Comptia Pentest pt0 002 Exam Objectives (8 0)

Download as pdf or txt
Download as pdf or txt
You are on page 1of 17

CompTIA PenTest+

Certification
Exam Objectives
EXAM NUMBER: PT0-002
About the Exam
Candidates are encouraged to use this document to help prepare for the CompTIA
PenTest+ (PT0-002) certification exam. The CompTIA PenTest+ certification exam will
verify the successful candidate has the knowledge and skills required to:
• Plan and scope a penetration testing engagement
• Understand legal and compliance requirements
• Perform vulnerability scanning and penetration testing using appropriate
tools and techniques, and then analyze the results
• Produce a written report containing proposed remediation techniques, effectively
communicate results to the management team, and provide practical recommendations
This is equivalent to three to four years of hands-on experience working
in a security consultant or penetration tester job role.
These content examples are meant to clarify the test objectives and should not be
construed as a comprehensive listing of all the content of this examination.
EXAM ACCREDITATION
The CompTIA PenTest+ (PT0-002) exam is accredited by ANSI to show compliance with the ISO 17024
standard and, as such, undergoes regular reviews and updates to the exam objectives.
EXAM DEVELOPMENT
CompTIA exams result from subject-matter expert workshops and industry-wide survey
results regarding the skills and knowledge required of an IT professional.
CompTIA AUTHORIZED MATERIALS USE POLICY
CompTIA Certifications, LLC is not affiliated with and does not authorize, endorse, or condone utilizing any
content provided by unauthorized third-party training sites (aka “brain dumps”). Individuals who utilize
such materials in preparation for any CompTIA examination will have their certifications revoked and be
suspended from future testing in accordance with the CompTIA Candidate Agreement. In an effort to more
clearly communicate CompTIA’s exam policies on use of unauthorized study materials, CompTIA directs
all certification candidates to the CompTIA Certification Exam Policies. Please review all CompTIA policies
before beginning the study process for any CompTIA exam. Candidates will be required to abide by the
CompTIA Candidate Agreement. If a candidate has a question as to whether study materials are considered
unauthorized (aka “brain dumps”), they should contact CompTIA at [email protected] to confirm.

PLEASE NOTE
The lists of examples provided in bulleted format are not exhaustive lists. Other examples of
technologies, processes, or tasks pertaining to each objective may also be included on the exam
although not listed or covered in this objectives document. CompTIA is constantly reviewing the
content of our exams and updating test questions to be sure our exams are current, and the security
of the questions is protected. When necessary, we will publish updated exams based on existing
exam objectives. Please know that all related exam preparation materials will still be valid.

CompTIA PenTest+ Certification Exam Objectives Version 8.0 (Exam Number: PT0-002)
Copyright © 2020 CompTIA, Inc. All rights reserved.
TEST DETAILS
Required exam PT0-002
Number of questions Maximum of 85
Types of questions Multiple-choice and performance-based
Length of test 165 minutes
Recommended experience 3–4 years of hands-on experience performing
penetration tests, vulnerability assessments,
and code analysis
Passing score 750 (on a scale of 100-900)

EXAM OBJECTIVES (DOMAINS)


The table below lists the domains measured by this examination
and the extent to which they are represented.

DOMAIN PERCENTAGE OF EXAMINATION

1.0 Planning and Scoping 14%


2.0 Information Gathering and Vulnerability Scanning 22%
3.0 Attacks and Exploits 30%
4.0 Reporting and Communication 18%
5.0 Tools and Code Analysis 16%

Total 100%

CompTIA PenTest+ Certification Exam Objectives Version 8.0 (Exam Number: PT0-002)
Copyright © 2020 CompTIA, Inc. All rights reserved.
1.0 Planning and Scoping
1.1 Compare and contrast governance, risk, and compliance concepts.
• Regulatory compliance considerations - Tool restrictions - Statement of work
- Payment Card Industry Data - Local laws - Non-disclosure agreement (NDA)
Security Standard (PCI DSS) - Local government requirements - Master service agreement
- General Data Protection - Privacy requirements • Permission to attack
Regulation (GDPR) • Legal concepts
• Location restrictions - Service-level agreement (SLA)
- Country limitations - Confidentiality

