Pentest (pt0 002)

CompTIA PenTest+
Certification
Exam Objectives
EXAM NUMBER: PT0-002
About the Exam
Candidates are encouraged to use this document to help prepare for the CompTIA
PenTest+ (PT0-002) certification exam. The CompTIA PenTest+ certification exam will
verify the successful candidate has the knowledge and skills required to:
• Plan and scope a penetration testing engagement
• Understand legal and compliance requirements
• Perform vulnerability scanning and penetration testing using appropriate
tools and techniques, and then analyze the results
• Produce a written report containing proposed remediation techniques, effectively
communicate results to the management team, and provide practical recommendations
This is equivalent to three to four years of hands-on experience working
in a security consultant or penetration tester job role.
These content examples are meant to clarify the test objectives and should not be
construed as a comprehensive listing of all the content of this examination.
EXAM ACCREDITATION
The CompTIA PenTest+ (PT0-002) exam is accredited by ANSI to show compliance with the ISO 17024
standard and, as such, undergoes regular reviews and updates to the exam objectives.
EXAM DEVELOPMENT
CompTIA exams result from subject-matter expert workshops and industry-wide survey
results regarding the skills and knowledge required of an IT professional.
CompTIA AUTHORIZED MATERIALS USE POLICY
CompTIA Certifications, LLC is not affiliated with and does not authorize, endorse, or condone utilizing any
content provided by unauthorized third-party training sites (aka “brain dumps”). Individuals who utilize
such materials in preparation for any CompTIA examination will have their certifications revoked and be
suspended from future testing in accordance with the CompTIA Candidate Agreement. In an effort to more
clearly communicate CompTIA’s exam policies on use of unauthorized study materials, CompTIA directs
all certification candidates to the CompTIA Certification Exam Policies. Please review all CompTIA policies
before beginning the study process for any CompTIA exam. Candidates will be required to abide by the
CompTIA Candidate Agreement. If a candidate has a question as to whether study materials are considered
unauthorized (aka “brain dumps”), they should contact CompTIA at [email protected] to confirm.
PLEASE NOTE
The lists of examples provided in bulleted format are not exhaustive lists. Other examples of
technologies, processes, or tasks pertaining to each objective may also be included on the exam
although not listed or covered in this objectives document. CompTIA is constantly reviewing the
content of our exams and updating test questions to be sure our exams are current, and the security
of the questions is protected. When necessary, we will publish updated exams based on existing
exam objectives. Please know that all related exam preparation materials will still be valid.
CompTIA PenTest+ Certification Exam Objectives Version 9.0 (Exam Number: PT0-002)
Copyright © 2020 CompTIA, Inc. All rights reserved.
TEST DETAILS
Required exam PT0-002
Number of questions Maximum of 85
Types of questions Multiple-choice and performance-based
Length of test 165 minutes
Recommended experience 3–4 years of hands-on experience performing
penetration tests, vulnerability assessments,
and code analysis
Passing score 750 (on a scale of 100-900)
EXAM OBJECTIVES (DOMAINS)

The table below lists the domains measured by this examination
and the extent to which they are represented.
DOMAIN PERCENTAGE OF EXAMINATION
1.0 Planning and Scoping 14%

2.0 Information Gathering and Vulnerability Scanning 22%
3.0 Attacks and Exploits 30%
4.0 Reporting and Communication 18%
5.0 Tools and Code Analysis 16%
Total 100%
1.0 Planning and Scoping
1.1 Compare and contrast governance, risk, and compliance concepts.
• Regulatory compliance considerations - Tool restrictions - Statement of work
- Payment Card Industry Data - Local laws - Non-disclosure agreement (NDA)
Security Standard (PCI DSS) - Local government requirements - Master service agreement
- General Data Protection - Privacy requirements • Permission to attack
Regulation (GDPR) • Legal concepts
• Location restrictions - Service-level agreement (SLA)
- Country limitations - Confidentiality
1.2 Explain the importance of scoping and

