Muutke küpsiste eelistusi

CompTIA PenTestplus Certification Passport (Exam PT0-001) [Pehme köide]

  • Formaat: Paperback / softback, 464 pages, kaal: 665 g, 80 Illustrations
  • Ilmumisaeg: 23-Mar-2020
  • Kirjastus: McGraw-Hill Education
  • ISBN-10: 1260460045
  • ISBN-13: 9781260460049
Teised raamatud teemal:
CompTIA PenTestplus Certification Passport (Exam PT0-001)Suurem pilt
  • Formaat: Paperback / softback, 464 pages, kaal: 665 g, 80 Illustrations
  • Ilmumisaeg: 23-Mar-2020
  • Kirjastus: McGraw-Hill Education
  • ISBN-10: 1260460045
  • ISBN-13: 9781260460049
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781260460049.html
Märksõnad:

This effective self-study guide serves as an accelerated review of all exam objectives for the CompTIA PenTest+ certification exam

This concise, quick-review test preparation guide offers 100% coverage of all exam objectives for the new CompTIA PenTest+ exam. Designed as an accelerated review of all the key information covered on the exam, the Passport’s established pedagogy enables you to tailor a course for study and drill down into the exam objectives. Special elements highlight actual exam topics and point you to additional resources for further information.

Written by an IT security expert and experienced author, CompTIA PenTest+ Certification Passport (Exam PT0-001) focuses on exactly what you need to know to pass the exam. The book features end of chapter review sections that provide bulleted summations organized by exam objective. Accurate practice exam questions with in-depth answer explanations aid in retention, reinforce what you have learned, and show how this information directly relates to the exam.

• Online content includes access to the TotalTester online test engine with 200 multiple-choice practice questions and additional performance-based questions
• Follows the newly-refreshed Certification Passport series developed by training guru Mike Meyers
• Includes a 10% off exam voucher coupon, a $35 value