1.2 Explain the importance of scoping and


organizational/customer requirements.
• Standards and methodologies • Rules of engagement - Application programming
- MITRE ATT&CK - Time of day interfaces (APIs)
- Open Web Application - Types of allowed/disallowed tests - Physical locations
Security Project (OWASP) - Other restrictions - Domain name system (DNS)
- National Institute of Standards • Environmental considerations - External vs. internal targets
and Technology (NIST) - Network - First-party vs. third-party hosted
- Open-source Security Testing - Application • Validate scope of engagement
Methodology Manual (OSSTMM) - Cloud - Question the client/review contracts
- Penetration Testing • Target list/in-scope assets - Time management
Execution Standard (PTES) - Wireless networks - Strategy
- Information Systems Security - Internet Protocol (IP) ranges - Unknown-environment vs.
Assessment Framework (ISSAF) - Domains known-environment testing

1.3 Given a scenario, demonstrate an ethical hacking mindset


by maintaining professionalism and integrity.
• Background checks of • Limit the use of tools to a • Risks to the professional
penetration testing team particular engagement - Fees/fines
• Adhere to specific scope of engagement • Limit invasiveness based on scope - Criminal charges
• Identify criminal activity • Maintain confidentiality
• Immediately report breaches/ of data/information
criminal activity

CompTIA PenTest+ Certification Exam Objectives Version 8.0 (Exam Number: PT0-002)
Copyright © 2020 CompTIA, Inc. All rights reserved.
2.0 Information Gathering
and Vulnerability Scanning
2.1 Given a scenario, perform passive reconnaissance.
• DNS lookups • Company reputation/security posture • Open-source intelligence (OSINT)
• Identify technical contacts • Data - Tools
• Administrator contacts - Password dumps - Shodan
• Cloud vs. self-hosted - File metadata - Recon-ng
• Social media scraping - Strategic search engine - Sources
- Key contacts/job responsibilities analysis/enumeration - Common weakness
- Job listing/technology stack - Website archive/caching enumeration (CWE)
• Cryptographic flaws - Public source-code repositories - Common vulnerabilities
- Secure Sockets Layer (SSL) certificates and exposures (CVE)
- Revocation

2.2 Given a scenario, perform active reconnaissance.

• Enumeration • Packet crafting • Wardriving


- Hosts - Scapy • Network traffic
- Services • Defense detection - Capture API requests and responses
- Domains - Load balancer detection - Sniffing
- Users - Web application firewall • Cloud asset discovery
- Uniform resource locators (URLs) (WAF) detection • Third-party hosted services
• Website reconnaissance - Antivirus • Detection avoidance
- Crawling websites - Firewall
- Scraping websites • Tokens
- Manual inspection of web links - Scoping
- robots.txt - Issuing
- Revocation

CompTIA PenTest+ Certification Exam Objectives Version 8.0 (Exam Number: PT0-002)
Copyright © 2020 CompTIA, Inc. All rights reserved.
2.0 Information Gathering and Vulnerability Scanning

2.3 Given a scenario, analyze the results of a reconnaissance exercise.


• Fingerprinting - Network traffic
- Operating systems (OSs) - Address Resolution
- Networks Protocol (ARP) traffic
- Network devices - Nmap scans
- Software - Web logs
• Analyze output from:
- DNS lookups
- Crawling websites

2.4 Given a scenario, perform vulnerability scanning.


• Considerations of vulnerability scanning • Nmap
- Time to run scans - Nmap Scripting Engine (NSE) scripts
- Protocols - Common options
- Network topology  -A
- Bandwidth limitations  -sV
- Query throttling  -sT
- Fragile systems  -Pn
- Non-traditional assets  -O
• Scan identified targets for vulnerabilities  -sU
• Set scan settings to avoid detection  -sS
• Scanning methods  -T 1-5
- Stealth scan  -script=vuln
- Transmission Control  -p
Protocol (TCP) connect scan • Vulnerability testing tools
- Credentialed vs. non-credentialed that facilitate automation