organizational/customer requirements.
• Standards and methodologies • Rules of engagement - Application programming
- MITRE ATT&CK - Time of day interfaces (APIs)
- Open Web Application - Types of allowed/disallowed tests - Physical locations
Security Project (OWASP) - Other restrictions - Domain name system (DNS)
- National Institute of Standards • Environmental considerations - External vs. internal targets
and Technology (NIST) - Network - First-party vs. third-party hosted
- Open-source Security Testing - Application • Validate scope of engagement
Methodology Manual (OSSTMM) - Cloud - Question the client/review contracts
- Penetration Testing • Target list/in-scope assets - Time management
Execution Standard (PTES) - Wireless networks - Strategy
- Information Systems Security - Internet Protocol (IP) ranges - Unknown-environment vs.
Assessment Framework (ISSAF) - Domains known-environment testing
1.3 Given a scenario, demonstrate an ethical hacking mindset

by maintaining professionalism and integrity.
• Background checks of • Limit the use of tools to a • Risks to the professional
penetration testing team particular engagement - Fees/fines
• Adhere to specific scope of engagement • Limit invasiveness based on scope - Criminal charges
• Identify criminal activity • Maintain confidentiality
• Immediately report breaches/ of data/information
criminal activity
2.0 Information Gathering
and Vulnerability Scanning
2.1 Given a scenario, perform passive reconnaissance.
• DNS lookups • Company reputation/security posture • Open-source intelligence (OSINT)
• Identify technical contacts • Data - Tools
• Administrator contacts - Password dumps - Shodan
• Cloud vs. self-hosted - File metadata - Recon-ng
• Social media scraping - Strategic search engine - Sources
- Key contacts/job responsibilities analysis/enumeration - Common weakness
- Job listing/technology stack - Website archive/caching enumeration (CWE)
• Cryptographic flaws - Public source-code repositories - Common vulnerabilities
- Secure Sockets Layer (SSL) certificates and exposures (CVE)
- Revocation
2.2 Given a scenario, perform active reconnaissance.
• Enumeration • Packet crafting • Wardriving

- Hosts - Scapy • Network traffic
- Services • Defense detection - Capture API requests and responses
- Domains - Load balancer detection - Sniffing
- Users - Web application firewall • Cloud asset discovery
- Uniform resource locators (URLs) (WAF) detection • Third-party hosted services
• Website reconnaissance - Antivirus • Detection avoidance
- Crawling websites - Firewall
- Scraping websites • Tokens
- Manual inspection of web links - Scoping
- robots.txt - Issuing
- Revocation
2.0 Information Gathering and Vulnerability Scanning
2.3 Given a scenario, analyze the results of a reconnaissance exercise.

• Fingerprinting - Network traffic
- Operating systems (OSs) - Address Resolution
- Networks Protocol (ARP) traffic
- Network devices - Nmap scans
- Software - Web logs
• Analyze output from:
- DNS lookups
- Crawling websites
2.4 Given a scenario, perform vulnerability scanning.