Acknowledgments xvii
Introduction xix
Domain 1 Planning and Scoping 1(36)
Objective 1.1 Explain the importance of planning for an engagement
2(14)
Understanding the Target Audience
2(2)
Rules of Engagement
4(1)
Communication
5(1)
Resources and Requirements
6(1)
Confidentiality of Findings
6(1)
Known vs. Unknown
7(1)
Budget
7(1)
Impact Analysis and Remediation Timelines
8(1)
Disclaimers
8(1)
Technical Constraints
9(1)
Support Resources
9(4)
Review
13(1)
Questions
13(2)
Answers
15(1)
Objective 1.2 Explain key legal concepts
16(4)
Contracts
16(1)
Environmental Differences
17(1)
Written Authorization
18(1)
Review
18(1)
Questions
19(1)
Answers
20(1)
Objective 1.3 Explain the importance of scoping an engagement properly
20(13)
Types of Penetration Testing
21(2)
Goals-Based/Objectives-Based Penetration Testing
21(1)
Compliance-Based Penetration Testing
22(1)
Red Team Testing
22(1)
Special Scoping Considerations
23(1)
Target Selection
23(3)
Targets
23(2)
Testing Considerations
25(1)
Strategy
26(1)
Risk Acceptance
27(1)
Tolerance to Impact
28(1)
Scheduling
28(1)
Scope Creep
28(1)
Threat Actors
28(2)
Threat Models
30(1)
Review
30(1)
Questions
31(1)
Answers
32(1)
Objective 1.4 Explain the key aspects of compliance-based assessments
33(4)
Compliance-Based Assessments, Limitations, and Caveats
33(1)
Rules to Complete Assessment
34(1)
Password Policies and Key Management
34(1)
Data Isolation
34(1)
Limitations
35(1)
Clearly Defined Objectives Based on Regulations
35(1)
Review
35(1)
Questions
35(1)
Answers
36(1)
Domain 2.0 Information Gathering and Vulnerability Identification 37(54)
Objective 2.1 Given a scenario, conduct information gathering using appropriate techniques
38(18)
Scanning
41(2)
Enumeration
43(5)
Hosts
43(1)
Networks
43(1)
Domains
44(1)
Users and Groups
45(1)
Network Shares
45(1)
Web Pages
46(1)
Services and Applications
46(1)
Token Enumeration
47(1)
Social Network Enumeration
47(1)
Fingerprinting
48(1)
Packet Crafting
48(1)
Packet Inspection
48(1)
Cryptography
49(1)
Certificate Inspection
50(1)
Eavesdropping
50(2)
RF Communication Monitoring
51(1)
Sniffing
52(1)
Decompilation
52(1)
Debugging
53(1)
Open-Source Intelligence Gathering
53(1)
Review
54(1)
Questions
55(1)
Answers
56(1)
Objective 2.2 Given a scenario, perform a vulnerability scan
56(11)
Credentialed vs. Noncredentialed
57(1)
Credentialed Scans
57(1)
Noncredentialed scans
58(1)
Types of Scans
58(2)
Container Security
60(1)
Application Scanning
61(1)
DAST
61(1)
SAST
62(1)
Considerations of Vulnerability Scanning
62(3)
Time to Run Scans
62(1)
Protocols Used
63(1)
Network Topology and Bandwidth Limitations
64(1)
Fragile Systems/Nontraditional Assets
64(1)
Review
65(1)
Questions
65(1)
Answers
66(1)
Objective 2.3 Given a scenario, analyze vulnerability scan results
67(7)
Asset Categorization
68(2)
Adjudication
70(1)
Prioritization of Vulnerabilities
71(1)
Common Themes
72(1)
Review
72(1)
Questions
73(1)
Answers
73(1)
Objective 2.4 Explain the process of leveraging information to prepare for exploitation
74(9)
Map Vulnerabilities to Potential Exploits
74(3)
Prioritize Activities in Preparation for a Penetration Test
77(1)
Describe Common Techniques to Complete an Attack
77(5)
Cross-Compiling Code
78(1)
Exploit Modification
79(1)
Exploit Chaining
79(1)
Proof-of-Concept Development (Exploit Development)
79(1)
Social Engineering
79(1)
Deception
80(1)
Credential Brute Forcing
80(1)
Dictionary Attacks
80(1)
Rainbow Tables
81(1)
Review
82(1)
Questions
82(1)
Answers
83(1)
Objective 2.5 Explain weaknesses related to specialized systems
83(8)
ICS and SCADA
83(2)
Mobile
85(1)
IoT
85(1)
Embedded Systems
86(1)
Point-of-Sale Systems
86(1)
Biometrics
86(1)
RTOS
87(1)
Review
87(1)
Questions
88(1)
Answers
89(2)
Domain 3.0 Attacks and Exploits 91(186)
Objective 3.1 Compare and contrast social engineering attacks
92(14)
Phishing
93(4)
Spear Phishing
93(1)
SMS Phishing
94(2)
Voice Phishing
96(1)
Whaling
96(1)
Elicitation
