About this course
This course is designed for IT professionals who want to develop penetration testing skills to enable them to identify information system vulnerabilities and effective remediation techniques for those vulnerabilities. In particular, students who also need practical recommendations for action to properly protect information systems and their contents. This course is also designed for individuals who are preparing to take the CompTIA PenTest+ certification exam PT0-001, or who plan to use the PenTest+ as the foundation for more advanced security certifications or career roles.
At course completion
Attendees will learn how to:
- Plan and scope penetration tests
- Conduct passive reconnaissance
- Perform non-technical tests to gather information
- Conduct active reconnaissance
- Analyse vulnerabilities
- Penetrate networks
- Exploit host-based vulnerabilities
- Test applications
- Complete post-exploit tasks
Examination
- CompTIA PenTest+ Exam
- Number of Questions: Maximum of 110
- Type of Questions: Multiple choice and performance based
- Duration: 165 minutes
Planning and Scoping
- Explain the importance of planning for an engagement
- Explain key legal concepts.
- Explain the importance of scoping an engagement properly.
- Explain the key aspects of compliance-based assessments.
Information Gathering and Vulnerability Identification
- Given a scenario, conduct information gathering using appropriate techniques
- Given a scenario, perform a vulnerability scan.
- Given a scenario, analyse vulnerability scan results
- Explain the process of leveraging information to prepare for exploitation.
- Explain weaknesses related to specialised systems
Attacks and Exploits
- Compare and contrast social engineering attacks
- Given a scenario, exploit network-based vulnerabilities
- Given a scenario, exploit wireless and RF-based vulnerabilities
- Given a scenario, exploit application-based vulnerabilities
- Given a scenario, exploit local host vulnerabilities
- Summarise physical security attacks related to facilities
- Given a scenario, perform post-exploitation techniques
Penetration Testing Tools
- Given a scenario, use Nmap to conduct information gathering exercises
- Compare and contrast various use cases of tools
- Given a scenario, analyse tool output or data related to a penetration test
- Given a scenario, analyse a basic script (limited to Bash, Python, Ruby, and PowerShell)
Reporting and Communication
- Given a scenario, use report writing and handling best practices
- Explain post-report delivery activities
- Given a scenario, recommend mitigation strategies for discovered vulnerabilities
- Explain the importance of communication during the penetration testing process
Exam
Before attending this course, attendees should have:
- Network & Security Foundation or equivalent knowledge e.g. QAFCCS, QACYNETSEC
- A minimum of 2-3 years of hands-on information security or related experience
Auditoriniai mokymai
Pradžios data | Trukmė, d. | Kurso pavadinimas | Kaina, € | Statusas |
2023-02-13 | 5 | 20410: Installing and Configuring Windows Server 2012 | 1500 | |
2023-02-21 | 5 | 20412: Configuring Advanced Windows Server 2012 Services | 1500 | |
2023-03-06 | 5 | 20411: Administering Windows Server 2012 | 1500 | |
2023-03-27 | 5 | 10969: Active Directory Services with Windows Server | 1500 | |
Užklausti | 5 | Administering the Web Server (IIS) Role of Windows Server (nuotolinė klasė - ENG) | 1500 | Organizuojamas |
Užklausti | 5 | Installing and Configuring Windows Server 2012 (nuotolinė klasė - ENG) | 1500 | Organizuojamas |
Užklausti | 5 | Fundamentals of a Windows Server Infrastructure (nuotolinė klasė - ENG) | 1500 | Organizuojamas |
Užklausti | 5 | Active Directory Services with Windows Server (nuotolinė klasė - ENG) | 1500 | Organizuojamas |