• Considerations of vulnerability scanning • Nmap
- Time to run scans - Nmap Scripting Engine (NSE) scripts
- Protocols - Common options
- Network topology  -A
- Bandwidth limitations  -sV
- Query throttling  -sT
- Fragile systems  -Pn
- Non-traditional assets  -O
• Scan identified targets for vulnerabilities  -sU
• Set scan settings to avoid detection  -sS
• Scanning methods  -T 1-5
- Stealth scan  -script=vuln
- Transmission Control  -p
Protocol (TCP) connect scan • Vulnerability testing tools
- Credentialed vs. non-credentialed that facilitate automation
3.0 Attacks and Exploits
3.1 Given a scenario, research attack vectors and perform network attacks.
• Stress testing for availability - DNS cache poisoning
• Exploit resources - Virtual local area network
- Exploit database (DB) (VLAN) hopping
- Packet storm - Network access control (NAC) bypass
• Attacks - Media access control (MAC) spoofing
- ARP poisoning - Link-Local Multicast Name
- Exploit chaining Resolution (LLMNR)/NetBIOS-
- Password attacks Name Service (NBT-NS) poisoning
- Password spraying - New Technology LAN Manager
- Hash cracking (NTLM) relay attacks
- Brute force • Tools
- Dictionary - Metasploit
- On-path (previously known - Netcat
as man-in-the-middle) - Nmap
- Kerberoasting
3.2 Given a scenario, research attack vectors and perform wireless attacks.
• Attack methods - Captive portal
- Eavesdropping - Bluejacking
- Data modification - Bluesnarfing
- Data corruption - Radio-frequency identification
- Relay attacks (RFID) cloning
- Spoofing - Bluetooth Low Energy (BLE) attack
- Deauthentication - Amplification attacks [Near-
- Jamming field communication (NFC)]
- Capture handshakes - WiFi protected setup (WPS) PIN attack
- On-path • Tools
• Attacks - Aircrack-ng suite
- Evil twin - Amplified antenna
3.3 Given a scenario, research attack vectors and

perform application-based attacks.
• OWASP Top 10 • Application vulnerabilities • Directory traversal
• Server-side request forgery - Race conditions • Tools
• Business logic flaws - Lack of error handling - Web proxies
• Injection attacks - Lack of code signing - OWASP Zed Attack Proxy (ZAP)
- Structured Query Language - Insecure data transmission - Burp Suite community edition
(SQL) injection - Session attacks - SQLmap
- Blind SQL - Session hijacking - DirBuster
- Boolean SQL - Cross-site request forgery (CSRF) • Resources
- Stacked queries - Privilege escalation - Word lists
- Command injection - Session replay
- Cross-site scripting - Session fixation
- Persistent • API attacks
- Reflected - Restful
- Lightweight Directory Access - Extensible Markup Language-
Protocol (LDAP) injection Remote Procedure Call (XML-RPC)
- Soap
3.4 Given a scenario, research attack vectors and

perform attacks on cloud technologies.
• Attacks • Tools
- Credential harvesting - Software development kit (SDK)
- Privilege escalation
- Account takeover
- Metadata service attack
- Misconfigured cloud assets
- Identity and access
management (IAM)
- Federation misconfigurations
- Object storage
- Containerization technologies
- Resource exhaustion
- Cloud malware injection attacks
- Denial-of-service attacks
- Side-channel attacks
- Direct-to-origin attacks
3.5 Explain common attacks and vulnerabilities

against specialized systems.
• Mobile  - Objection - Network exposure
- Attacks  - Android SDK tools - Lack of user input sanitization
- Reverse engineering  - ApkX - Underlying software vulnerabilities
- Sandbox analysis  - APK Studio - Error messages and debug handling
- Spamming • Internet of Things (IoT) devices - Injection vulnerabilities
- Vulnerabilities - BLE attacks  - Single quote method
- Insecure storage - Special considerations • Management interface vulnerabilities
- Passcode vulnerabilities  - Fragile environment - Intelligent platform
- Certificate pinning  - Availability concerns management interface (IPMI)
- Using known  - Data corruption • Vulnerabilities related to supervisory
vulnerable components  - Data exfiltration control and data acquisition (SCADA)/
(i) Dependency vulnerabilities - Vulnerabilities Industrial Internet of Things (IIoT)/
(ii) Patching fragmentation  - Insecure defaults industrial control system (ICS)
- Execution of activities using root  - Cleartext communication • Vulnerabilities related to
- Over-reach of permissions  - Hard-coded configurations virtual environments
- Biometrics integrations  - Outdated firmware/hardware - Virtual machine (VM) escape
- Business logic vulnerabilities  - Data leakage - Hypervisor vulnerabilities
- Tools  - Use of insecure or - VM repository vulnerabilities
- Burp Suite outdated components • Vulnerabilities related to
- Drozer • Data storage system vulnerabilities containerized workloads
- Mobile Security Framework (MobSF) - Misconfigurations—on-premises
- Postman and cloud-based
- Ettercap - Default/blank
- Frida username/password
3.6 Given a scenario, perform a social engineering or physical attack.