97(2)
Goals of Elicitation
97(1)
Example Tactics for Elicitation
98(1)
Interrogation
99(1)
Impersonation
99(1)
Shoulder Surfing
100(1)
Physical Drops
100(1)
Motivation Techniques
101(1)
Review
102(2)
Questions
104(2)
Answers
106(1)
Objective 3.2 Given a scenario, exploit network-based vulnerabilities
106(38)
Name Resolution Exploits
107(8)
DNS Attacks
107(6)
NetBIOS and LLMNR Name Services
113(2)
SMB Exploits
115(2)
SNMP Exploits
117(2)
SMTP Exploits
119(2)
FTP Exploits
121(2)
Pass-the-Hash
123(2)
Man-in-the-Middle Attack
125(8)
ARP Spoofing
125(4)
Replay Attacks
129(1)
Relay Attacks
130(1)
SSL Stripping
131(2)
Downgrade Attacks
133(1)
DoS/Stress Test
133(2)
NAC Bypass
135(1)
VLAN Hopping
136(1)
Review
137(1)
Questions
138(5)
Answers
143(1)
Objective 3.3 Given a scenario, exploit wireless and RF-based vulnerabilities
144(21)
Wireless Network Types
144(5)
Open
145(1)
WEP
145(1)
WPA
146(3)
Wireless Network Attacks
149(9)
Evil Twin
149(2)
Downgrade Attack
151(1)
Deauthentication Attacks
151(1)
Fragmentation Attacks
152(2)
Credential Harvesting
154(1)
WPS Implementation Weakness
154(4)
Other Wireless Attacks
158(5)
Bluetooth
158(3)
RFID Cloning
161(1)
Jamming
162(1)
Review
163(1)
Questions
163(1)
Answers
164(1)
Objective 3.4 Given a scenario, exploit application-based vulnerabilities.
165(34)
Injections
165(14)
SQL Injection
166(5)
HTML Injection and Cross-Site Scripting
171(3)
Code Injection and Command Injection
174(5)
Security Misconfiguration
179(3)
Directory Traversal
179(1)
File Inclusion
180(1)
Cookie Manipulation
181(1)
Authentication
182(4)
Credential Brute Forcing
182(1)
Session Hijacking
183(1)
Redirect
184(1)
Default and Weak Credentials
185(1)
Authorization
186(2)
Parameter Pollution
186(1)
Insecure Direct Object Reference
187(1)
Unsecure Code Practices
188(6)
Comments in Source Code
188(1)
Lack of Error Handling
189(1)
Hard-Coded Credentials
189(1)
Race Conditions
190(1)
Unauthorized Use of Functions/Unprotected APIs
191(1)
Hidden Elements
192(1)
Lack of Code Signing
193(1)
Other Attacks
194(2)
Cross-Site Request Forgery
194(1)
Clickjacking
195(1)
Review
196(1)
Questions
196(2)
Answers
198(1)
Objective 3.5 Given a scenario, exploit local host vulnerabilities
199(50)
Windows Host-Based Vulnerabilities
199(16)
Windows Privileges
199(9)
Windows OS Vulnerabilities
208(2)
Windows Configuration Weaknesses
210(2)
Windows Service Abuse
212(3)
Linux Host-Based Vulnerabilities
215(15)
Linux Privileges
216(5)
Linux OS Vulnerabilities
221(2)
Linux Default Configurations
223(1)
Linux Service Exploits
224(3)
Android
227(3)
Apple Device Host-Based Vulnerabilities
230(5)
macOS
230(2)
iOS
232(3)
Sandbox Escape and Controls Evasion
235(5)
Shell Upgrade
236(1)
Virtual Machines
236(1)
Containers
237(1)
Application Sandboxes
238(1)
AV and Antimalware Evasion
239(1)
Other Exploitations
240(5)
Exploitation of Memory Vulnerabilities
240(2)
Keyloggers
242(1)
Physical Device Security
242(3)
Review
245(1)
Questions
246(2)
Answers
248(1)
Objective 3.6 Summarize physical security attacks related to facilities
249(5)
Piggybacking/Tailgating
249(1)
Fence Jumping
250(1)
Dumpster Diving
250(1)
Locks
251(1)
Lock Picking
251(1)
Lock Bypass
251(1)
Bypassing Other Surveillance
252(1)
Review
253(1)
Questions
253(1)
Answers
254(1)
Objective 3.7 Given a scenario, perform post-exploitation techniques
254(23)
Lateral Movement
255(10)
RPC/DCOM
255(1)
PsExec
256(1)
WMI
257(1)
Scheduled Tasks
258(1)
PS Remoting/WinRM
258(1)
SMB
259(1)
RDP
260(1)
Apple Remote Desktop
261(1)
VNC
261(1)
X-Server Forwarding
262(1)
Telnet
263(1)
SSH
264(1)
Persistence
265(7)
Daemons
266(3)
Backdoors
269(1)
Trojans
269(2)
New User Creation
271(1)
Covering Your Tracks
272(1)
Review
272(1)
Questions
273(1)
Answers
274(3)
Domain 4.0 Penetration Testing Tools 277(108)
Objective 4.1 Given a scenario, use Nmap to conduct information gathering exercises
278(11)
Nmap Scanning Options
278(6)
SYN Scan
278(1)
Full Connect Scan