CompTIA PenTest+ Certification Exam Objectives Version 8.0 (Exam Number: PT0-002)
Copyright © 2020 CompTIA, Inc. All rights reserved.
3.0 Attacks and Exploits
3.1 Given a scenario, research attack vectors and perform network attacks.
• Stress testing for availability - DNS cache poisoning
• Exploit resources - Virtual local area network
- Exploit database (DB) (VLAN) hopping
- Packet storm - Network access control (NAC) bypass
• Attacks - Media access control (MAC) spoofing
- ARP poisoning - Link-Local Multicast Name
- Exploit chaining Resolution (LLMNR)/NetBIOS-
- Password attacks Name Service (NBT-NS) poisoning
- Password spraying - New Technology LAN Manager
- Hash cracking (NTLM) relay attacks
- Brute force • Tools
- Dictionary - Metasploit
- On-path (previously known - Netcat
as man-in-the-middle) - Nmap
- Kerberoasting

3.2 Given a scenario, research attack vectors and perform wireless attacks.
• Attack methods - Captive portal
- Eavesdropping - Bluejacking
- Data modification - Bluesnarfing
- Data corruption - Radio-frequency identification
- Relay attacks (RFID) cloning
- Spoofing - Bluetooth Low Energy (BLE) attack
- Deauthentication - Amplification attacks [Near-
- Jamming field communication (NFC)]
- Capture handshakes - WiFi protected setup (WPS) PIN attack
- On-path • Tools
• Attacks - Aircrack-ng suite
- Evil twin - Amplified antenna

CompTIA PenTest+ Certification Exam Objectives Version 8.0 (Exam Number: PT0-002)
Copyright © 2020 CompTIA, Inc. All rights reserved.
3.0 Attacks and Exploits

3.3 Given a scenario, research attack vectors and


perform application-based attacks.
• OWASP Top 10 • Application vulnerabilities • Directory traversal
• Server-side request forgery - Race conditions • Tools
• Business logic flaws - Lack of error handling - Web proxies
• Injection attacks - Lack of code signing - OWASP Zed Attack Proxy (ZAP)
- Structured Query Language - Insecure data transmission - Burp Suite community edition
(SQL) injection - Session attacks - SQLmap
- Blind SQL - Session hijacking - DirBuster
- Boolean SQL - Cross-site request forgery (CSRF) • Resources
- Stacked queries - Privilege escalation - Word lists
- Command injection - Session replay
- Cross-site scripting - Session fixation
- Persistent • API attacks
- Reflected - Restful
- Lightweight Directory Access - Extensible Markup Language-
Protocol (LDAP) injection Remote Procedure Call (XML-RPC)
- Soap

3.4 Given a scenario, research attack vectors and


perform attacks on cloud technologies.
• Attacks • Tools
- Credential harvesting - Software development kit (SDK)
- Privilege escalation
- Account takeover
- Metadata service attack
- Misconfigured cloud assets
- Identity and access
management (IAM)
- Federation misconfigurations
- Object storage
- Containerization technologies
- Resource exhaustion
- Cloud malware injection attacks
- Denial-of-service attacks
- Side-channel attacks
- Direct-to-origin attacks

CompTIA PenTest+ Certification Exam Objectives Version 8.0 (Exam Number: PT0-002)
Copyright © 2020 CompTIA, Inc. All rights reserved.
3.0 Attacks and Exploits