• Pretext for an approach • Physical attacks - Social engineering toolkit
• Social engineering attacks - Tailgating - Call spoofing tools
- Email phishing - Dumpster diving • Methods of influence
 - Whaling - Shoulder surfing - Authority
 - Spear phishing - Badge cloning - Scarcity
- Vishing • Impersonation - Social proof
- Short message service (SMS) phishing • Tools - Urgency
- Universal Serial Bus (USB) drop key - Browser exploitation - Likeness
- Watering hole attack framework (BeEF) - Fear
3.7 Given a scenario, perform post-exploitation techniques.

• Post-exploitation tools • Detection avoidance
- Empire - Living-off-the-land
- Mimikatz techniques/fileless malware
- BloodHound  - PsExec
• Lateral movement  - Windows Management
- Pass the hash Instrumentation (WMI)
• Network segmentation testing - PowerShell (PS) remoting/Windows
• Privilege escalation Remote Management (WinRM)
- Horizontal - Data exfiltration
- Vertical - Covering your tracks
• Upgrading a restrictive shell - Steganography
• Creating a foothold/persistence - Establishing a covert channel
- Trojan • Enumeration
- Backdoor - Users
 - Bind shell - Groups
 - Reverse shell - Forests
- Daemons - Sensitive data
- Scheduled tasks - Unencrypted files
4.0 Reporting and Communication
4.1 Compare and contrast important components of written reports.
• Report audience - Findings - Ongoing documentation during test
- C-suite - Risk rating (reference framework) - Screenshots
- Third-party stakeholders  - Risk prioritization • Common themes/root causes
- Technical staff  - Business impact analysis - Vulnerabilities
- Developers - Metrics and measures - Observations
• Report contents (** not - Remediation - Lack of best practices
in a particular order) - Conclusion
- Executive summary - Appendix
- Scope details • Storage time for report
- Methodology • Secure distribution
- Attack narrative • Note taking
4.2 Given a scenario, analyze the findings and recommend

the appropriate remediation within a report.
• Technical controls - Certificate management • Operational controls
- System hardening - Secrets management solution - Job rotation
- Sanitize user input/ - Network segmentation - Time-of-day restrictions
parameterize queries • Administrative controls - Mandatory vacations
- Implemented multifactor - Role-based access control - User training
authentication - Secure software • Physical controls
- Encrypt passwords development life cycle - Access control vestibule
- Process-level remediation - Minimum password requirements - Biometric controls
- Patch management - Policies and procedures - Video surveillance
- Key rotation
4.0 Reporting and Communication
4.3 Explain the importance of communication

during the penetration testing process.
• Communication path - Deconfliction
- Primary contact - Identifying false positives
- Technical contact - Criminal activity
- Emergency contact • Goal reprioritization
• Communication triggers • Presentation of findings
- Critical findings
- Status reports
- Indicators of prior compromise
• Reasons for communication
- Situational awareness
- De-escalation
4.4 Explain post-report delivery activities.

• Post-engagement cleanup • Attestation of findings
- Removing shells • Data destruction process
- Removing tester-created credentials
- Removing tools
• Client acceptance
• Lessons learned
• Follow-up actions/retest
5.0 Tools and Code Analysis
5.1 Explain the basic concepts of scripting and software development.
• Logic constructs - Dictionaries
- Loops - Comma-separated values (CSV)
- Conditionals - Lists
- Boolean operator - Trees
- String operator • Libraries
- Arithmetic operator • Classes
• Data structures • Procedures
- JavaScript Object Notation (JSON) • Functions
- Key value
- Arrays
5.2 Given a scenario, analyze a script or code

