PenTest+: Everything you need to know about CompTIA’s new certification

67 %
33 %
Information about PenTest+: Everything you need to know about CompTIA’s new certification

Published on June 13, 2019

Author: InfoSecInstituteEdu


1. PenTest+ Everything you need to know about CompTIA’s new certification

2. Looking for CPEs? Infosec webinars are a great way to earn CPEs • Request your completion certificate at: • CPE eligibility varies by certifying body. Learn more at:

3. Meet your speakers Hunter Reed Moderator Marketing Events Intern at Infosec Patrick Lane Guest speaker Director of Products at CompTIA

4. Agenda ● CompTIA PenTest+ overview ● PenTest+ career pathway ● PenTest+ exam objectives ● Training for the Pentest+ ● Q&A

5. CompTIA PenTest+ overview

6. CompTIA PenTest+ certification Domain % of exam 1.0 Planning and Scoping 15% 2.0 Information Gathering and Vulnerability Identification 22% 3.0 Attacks and Exploits 30% 4.0 Penetration Testing Tools 17% 5.0 Reporting and Communication 16% Total 100% CompTIA PenTest+ is a certification for intermediate-skills level cybersecurity professionals who are tasked with hands-on penetration testing to identify, exploit, report and manage vulnerabilities on a network. PenTest+ assesses the most up-to-date penetration testing, and vulnerability assessment and management skills necessary to determine the resiliency of the network against attacks. Successful candidates will have the intermediate skills and best practices required to customize assessment frameworks to effectively collaborate on and report findings, and communicate recommended strategies to improve the overall state of IT security. Skills competence for key job roles: ● Penetration tester ● Vulnerability tester ● Security analyst (II) ● Vulnerability assessment analyst ● Network security operations ● Application security vulnerability

7. How is Pentest+ different? 1. CompTIA PenTest+ is the only exam taken at a Pearson VUE testing center with both hands-on, performance-based questions and multiple-choice, to ensure each candidate possesses the skills, knowledge and ability to perform tasks on systems 1. CompTIA PenTest+ exam not only covers hands-on penetration testing and vulnerability assessment, but includes management skills used to plan, scope and manage weaknesses, not just exploit them. 1. CompTIA PenTest+ is unique because our certification requires a candidate to demonstrate the hands-on ability and knowledge to test devices in new environments such as the cloud and mobile, in addition to traditional desktops and servers.

8. Job task analysis (JTA) participants Key JTA participants ● Brotherhood Mutual ● Global Cyber Security ● SecureWorks ● North State Technology Solutions ● BlackFire Consulting ● TransUnion ● Las Vegas Sands Corporation ● Integra LifeSciences ● Enterprise Holdings ● Paylocity ● Johns Hopkins University Applied Physics Laboratory ● ASICS Corporation

9. PenTest+ exam information Item Description Exam code PT0-001 Launch date July 31, 2018 Availability Worldwide Pricing $349 USD (as of 10/1/2018) Testing provider Pearson VUE testing centers Question types Performance based and multiple choice # of questions Maximum of 85 questions Length of test 165 minutes Passing score 750 (on a scale of 100-900) Languages English only Recommended experience Network+, Security+ or equivalent knowledge CE program, ISO/ANSI and DoD accreditation Yes, part of CE program; CompTIA will pursue ISO/ANSI 17024 and DoD 8140/8570 approval

10. Metasploit example

11. SET (social engineering toolkit) example

12. Workforce indicators The U.S. Bureau of Labor Statistics (BLS) classifies the job role under Information Security Analysts, which includes: ● Conduct penetration testing, which is when analysts simulate attacks to look for vulnerabilities in their systems before they can be exploited ● Median pay: $92,600 per year ● Number of jobs available: 82,900 ● Job outlook: 28% growth by 2026 (much faster than average) classifies the job role under Penetration & Vulnerability Tester, which includes: ● Median pay: $98,000 per year ● Number of jobs available: 6,695 (For comparison purposes, states Cybersecurity Analyst open jobs at 19,017 jobs. That identifies one pentester/vulnerability assessor job for every three security analyst jobs.)

13. PenTest+ career pathway

14. Cybersecurity career pathway with PenTest+

15. Red team vs. blue team Red team (penetration testing) Blue team (security analyst) Red teams try to break into systems by identifying weaknesses in people, processes and technology Blue teams discover, contain and remove intruders through intrusion detection tools and other methods

16. Red team vs. blue team Red team exploits are demonstrated Blue team intrusion detection tools discover red team exploits

17. PenTest+ exam objectives

18. PenTest+ domain objectives 1.0 Planning and Scoping 15% 1.1 Explain the importance of planning for an engagement 1.2 Explain key legal concepts 1.3 Explain the importance of scoping an engagement properly 1.4 Explain the key aspects of compliance-based assessments

19. PenTest+ domain objectives 2.0 Information Gathering and Vulnerability Identification 22% 2.1 Given a scenario, conduct information gathering using appropriate techniques 2.2 Given a scenario, perform a vulnerability scan 2.3 Given a scenario, analyze vulnerability scan results 2.4 Explain the process of leveraging information to prepare for exploitation 2.5 Explain weaknesses related to specialized systems

20. PenTest+ domain objectives 3.0 Attacks and Exploits 30% 3.1 Compare and contrast social engineering attacks 3.2 Given a scenario, exploit network-based vulnerabilities 3.3 Given a scenario, exploit wireless and RF-based vulnerabilities 3.4 Given a scenario, exploit application-based vulnerabilities 3.5 Given a scenario, exploit local host vulnerabilities 3.6 Summarize physical security attacks related to facilities 3.7 Given a scenario, perform post-exploitation techniques

21. PenTest+ domain objectives 4.0 Penetration Testing Tools 17% 4.1 Given a scenario, use Nmap to conduct information gathering exercises 4.2 Compare and contrast various use cases of tools 4.3 Given a scenario, analyze tool output or data related to a penetration test 4.4 Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell)

22. PenTest+ domain objectives 5.0 Reporting and Communication 16% 5.1 Given a scenario, use report writing and handling best practices 5.2 Explain post-report delivery activities 5.3 Given a scenario, recommend mitigation strategies for discovered vulnerabilities 5.4 Explain the importance of communication during the penetration testing process

23. Training for the Pentest+

24. Get PenTest+ certified Learn penetration testing and prepare to earn your PenTest+ certification Hands-on training Build your skills through 100+ labs in our cloud-hosted cyber ranges, or test your exam readiness with dozens of certification practice exams 7-day free trial, then $34/month! Your complete career advisor Your subscription includes unlimited access to 300+ courses and 45+ skill- and certification-based learning paths, including: ● CompTIA’s Security+ (18 courses) ● CompTIA’s CySA+ (17 courses) ● CompTIA’s CASP+ (16 courses)

25. Questions?

26. Start your free trial today! The bad guys are getting smarter. Are you?

27. About us At Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We provide the best certification and skills development training for IT and security professionals, as well as employee security awareness training and phishing simulations. 708.689.0131

Add a comment