3.5 Explain common attacks and vulnerabilities


against specialized systems.
• Mobile  - Objection - Network exposure
- Attacks  - Android SDK tools - Lack of user input sanitization
- Reverse engineering  - ApkX - Underlying software vulnerabilities
- Sandbox analysis  - APK Studio - Error messages and debug handling
- Spamming • Internet of Things (IoT) devices - Injection vulnerabilities
- Vulnerabilities - BLE attacks  - Single quote method
- Insecure storage - Special considerations • Management interface vulnerabilities
- Passcode vulnerabilities  - Fragile environment - Intelligent platform
- Certificate pinning  - Availability concerns management interface (IPMI)
- Using known  - Data corruption • Vulnerabilities related to supervisory
vulnerable components  - Data exfiltration control and data acquisition (SCADA)/
(i) Dependency vulnerabilities - Vulnerabilities Industrial Internet of Things (IIoT)/
(ii) Patching fragmentation  - Insecure defaults industrial control system (ICS)
- Execution of activities using root  - Cleartext communication • Vulnerabilities related to
- Over-reach of permissions  - Hard-coded configurations virtual environments
- Biometrics integrations  - Outdated firmware/hardware - Virtual machine (VM) escape
- Business logic vulnerabilities  - Data leakage - Hypervisor vulnerabilities
- Tools  - Use of insecure or - VM repository vulnerabilities
- Burp Suite outdated components • Vulnerabilities related to
- Drozer • Data storage system vulnerabilities containerized workloads
- Mobile Security Framework (MobSF) - Misconfigurations—on-premises
- Postman and cloud-based
- Ettercap - Default/blank
- Frida username/password

3.6 Given a scenario, perform a social engineering or physical attack.


• Pretext for an approach • Physical attacks - Social engineering toolkit
• Social engineering attacks - Tailgating - Call spoofing tools
- Email phishing - Dumpster diving • Methods of influence
 - Whaling - Shoulder surfing - Authority
 - Spear phishing - Badge cloning - Scarcity
- Vishing • Impersonation - Social proof
- Short message service (SMS) phishing • Tools - Urgency
- Universal Serial Bus (USB) drop key - Browser exploitation - Likeness
- Watering hole attack framework (BeEF) - Fear

CompTIA PenTest+ Certification Exam Objectives Version 8.0 (Exam Number: PT0-002)
Copyright © 2020 CompTIA, Inc. All rights reserved.
3.0 Attacks and Exploits

3.7 Given a scenario, perform post-exploitation techniques.


• Post-exploitation tools • Detection avoidance
- Empire - Living-off-the-land
- Mimikatz techniques/fileless malware
- BloodHound  - PsExec
• Lateral movement  - Windows Management
- Pass the hash Instrumentation (WMI)
• Network segmentation testing - PowerShell (PS) remoting/Windows
• Privilege escalation Remote Management (WinRM)
- Horizontal - Data exfiltration
- Vertical - Covering your tracks
• Upgrading a restrictive shell - Steganography
• Creating a foothold/persistence - Establishing a covert channel
- Trojan • Enumeration
- Backdoor - Users
 - Bind shell - Groups
 - Reverse shell - Forests
- Daemons - Sensitive data
- Scheduled tasks - Unencrypted files

CompTIA PenTest+ Certification Exam Objectives Version 8.0 (Exam Number: PT0-002)
Copyright © 2020 CompTIA, Inc. All rights reserved.
4.0 Reporting and Communication
4.1 Compare and contrast important components of written reports.
• Report audience - Findings - Ongoing documentation during test
- C-suite - Risk rating (reference framework) - Screenshots
- Third-party stakeholders  - Risk prioritization • Common themes/root causes
- Technical staff  - Business impact analysis - Vulnerabilities
- Developers - Metrics and measures - Observations
• Report contents (** not - Remediation - Lack of best practices
in a particular order) - Conclusion
- Executive summary - Appendix
- Scope details • Storage time for report
- Methodology • Secure distribution
- Attack narrative • Note taking

4.2 Given a scenario, analyze the findings and recommend


the appropriate remediation within a report.
• Technical controls - Certificate management • Operational controls
- System hardening - Secrets management solution - Job rotation
- Sanitize user input/ - Network segmentation - Time-of-day restrictions
parameterize queries • Administrative controls - Mandatory vacations
- Implemented multifactor - Role-based access control - User training
authentication - Secure software • Physical controls
- Encrypt passwords development life cycle - Access control vestibule
- Process-level remediation - Minimum password requirements - Biometric controls
- Patch management - Policies and procedures - Video surveillance
- Key rotation