sample for use in a penetration test.
• Shells • Opportunities for automation
- Bash - Automate penetration testing process
- PS - Perform port scan and then
• Programming languages automate next
- Python steps based on results
- Ruby - Check configurations
- Perl and produce a report
- JavaScript - Scripting to modify IP addresses
• Analyze exploit code to: during a test
- Download files - Nmap scripting to enumerate
- Launch remote access ciphers and produce reports
- Enumerate users
- Enumerate assets
5.0 Tools and Code Analysis
5.3 Explain use cases of the following tools during

the phases of a penetration test.
(**The intent of this objective is NOT to test specific vendor feature sets.)
• Scanners - WHOIS - Ncat

- Nikto - Nslookup - Netcat
- Open vulnerability assessment - Fingerprinting Organization - ProxyChains
scanner (Open VAS) with Collected Archives (FOCA) • Networking tools
- SQLmap - theHarvester - Wireshark
- Nessus - Shodan - Hping
- Open Security Content - Maltego • Misc.
Automation Protocol (SCAP) - Recon-ng - SearchSploit
- Wapiti - Censys - Responder
- WPScan • Wireless - Impacket tools
- Brakeman - Aircrack-ng suite - Empire
- Scout Suite - Kismet - Metasploit
• Credential testing tools - Wifite2 - mitm6
- Hashcat - Rogue access point - CrackMapExec
- Medusa - EAPHammer - TruffleHog
- Hydra - mdk4 - Censys
- CeWL - Spooftooph • Steganography tools
- John the Ripper - Reaver - Openstego
- Cain - Wireless Geographic - Steghide
- Mimikatz Logging Engine (WiGLE) - Snow
- Patator - Fern - Coagula
- DirBuster • Web application tools - Sonic Visualiser
• Debuggers - OWASP ZAP - TinEye
- OllyDbg - Burp Suite • Cloud tools
- Immunity Debugger - Gobuster - Scout Suite
- GNU Debugger (GDB) - w3af - CloudBrute
- WinDbg • Social engineering tools - Pacu
- Interactive Disassembler (IDA) - Social Engineering Toolkit (SET) - Cloud Custodian
- Covenant - BeEF
- SearchSploit • Remote access tools
• OSINT - Secure Shell (SSH)
PenTest+ (PT0-002) Acronym List
The following is a list of acronyms that appear on the CompTIA PenTest+ exam.
Candidates are encouraged to review the complete list and attain a working
knowledge of all listed acronyms as part of a comprehensive exam
preparation program.
ACRONYM SPELLED OUT ACRONYM SPELLED OUT