279(1)
Service Identification
279(1)
Script Scanning
280(1)
OS Fingerprinting
280(2)
Scanning with -A
282(1)
Disable Ping
282(1)
Input File
283(1)
Timing
283(1)
Output Parameters
284(3)
Verbosity: -v
284(1)
Normal Output: -oN
284(1)
Grepable Output: -oG
284(2)
XML Output: -oX
286(1)
All Output: -oA
286(1)
Review
287(1)
Questions
287(1)
Answers
288(1)
Objective 4.2 Compare and contrast various use cases of tools
289(1)
Objective 4.3 Given a scenario, analyze tool output or data related to a penetration test
289(81)
Testing Tools
289(70)
AFL
289(2)
APK Studio
291(1)
APKX
292(1)
Aircrack-ng
293(1)
Aireplay-ng
294(1)
Airodump-ng
294(1)
BeEF
295(1)
Burp Suite
296(4)
Cain and Abel
300(1)
Censys
301(1)
CeWL
302(1)
DirBuster
303(1)
Drozer
304(1)
PowerShell Empire
305(2)
FOCA
307(1)
Findbugs/Findsecbugs/SpotBugs
308(2)
GDB
310(1)
Hashcat
311(2)
Hostapd
313(1)
Hping
313(2)
Hydra
315(1)
IDA
315(1)
Immunity Debugger
316(2)
Impacket
318(1)
John the Ripper
319(1)
Kismet
320(1)
Maltego
321(1)
Medusa
322(1)
Metasploit Framework
323(2)
Mimikatz
325(2)
Ncat
327(1)
Ncrack
328(1)
Nessus
329(1)
Netcat
330(1)
Nikto
330(1)
Nslookup
331(1)
OWASP ZAP
332(2)
OllyDbg
334(2)
OpenVAS
336(1)
Packetforge-ng
336(1)
Patator
337(1)
Peach
338(1)
PTH-smbclient
339(1)
PowerSploit
339(1)
Proxychains
340(2)
Recon-NG
342(2)
Responder
344(1)
SET
345(1)
SQLMap
346(2)
SSH
348(1)
Scapy
348(1)
Searchsploit
349(1)
Shodan
350(1)
SonarQube
350(2)
The Harvester
352(1)
W3AF
353(1)
Whois
354(1)
Wifite
355(1)
WinDBG
356(1)
Wireshark
357(2)
Setting Up a Bind Shell
359(3)
Bash
359(1)
Python
360(1)
PowerShell
361(1)
Reverse Shells
362(2)
Bash
362(1)
Python
362(1)
PowerShell
363(1)
Uploading a Web Shell
364(1)
Tomcat Compromise with Metasploit
364(1)
Review
365(1)
Questions
366(3)
Answers
369(1)
Objective 4.4 Given a scenario, analyze a basic script
370(15)
Scripts
370(1)
Variables
371(1)
String Operations
371(3)
Comparison Operators
374(1)
Flow Control
374(1)
Input and Output (I/O)
375(2)
Terminal I/O
375(1)
File I/O
376(1)
Network I/O
376(1)
Arrays
377(3)
Error Handling
380(1)
Encoding/Decoding
381(1)
Review
382(1)
Questions
382(2)
Answers
384(1)
Domain 5.0 Reporting and Communication 385(30)
Objective 5.1 Given a scenario, use report writing and handling best practices
386(7)
Normalization of Data
386(1)
Written Report of Findings and Remediation
387(3)
Executive Summary
388(1)
Methodology
388(1)
Metrics and Measures
389(1)
Findings and Remediation
389(1)
Conclusion
390(1)
Risk Appetite
390(1)
Secure Handling and Disposition of Reports
391(1)
Review
391(1)
Questions
392(1)
Answers
393(1)
Objective 5.2 Explain post-report delivery activities
393(5)
Post-Engagement Cleanup
394(1)
Client Acceptance and Attestation of Findings
394(1)
Follow-up Actions/Retest
395(1)
Lessons Learned
396(1)
Review
396(1)
Questions
396(2)
Answers
398(1)
Objective 5.3 Given a scenario, recommend mitigation strategies for discovered vulnerabilities
398(10)
Solutions
398(2)
Findings and Remediation
400(6)
Shared Local Administrator Credentials
400(1)
Weak Password Complexity
401(1)
Plaintext Passwords
402(1)
No Multifactor Authentication
403(1)
SQL Injection
404(1)
Unnecessary Open Services
405(1)
Review
406(1)
Questions
407(1)
Answers
408(1)
Objective 5.4 Explain the importance of communication during the penetration testing process
408(7)
Communication Path
408(1)
Communication Triggers
409(1)
Critical Findings
409(1)
Stages
409(1)
Indicators of Prior Compromise
410(1)
Reasons for Communication
410(1)
Situational Awareness
410(1)
De-escalation
411(1)
Deconfliction
411(1)
Goal Reprioritization
411(1)
Review
412(1)
Questions
412(1)
Answers
413(2)
A About the Online Content 415(4)
System Requirements
415(1)
Your Total Seminars Training Hub Account
415(1)
Privacy Notice
415(1)
Single User License Terms and Conditions
415(2)
TotalTester Online
417(1)
Performance-Based Questions
417(1)
Technical Support
418(1)
Glossary 419(10)
Index 429