CompTIA PenTest+ Certification Exam Objectives Version 8.0 (Exam Number: PT0-002)
Copyright © 2020 CompTIA, Inc. All rights reserved.
4.0 Reporting and Communication

4.3 Explain the importance of communication


during the penetration testing process.
• Communication path - Deconfliction
- Primary contact - Identifying false positives
- Technical contact - Criminal activity
- Emergency contact • Goal reprioritization
• Communication triggers • Presentation of findings
- Critical findings
- Status reports
- Indicators of prior compromise
• Reasons for communication
- Situational awareness
- De-escalation

4.4 Explain post-report delivery activities.


• Post-engagement cleanup • Attestation of findings
- Removing shells • Data destruction process
- Removing tester-created credentials
- Removing tools
• Client acceptance
• Lessons learned
• Follow-up actions/retest

CompTIA PenTest+ Certification Exam Objectives Version 8.0 (Exam Number: PT0-002)
Copyright © 2020 CompTIA, Inc. All rights reserved.
5.0 Tools and Code Analysis
5.1 Explain the basic concepts of scripting and software development.
• Logic constructs - Dictionaries
- Loops - Comma-separated values (CSV)
- Conditionals - Lists
- Boolean operator - Trees
- String operator • Libraries
- Arithmetic operator • Classes
• Data structures • Procedures
- JavaScript Object Notation (JSON) • Functions
- Key value
- Arrays

5.2 Given a scenario, analyze a script or code


sample for use in a penetration test.
• Shells • Opportunities for automation
- Bash - Automate penetration testing process
- PS - Perform port scan and then
• Programming languages automate next
- Python steps based on results
- Ruby - Check configurations
- Perl and produce a report
- JavaScript - Scripting to modify IP addresses
• Analyze exploit code to: during a test
- Download files - Nmap scripting to enumerate
- Launch remote access ciphers and produce reports
- Enumerate users
- Enumerate assets

CompTIA PenTest+ Certification Exam Objectives Version 8.0 (Exam Number: PT0-002)
Copyright © 2020 CompTIA, Inc. All rights reserved.
5.0 Tools and Code Analysis

5.3 Explain use cases of the following tools during


the phases of a penetration test.
(**The intent of this objective is NOT to test specific vendor feature sets.)

• Scanners - WHOIS - Ncat


- Nikto - Nslookup - Netcat
- Open vulnerability assessment - Fingerprinting Organization - ProxyChains
scanner (Open VAS) with Collected Archives (FOCA) • Networking tools
- SQLmap - theHarvester - Wireshark
- Nessus - Shodan - Hping
- Open Security Content - Maltego • Misc.
Automation Protocol (SCAP) - Recon-ng - SearchSploit
- Wapiti - Censys - Responder
- WPScan • Wireless - Impacket tools
- Brakeman - Aircrack-ng suite - Empire
- Scout Suite - Kismet - Metasploit
• Credential testing tools - Wifite2 - mitm6
- Hashcat - Rogue access point - CrackMapExec
- Medusa - EAPHammer - TruffleHog
- Hydra - mdk4 - Censys
- CeWL - Spooftooph • Steganography tools
- John the Ripper - Reaver - Openstego
- Cain - Wireless Geographic - Steghide
- Mimikatz Logging Engine (WiGLE) - Snow
- Patator - Fern - Coagula
- DirBuster • Web application tools - Sonic Visualiser
• Debuggers - OWASP ZAP - TinEye
- OllyDbg - Burp Suite • Cloud tools
- Immunity Debugger - Gobuster - Scout Suite
- GNU Debugger (GDB) - w3af - CloudBrute
- WinDbg • Social engineering tools - Pacu
- Interactive Disassembler (IDA) - Social Engineering Toolkit (SET) - Cloud Custodian
- Covenant - BeEF
- SearchSploit • Remote access tools
• OSINT - Secure Shell (SSH)