AAA Authentication, Authorization and Accounting GDPR General Data Protection Regulation
ACL Access Control List GPU Graphics Processing Unit
AD Active Directory HTML HyperText Markup Language
AES Advanced Encryption Standard HTTP Hypertext Transfer Protocol
AP Access Point HTTPS Hypertext Transfer Protocol Secure
API Application Programming Interface IaaS Infrastructure as a Service
APK Android Package Kit IAM Identity and Access Management
APT Advanced Persistent Threat ICMP Internet Control Message Protocol
ARP Address Resolution Protocol ICS Industrial Control System
AS2 Applicability Statement 2 IDA Interactive Disassembler
BeEF Browser Exploitation Framework IDS Intrusion Detection System
BLE Bluetooth Low Energy IIoT Industrial Internet of Things
BSSID Basic Service Set Identifiers IMEIs International Mobile Equipment Identity
CA Certificate Authority IoT Internet of Things
CAPEC Common Attack Pattern IP Internet Protocol
Enumeration and Classification IPMI Intelligent Platform Management Interface
CI/CD Continuous Integration/Contious Delivery IPS Intrusion Prevention System
CLI Command-line Interface ISO International Organization for Standardization
CSRF Cross-Site Request Forgery ISP Internet Service Provider
CSV Comma-Separated Values ISSAF Information Systems Security
CVE Common Vulnerabilities and Exposures Assessment Framework
CVSS Common Vulnerability Scoring Systems JSON JavaScript Object Notation
CWE Common Weakness Enumeration LAN Local Area Network
DB Database LDAP Lightweight Directory Access Protocol
DDoS Distributed Denial-of-service LFI Local File Inclusion
DHCP Dynamic Host Configuration Protocol LLMNR Link-local Multicast Name Resolution
DLL Dynamic Link Library LSASS Local Security Authority Subsystem Service
DLP Data Loss Prevention MAC Media Access Control
DNS Domain Name System MDM Mobile Device Management
DNSSEC Domain Name System Security Extensions MFA Multifactor Authentication
DoS Denial-of-service MobSF Mobile Security Framework
EAP Extensible Authentication Protocol MOU Memorandum of Understanding
FOCA Fingerprinting Organization with MSA Master Service Agreement
Collected Archives MX Mail Exchange
FTP File Transfer Protocol NAC Network Access Control
FTPS File Transfer Protocol Secure NBT-NS NetBIOS Name Service
GDB GNU Debugger NDA Non-disclosure Agreement
ACRONYM SPELLED OUT ACRONYM SPELLED OUT
NFC Near-field Communication SQL Structured Query Language
NIST National Institute of Standards and Technology SQLi SQL Injection
NIST SP National Institute of Standards SSD Solid-state Drive
and Technology Special Publication SSH Secure Shell
NS Name Server SSHD Solid-state Hybrid Drive
NSE Nmap Scripting Engine SSID Service Set Identifier
NTLM New Technology LAN Manager SSL Secure Sockets Layer
NTP Network Time Protocol SSO Single Sign-on
OpenVAS Open Vulnerability Assessment System SSRF Server-side Request Forgery
OS Operating System SUID Set User ID
OSINT Open-source Intelligence TCP Transmission Control Protocol
OSSTMM Open-source Security Testing TKIP Temporal Key Integrity Protocol
Methodology Manual TLS Transport Layer Security
OWASP Open Web Application Security Project TTL Time to Live
PBKDF2 Password-based Key Deviation Function 2 TTPs Tactics, Techniques and Procedures
PCI DSS Payment Card Industry Data Security Standard UDP User Datagram Protocol
PDF Portable Document Format URL Uniform Resource Locator
PHP PHP: Hypertext Preprocessor URI Uniform Resource Identifier
PII Personal Identifiable Information USB Universal Serial Bus
PKI Public Key Infrastructure UTF Unicode Transformation Format
PLC Programmable Logic Controller VAS Vulnerability Assessment Scanner
PS PowerShell VLAN Virtual Local Area Network
PSK Pre-shared Key VM Virtual Machine
PTES Penetration Testing Execution Standard VoIP Voice over Internet Protocol
RAT Remote Access Trojan VPN Virtual Private Network
RCE Remote Code Execution VPS Virtual Private Server
RDP Remote Desktop Protocol WAF Web Application Firewall
REST Representational State Transfer WEP Wired Equivalent Privacy
RF Radio Frequency WiGLE Wireless Geographic Logging Engine
RFC Request for Comment WinRM Windows Remote Management
RFID Radio-Frequency Identification WMI Windows Management Instrumentation
ROE Rules of Engagement WPA Wi-Fi Protected Access
SCADA Supervisory Control and Data Acquisition WPS Wi-Fi Protected Setup
SCAP Security Content Automation Protocol XML Extensible Markup Language
SCP Secure Copy Protocol XML-RPC Extensible Markup Language-Remote
SDK Software Development Kit Procedure Call
SDLC Software Development Life Cycle XSS Cross-site Scripting
SDR Software-defined Radio ZAP Zed Attack Proxy
SET Social Engineering Toolkit
SFTP Secure File Transfer Protocol
SGID Set Group ID
SIEM Security Information and Event Management
SIP Session Initiation Protocol
SLA Service-level Agreement
SMB Server Message Block
S/MIME Secure/Multipurpose Internet Mail Extensions
SMS Short Message Service
SMTP Simple Mail Transfer Protocol
SNMP Simple Network Management Protocol
SOC Security Operations Center
SOW Statement of Work
SOX Sarbanes-Oxley
PenTest+ Proposed Hardware and Software List
CompTIA has included this sample list of hardware and software to assist
candidates as they prepare for the PenTest+ exam. This list may also be helpful for
training companies that wish to create a lab component to their training offering.
The bulleted lists below each topic are sample lists and are not exhaustive.
EQUIPMENT SPARE HARDWARE • Wireless testing tools

• Laptops • Cables • Web proxying tools
• Wireless access points • Keyboards • Social engineering tools
• Servers • Mouse • Remote access tools
• Graphics processing units (GPUs) • Power supplies • Network tools
• Switches • Dongles/adapters • Mobility testing tools
• Cabling • Security information and event
• Monitors SPARE PARTS management (SIEM)/intrusion
• Firewalls • HDMI cables detection system (IDS)/intrusion
• HID/door access controls • Spare hard drives prevention system (IPS)
• Wireless adapters capable • Spare monitors • Command and control tools
of packet injection • Detection and avoidance tools
• Directional antenna TOOLS
• Mobile device • Lock pick kit
• IoT equipment (cameras, • Badge cloner
Raspberry Pi, smart TV, etc.) • Fingerprint lifter
• Bluetooth adapter • Nail polish (to mask fingerprints)
• Access to cloud environment
- Command-line interface (CLI) access SOFTWARE
- Management console access • OS licensing
- Instances of cloud services • Open-source OS
• Multifunction printers (wired/ • Penetration testing frameworks
wireless enabled) • VM software
• Domain joined printer • Scanning tools
• RFID readers • Credential testing tools
• Biometric device - Spraying tools
• Programmable logic controller - Password crackers
- Software-defined radio (SDR) kit • Debuggers
• USB flash drives • Fuzzing tools
- Weaponized USB drive • Software assurance tools
© 2020 CompTIA, Inc., used under license by CompTIA, Inc. All rights reserved. All certification programs and education related to such programs are operated
exclusively by CompTIA, Inc. CompTIA is a registered trademark of CompTIA, Inc. in the U.S. and internationally. Other brands and company names mentioned
herein may be trademarks or service marks of CompTIA, Inc. or of their respective owners. Reproduction or dissemination prohibited without the written consent
of CompTIA, Inc. Printed in the U.S. 08301-Nov2020

Pentest (pt0 002)

Uploaded by

Copyright:

Available Formats

Pentest (pt0 002)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Pentest (pt0 002)

Uploaded by

Copyright:

Available Formats

CompTIA PenTest+

EXAM OBJECTIVES (DOMAINS)

DOMAIN PERCENTAGE OF EXAMINATION

1.0 Planning and Scoping 14%

1.2 Explain the importance of scoping and

1.3 Given a scenario, demonstrate an ethical hacking mindset

2.2 Given a scenario, perform active reconnaissance.

• Enumeration • Packet crafting • Wardriving

2.3 Given a scenario, analyze the results of a reconnaissance exercise.

2.4 Given a scenario, perform vulnerability scanning.

3.3 Given a scenario, research attack vectors and

3.4 Given a scenario, research attack vectors and

3.5 Explain common attacks and vulnerabilities

3.6 Given a scenario, perform a social engineering or physical attack.

3.7 Given a scenario, perform post-exploitation techniques.

4.2 Given a scenario, analyze the findings and recommend

4.3 Explain the importance of communication

4.4 Explain post-report delivery activities.

5.2 Given a scenario, analyze a script or code

5.3 Explain use cases of the following tools during

• Scanners - WHOIS - Ncat

ACRONYM SPELLED OUT ACRONYM SPELLED OUT

EQUIPMENT SPARE HARDWARE • Wireless testing tools

You might also like