CompTIA PenTest+ is for cybersecurity professionals tasked with penetration
testing and vulnerability management.
Why is it different?
CompTIA PenTest+ is the only penetration testing exam taken at a Pearson VUE
testing center with both hands-on, performance-based questions and
multiple-choice, to ensure each candidate possesses the skills, knowledge, and
ability to perform tasks on systems. PenTest+ exam also includes management
skills used to plan, scope, and manage weaknesses, not just exploit them.
PenTest+ is unique because our certification requires a candidate to demonstrate
the hands-on ability and knowledge to test devices in new environments such as
the cloud and mobile, in addition to traditional desktops and servers.
About the exam
The new PenTest+ (PT0-002) exam will launch October, 2021!
Beta exam registration available on April 13, 2021. Interested in taking the
beta exam? Registration on the Pearson VUE site.
CompTIA PenTest+ assesses the most up-to-date penetration testing, and
vulnerability assessment and management skills necessary to determine the
resiliency of the network against attacks.
Successful candidates will have the intermediate skills required to customize
assessment frameworks to effectively collaborate on and report findings.
Candidates will also have the best practices to communicate recommended
strategies to improve the overall state of IT security.
CompTIA PenTest+ is compliant with ISO 17024 standards and approved by the US
DoD to meet directive 8140/8570.01-M requirements. Regulators and government
rely on ANSI accreditation, because it provides confidence and trust in the
outputs of an accredited program. Over 2.3 million CompTIA ISO/ANSI-accredited
exams have been delivered since January 1, 2011.
What Skills Will You Learn?
HARDWARE
PLANNING & SCOPING
Explain the importance of planning and key aspects of compliance-based
assessments
WINDOWS OPERATING SYSTEMS
INFORMATION GATHERING &
VULNERABILITY IDENTIFICATION
Gather information to prepare for exploitation then perform a vulnerability
scan and analyze results.
SOFTWARE TROUBLESHOOTING
ATTACKS & EXPLOITS
Exploit network, wireless, application, and RF-based vulnerabilities,
summarize physical security attacks, and perform post-exploitation techniques
NETWORKING
PENETRATION TESTING TOOLS
Conduct information gathering exercises with various tools and analyze output
and basic scripts (limited to: Bash, Python, Ruby, PowerShell)
HARDWARE & NETWORK TROUBLESHOOTING
REPORTING & COMMUNICATION
Utilize report writing and handling best practices explaining recommended
mitigation strategies for discovered vulnerabilities
obs that use CompTIA PenTest+
Penetration Tester
Vulnerability Tester
Security Analyst (II)
Vulnerability Assessment Analyst
Network Security Operations
Application Security Vulnerability
Renewal
Keep your certification up to date with CompTIA’s Continuing Education (CE)
program. It’s designed to be a continued validation of your expertise and a tool
to expand your skillset. It’s also the ace up your sleeve when you’re ready to
take the next step in your career.
Get the most out of your certification
Information technology is an incredibly dynamic field, creating new
opportunities and challenges every day. Participating in our Continuing
Education program will enable you to stay current with new and evolving
technologies and remain a sought-after IT and security expert.
The CompTIA Continuing Education program
Your CompTIA PenTest+ certification is good for three years from the date of
your exam. The CE program allows you to extend your certification in three-year
intervals through activities and training that relate to the content of your
certification.
It’s easy to renew
You can participate in a number of activities and training programs, including
higher certifications, to renew your CompTIA PenTest+ certification. Collect at
least 60 Continuing Education Units (CEUs) in three years and upload them to
your certification account, and your CompTIA PenTest+ certification will
automatically renew.
QUESTION 1
Which of the following should a penetration tester consider FIRST when
engaging in a penetration test in a cloud environment?
A. Whether the cloud service provider allows the penetration tester to test the
environment
B. Whether the specific cloud services are being used by the application
C. The geographical location where the cloud services are running
D. Whether the country where the cloud service is based has any impeding laws
Correct Answer: C
QUESTION 2
A penetration tester who is conducting a web-application test discovers a
clickjacking vulnerability associated
with a login page to financial data. Which of the following should the tester do
with this information to make this a successful exploit?
A. Perform XSS.
B. Conduct a watering-hole attack.
C. Use BeEF.
D. Use browser autopwn.
Correct Answer: A
QUESTION 3
A company that requires minimal disruption to its daily activities needs a
penetration tester to perform
information gathering around the company’s web presence. Which of the following
would the tester find MOST
helpful in the initial information-gathering steps? (Choose two.)
A. IP addresses and subdomains
B. Zone transfers
C. DNS forward and reverse lookups
D. Internet search engines
E. Externally facing open ports
F. Shodan results
Correct Answer: AB
QUESTION 4
A penetration tester discovers that a web server within the scope of the
engagement has already been
compromised with a backdoor. Which of the following should the penetration
tester do NEXT?
A. Forensically acquire the backdoor Trojan and perform attribution
B. Utilize the backdoor in support of the engagement
C. Continue the engagement and include the backdoor finding in the final report
D. Inform the customer immediately about the backdoor
Correct Answer: C
QUESTION 5
Which of the following are the MOST important items to include in the final
report for a penetration test? (Choose two.)
A. The CVSS score of the finding
B. The network location of the vulnerable device
C. The vulnerability identifier
D. The client acceptance form
E. The name of the person who found the flaw
F. The tool used to find the issue
Correct Answer: CF
QUESTION 6
A penetration tester who is performing a physical assessment of a company’s
security practices notices the
company does not have any shredders inside the office building. Which of the
following techniques would be
BEST to use to gain confidential information?
A. Badge cloning
B. Dumpster diving
C. Tailgating
D. Shoulder surfing
Correct Answer: B
QUESTION 7
A penetration tester conducted an assessment on a web server. The logs from
this session show the
following:
http://www.thecompanydomain.com/servicestatus.php?serviceID=892&serviceID=892 ‘
;
DROP TABLE SERVICES; --
Which of the following attacks is being attempted?
A. Clickjacking
B. Session hijacking
C. Parameter pollution
D. Cookie hijacking
E. Cross-site scripting
Correct Answer: C
Actualkey CompTIA PT1-002 Exam pdf, Certkingdom CompTIA PT1-002 PDF
Best CompTIA PT1-002 Certification, CompTIA PT1-002 Training at certkingdom.com
