Читать книгу CompTIA PenTest+ Certification For Dummies - Glen E. Clarke - Страница 8

Introduction

The CompTIA PenTest+ certification is a fast-growing cybersecurity certification that security professionals attain to prove their security and penetration testing knowledge. The CompTIA PenTest+ certification is a well-recognized certification that not only tests your knowledge on the common tools used to perform a penetration test, but also it tests your knowledge on the process to follow when performing a penetration test.

About This Book

CompTIA PenTest+ Certification For Dummies is designed to be a hands-on, practical guide to help you pass the CompTIA PenTest+ certification exam. This book is written in a way that helps you understand complex technical content and prepares you to apply that knowledge to real-world scenarios.

I understand the value of a book that covers the points needed to pass the PenTest+ certification exam, but I also understand the value of ensuring that the information helps you perform IT-related tasks when you are on the job. That is what this book offers — key points to pass the exam combined with practical information to help you in the real world, which means that this book can be used in more than one way:

 As an exam preparation tool: Because my goal is to help you pass the PenTest+ exam, this book is packed with exam-specific information. You should understand everything that is in this book before taking the PenTest+ exam, but to help identify key points that you must know, look for icons called For the Exam to help you prepare.

 As a reference: Rely on my extensive experience in the IT industry not only to study for (and pass) the PenTest+ exam but also to help you perform common pentest-related tasks on the job.

I hope you find this book a useful tool that you can refer to time and time again in your career.

Conventions Used in This Book

Each chapter in this book has different elements that help you prepare to pass the PenTest+ exam. Each chapter includes the following features:

 Icons: Look for the icons used in each chapter to draw your attention to information needed for the PenTest+ exam or in the real world. For more details on the icons I use, check out the section, “Icons Used in This Book” later in this introduction.

 Reviewing Key Concepts: Found at the end of each chapter, the “Reviewing Key Concepts” summary covers key points you should remember for the exam.

 Prep Test: Following each chapter’s “Reviewing Key Concepts” section, you will find example questions to help you review the chapter content in preparation for the PenTest+ certification exam. Be sure to do the review questions with each chapter! Then, after you complete the book, check out the practice exam that accompanies this book on the www.dummies.com website. This practice exam is designed to function like the real exam, with the same level of difficulty. (See the section, “Beyond the Book” later in this Introduction for more information about how to access the online practice exam.)

Foolish Assumptions

I make a few assumptions about you as a reader and have written this book with these assumptions in mind:

 You are interested in obtaining the PenTest+ certification. After all, the focus of this book is helping you pass the exam.

 You have a computer to work on. To perform the lab exercises in this book, you need a computer with virtualization software to run multiple virtual machines. I recommend using virtualization software such as Hyper-V or VMWare Player to run Kali Linux, Metasploitable2, a Windows Server, and a Windows client.

 You will study hard and do as much hands-on work as possible. There is a lot of content covered by the PenTest+ certification exam, and you should read over the information in this book a few times to ensure you understand everything. You should also experiment as much as possible after you read about a particular topic. For example, after you read about running a vulnerability scan, you should try it. There are lab exercises to help you with this as well.

How This Book Is Organized

Like all For Dummies books, chapters are organized into parts. The chapters in each part are related by a specific theme or topic. For example, Part 1: Planning and Information Gathering, contains all the information you need to know in the initial stages of a penetration test.

Pre-assessment

Before you dive into the book, you'll find a set of pre-assessment questions to test your initial knowledge of the areas covered by the CompTIA PenTest+ certification exam. Take time to review each question to see where you stand, and then verify your work with the answers that follow. Use the chapter reference given to learn more about the topic related to the question.

Part 1: Planning and Information Gathering

In this part, you discover what the PenTest+ certification is all about and what you will be tested on when taking the CompTIA PenTest+ certification exam. You also learn about how to plan and scope the penetration test and the tools used to perform information gathering and vulnerability identification.

Part 2: Exploiting Systems

In Part 2, you learn about how exploits are performed on systems to gain access to those systems. You learn about exploiting systems, wireless networks, and how to exploit common weaknesses in applications.

Part 3: Post-Exploitation and Reporting

Part 3 discusses common post-exploitation actions you can take after exploiting a system and gaining access to that system. Part 3 also discusses scripting languages and how to create a penetration testing report.

Appendixes

Three appendixes provide helpful information about the PenTest+ exam and useful information to help you create a hands-on lab environment to help with your studies. Appendix A introduces you to the exam and gives you a good idea of what you can expect when you go to take the exam. Appendix B includes an exam objective mapping table that lets you know where in the book each of the exam objectives are covered. This is very useful when you are preparing for the CompTIA PenTest+ certification exam to ensure you know each point in the objectives. Appendix C contains a list of the virtual machines (VMs) I use to create the lab exercises and contains useful information to help you build a matching lab environment to practice your penetration testing skills!

Practice exam

After you have read through the book multiple times, performed the lab exercises a few times, and completed the end of chapter review questions, you should then take the practice exam available for this book on www.dummies.com. The practice exam gives you the opportunity to experience the feel of a live exam to help you prepare for the Actual works exam. The practice exam also contains sample performance-based questions, which are interactive questions you will find on the real exam. See the section, “Beyond the Book” later in this introduction for more information about how to access the online practice exam.

Icons Used in This Book

I use a number of icons in this book to draw your attention to pieces of useful information.

This icon gives you a heads-up on information you should absolutely know for the PenTest+ certification exam.

Information that would be helpful to you in the real world is indicated with a Tip icon. Expect to find shortcuts and timesavers here.

This icon is used to flag information that may be useful to remember on the job.

Information that could cause problems to you or to the computer is indicated with a Warning icon. If you see a Warning icon, make sure you read it. The computer you save may be your own.

Beyond the Book

In addition to what you’re reading right now, this book comes with a free access-anywhere Cheat Sheet that includes tips to help you prepare for the PenTest+ certification exam. To get this Cheat Sheet, simply go to www.dummies.com and type CompTIA PenTest+ Certification For Dummies Cheat Sheet in the Search box.

You also get access to practice exam questions. To gain access to the online practice exam, all you have to do is register. Just follow these simple steps:

1 Register your book or ebook at Dummies.com to get your PIN. Go to www.dummies.com/go/getaccess.

2 Select your product from the drop-down list on that page.

3 Follow the prompts to validate your product, and then check your email for a confirmation message that includes your PIN and instructions for logging in.

If you do not receive this email within two hours, please check your spam folder before contacting us through our Technical Support website at https://support.wiley.com or by phone at 877-762-2974.

Now you’re ready to go! You can come back to the practice material as often as you want — simply log on with the username and password you created during your initial login. No need to enter the access code a second time.

Your registration is good for one year from the day you activate your PIN.

Where to Go from Here

The CompTIA PenTest+ certification is one of the most popular security certifications for individuals new to ethical hacking and penetration testing. After you pass the CompTIA PenTest+ certification exam, you might want to continue your certification path by studying for the following certifications from CompTIA:

 Security+: If you haven’t completed CompTIA’s Security+ certification, this could be the next step. Most candidates complete Security+ before doing PenTest+, but if you haven’t, there is no problem going back to do it. Security+ covers IT security topics that help you secure company assets.

 CySA+: The CySA+ certification is a vendor-neutral certification that ensures the candidate knows how to respond to security incidents by covering security analytics, intrusion detection, and incident response.

 CASP+: The final security certification in the CompTIA security track is the CASP+ certification, which covers advanced technical IT security topics.