PenTest+ assesses the most up-to-date penetration testing, and vulnerability assessment and management skills necessary to determine the resiliency of the network against attacks. The CompTIA PenTest+ certification exam will verify successful candidates have the knowledge and skills required to:

• • Plan and scope a penetration testing engagement
  • Understand legal and compliance requirements
  • Perform vulnerability scanning and penetration testing using appropriate tools and techniques, and then analyze the results
  • Produce a written report containing proposed remediation techniques, effectively communicate results to the management team, and provide practical recommendations

PenTest+ is compliant with ISO 17024 standards and approved by the US DoD to meet directive 8140/8570.01-M requirements. Regulators and government rely on ANSI accreditation, because it provides confidence and trust in the outputs of an accredited program. Over 2.3 million CompTIA ISO/ANSI-accredited exams have been delivered since January 1, 2011.

Planning and Scoping

• • Includes updated techniques emphasizing governance, risk, and compliance concepts, scoping and organizational/customer requirements, and demonstrating an ethical hacking mindset.

Information Gathering and Vulnerability Scanning

• • Includes updated skills on performing vulnerability scanning and passive/active reconnaissance, vulnerability management, as well as analyzing the results of the reconnaissance exercise.

Attacks and Exploits

• • Includes updated approaches to expanded attack surfaces, researching social engineering techniques, performing network attacks, wireless attacks, application-based attacks and attacks on cloud technologies, and performing post-exploitation techniques.

Reporting and Communication

• • Expanded to focus on the importance of reporting and communication in an increased regulatory environment during the pen testing process through analyzing findings and recommending appropriate remediation within a report.

Tools and Code Analysis

• • Includes updated concepts of identifying scripts in various software deployments, analyzing a script or code sample, and explaining use cases of various tools used during the phases of a penetration test. It is important to note that no scripting and coding is required.

• • Module 1 Scoping Organizational/Customer Requirements
  • Module 2 Defining the Rules of Engagement
  • Module 3 Footprinting and Gathering Intelligence
  • Module 4 Evaluating Human and Physical Vulnerabilities
  • Module 5 Preparing the Vulnerability Scan
  • Module 6 Scanning Logical Vulnerabilities
  • Module 7 Analyzing Scanning Results
  • Module 8 Avoiding Detection and Covering Tracks
  • Module 9 Exploiting the LAN and Cloud
  • Module 10 Testing Wireless Networks
  • Module 11 Targeting Mobile Devices
  • Module 12 Attacking Specialized Systems
  • Module 13 Web Application-Based Attacks
  • Module 14 Performing System Hacking
  • Module 15 Scripting and Software Development
  • Module 16 Leveraging the Attack: Pivot and Penetrate
  • Module 17 Communicating During the PenTesting Process
  • Module 18 Summarizing Report Components
  • Module 19 Recommending Remediation
  • Module 20 Performing Post-Report Delivery Activities