CompTIA PenTest+ Study Guide

Prepare for the CompTIA PenTest+ certification exam and improve your information security job performance with Sybex

In the newly revised third edition of the CompTIA PenTest+ Study Guide: Exam PT0-003, renowned information security professionals Mike Chapple, Rob Shimonski, and David Seidl deliver a comprehensive and up-to-date roadmap to succeeding on the challenging PenTest+ certification exam. Freshly updated to track the latest changes made to Exam PT0-003, the book will prepare you not just for the test, but for your first day at your first or next information security job.

From penetration testing to vulnerability management and assessment, the authors cover every competency tested by the qualification exam. You'll also find:

• Complimentary access to the Sybex online learning environment, complete with hundreds of electronic flashcards and a searchable glossary of important terms
• Up-to-date info organized to track the newly updated PT0-003 PenTest+ certification exam
• Quick reference material and practice tests designed to help you prepare smarter and faster for the test

Succeed on the PT0-003 exam the first time. Grab a copy of CompTIA PenTest+ Study Guide and walk into the test—or your new information security job—with confidence.

Introduction xxix

Assessment Test xl

Chapter 1 Penetration Testing 1

Chapter 2 Planning and Scoping Penetration Tests 21

Chapter 3 Information Gathering 57

Chapter 4 Vulnerability Scanning 113

Chapter 5 Analyzing Vulnerability Scans 151

Chapter 6 Exploit and Pivot 193

Chapter 7 Exploiting Network Vulnerabilities 253

Chapter 8 Exploiting Physical and Social Vulnerabilities 299

Chapter 9 Exploiting Application Vulnerabilities 329

Chapter 10 Exploiting Host Vulnerabilities 379

Chapter 11 Reporting and Communication 443

Chapter 12 Scripting for Penetration Testing 471

Appendix A Answers to Review Questions 515

Appendix B Solution to Lab Exercise 539

Index 541

ABOUT THE AUTHORS

Mike Chapple, PhD, is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame’s Mendoza College of Business. He is a bestselling author of over 50 books and serves as the Academic Director of the University’s Master of Science in Business Analytics program. He holds multiple additional certifications, including the CISSP (Certified Information Systems Security Professional), CySA+ (CompTIA Cybersecurity Analyst), CIPP/US (Certified Information Privacy Professional), CompTIA PenTest+, and CompTIA Security+. Mike provides cybersecurity certification resources at his website, CertMike.com.

Robert Shimonski, CASP+, CySA+, PenTest+, Security+, is a technology executive specializing in healthcare IT for one of the largest health systems in America. Rob is considered a leading expert in prepping others to achieve certification success.

David Seidl is Vice President for Information Technology and Chief Information Officer at Miami University. He has served in a variety of technical and information security roles.

A comprehensive roadmap to the newly updated CompTIA^® PenTest+^® certification exam

The CompTIA^® PenTest+^® Study Guide, Third Edition, is an up-to-date and comprehensive roadmap to the skills and techniques you’ll need to ace the PT0-003 exam and succeed in your first – or next – information security role. This Study Guide covers every objective tested by the CompTIA^® PenTest+^® certification exam, from penetration testing to vulnerability assessment, report creation, teamwork, and more. It includes complimentary access to online study tools, hundreds of practice exam questions, flashcards, and a searchable glossary of important terms. Prepare smarter and faster with the CompTIA^® PenTest+^® Study Guide from Sybex.

Coverage of 100% of all exam objectives in this Study Guide means you’ll be ready for:

• Engagement Management
• Reconnaissance and Enumeration
• Vulnerability Discovery and Analysis
• Attacks and Exploits
• Post-exploitation and Lateral Movement

ABOUT THE COMPTIA PENTEST+ PROGRAM

The CompTIA^® PenTest+^® certification demonstrates your ability to manage security vulnerabilities and conduct penetration tests of IT systems in a wide variety of settings and environments.

Interactive learning environment

Take your exam prep to the next level with Sybex’s superior interactive online study tools. To access our learning environment, simply visit www.wiley.com/go/sybextestprep, register your book to receive your unique PIN, and instantly gain one year of FREE access after activation to:

• Interactive test bank with a practice exam to help you to identify areas where further review is needed. Get more than 90% of the answers correct, and you’re ready to take the certification exam.
• 100 electronic flashcards to reinforce learning and last-minute prep before the exam.
• Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared.