, and Enumeration 355

    Exam Preparation Tasks 371

    Review All Key Topics 371

    Define Key Terms 372

    Q&A 372

Chapter 9 Reporting and Communication 375

    “Do I Know This Already?” Quiz 375

    Foundation Topics 379

    Comparing and Contrasting Important Components of Written Reports 379

    Analyzing the Findings and Recommending the Appropriate Remediation Within a Report 385

    Explaining the Importance of Communication During the Penetration Testing Process 390

    Explaining Post-Report Delivery Activities 393

    Exam Preparation Tasks 395

    Review All Key Topics 395

    Define Key Terms 395

    Q&A 396

Chapter 10 Tools and Code Analysis 399

    “Do I Know This Already?” Quiz 399

    Foundation Topics 403

    Understanding the Basic Concepts of Scripting and Software

    Development 403

    Understanding the Different Use Cases of Penetration Testing Tools and Analyzing Exploit Code 409

    Exam Preparation Tasks 505

    Review All Key Topics 506

    Define Key Terms 508

    Q&A 508

Chapter 11 Final Preparation 513

    Tools for Final Preparation 513

    Suggested Plan for Final Review/Study 517

    Summary 518

Glossary of Key Terms 519

Appendix A Answers to the “Do I Know This Already?” Quizzes and Q&A Sections 537

Appendix B CompTIA® PenTest+ PT0-002 Cert Guide Exam Updates 559



Online Elements:

Appendix C Study Planner

Glossary of Key Terms



TOC, 9780137566068, 10/21/2021


Omar Santos is an active member of the cybersecurity community who leads several industry-wide initiatives. He is a best-selling author and trainer. Omar is the author of more than 20 books and video courses, as well as numerous whitepapers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), Security Research and Operations, where he mentors and leads engineers and incident managers during the investigation and resolution of cybersecurity vulnerabilities.

Omar co-leads the DEF CON Red Team Village, is the chair of the OASIS Common Security Advisory Framework (CSAF) technical committee, is the co-chair of the Forum of Incident Response and Security Teams (FIRST) Open Source Security working group, and has been the chair of several initiatives in the Industry Consortium for Advancement of Security on the Internet (ICASI). His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of their critical infrastructures. You can find additional information about Omar's current projects at h4cker.org and can follow Omar on Twitter @santosomar.

Need help? Get in touch

Pearson+

All in one place. Pearson+ offers instant access to eTextbooks, videos and study tools in one intuitive interface. Students choose how they learn best with enhanced search, audio and flashcards. The Pearson+ app lets them read where life takes them, no wi-fi needed. Students can access Pearson+ through a subscription or their MyLab or Mastering course.

uCertify

The Pearson uCertify Courses and Labs combine Pearson's authorized and peer-reviewed content with uCertify's accessible, flexible, and scalable online learning platform. All Courses and Labs are mapped directly to Pearson texts to make integration into your current courses easy and convenient

The uCertify Courses are a foundational learning tool and come with the complete Pearson interactive e-text, pre- and post- assessments, quizzes, exercises, tests, instructional videos, and more. The uCertify Labs and Simulators provide hands-on skills and bridge the gap between conceptual knowledge and real-world application

Video
Play
Privacy and cookies
By watching, you agree Pearson can share your viewership data for marketing and analytics for one year, revocable by deleting your cookies.

Pearson eTextbook: What’s on the inside just might surprise you

They say you can’t judge a book by its cover. It’s the same with your students. Meet each one right where they are with an engaging, interactive, personalized learning experience that goes beyond the textbook to fit any schedule, any budget, and any lifestyle.