CompTIA PenTest+ Certification Exam Objectives Version 8.0 (Exam Number: PT0-002)
Copyright © 2020 CompTIA, Inc. All rights reserved.
PenTest+ (PT0-002) Acronym List

The following is a list of acronyms that appear on the CompTIA PenTest+ exam.
Candidates are encouraged to review the complete list and attain a working
knowledge of all listed acronyms as part of a comprehensive exam
preparation program.

ACRONYM SPELLED OUT ACRONYM SPELLED OUT


AAA Authentication, Authorization and Accounting GDPR General Data Protection Regulation
ACL Access Control List GPU Graphics Processing Unit
AD Active Directory HTML HyperText Markup Language
AES Advanced Encryption Standard HTTP Hypertext Transfer Protocol
AP Access Point HTTPS Hypertext Transfer Protocol Secure
API Application Programming Interface IaaS Infrastructure as a Service
APK Android Package Kit IAM Identity and Access Management
APT Advanced Persistent Threat ICMP Internet Control Message Protocol
ARP Address Resolution Protocol ICS Industrial Control System
AS2 Applicability Statement 2 IDA Interactive Disassembler
BeEF Browser Exploitation Framework IDS Intrusion Detection System
BLE Bluetooth Low Energy IIoT Industrial Internet of Things
BSSID Basic Service Set Identifiers IMEIs International Mobile Equipment Identity
CA Certificate Authority IoT Internet of Things
CAPEC Common Attack Pattern IP Internet Protocol
Enumeration and Classification IPMI Intelligent Platform Management Interface
CI/CD Continuous Integration/Contious Delivery IPS Intrusion Prevention System
CLI Command-Line Interface ISO International Organization for Standardization
CSRF Cross-Site Request Forgery ISP Internet Service Provider
CSV Comma-Separated Values ISSAF Information Systems Security
CVE Common Vulnerabilities and Exposures Assessment Framework
CVSS Common Vulnerability Scoring Systems JSON JavaScript Object Notation
CWE Common Weakness Enumeration LAN Local Area Network
DB Database LDAP Lightweight Directory Access Protocol
DDoS Distributed Denial-of-Service LLMNR Link-Local Multicast Name Resolution
DHCP Dynamic Host Configuration Protocol LSASS Local Security Authority Subsystem Service
DLL Dynamic Link Library MAC Media Access Control
DLP Data Loss Prevention MDM Mobile Device Management
DNS Domain Name System MobSF Mobile Security Framework
DNSSEC Domain Name System Security Extensions MOU Memorandum of Understanding
DoS Denial of Service MSA Master Service Agreement
EAP Extensible Authentication Protocol MX Mail Exchange
FOCA Fingerprinting Organization with NAC Network Access Control
Collected Archives NBT-NS NetBIOS Name Service
FTP File Transfer Protocol NDA Non-disclosure Agreement
FTPS File Transfer Protocol Secure NFC Near-Field Communication
GDB GNU Debugger NIST National Institute of Standards and Technology

CompTIA PenTest+ Certification Exam Objectives Version 8.0 (Exam Number: PT0-002)
Copyright © 2020 CompTIA, Inc. All rights reserved.
ACRONYM SPELLED OUT ACRONYM SPELLED OUT
NIST SP National Institute of Standards SSHD Solid-State Hybrid Drive
and Technology Special Publication SSID Service Set Identifier
NS Name Server SSL Secure Sockets Layer
NSE Nmap Scripting Engine SSO Single Sign-On
NTLM New Technology LAN Manager SUID Set User ID
NTP Network Time Protocol TCP Transmission Control Protocol
OpenVAS Open Vulnerability Assessment System TKIP Temporal Key Integrity Protocol
OS Operating System TLS Transport Layer Security
OSINT Open-source Intelligence TTL Time to Live
OSSTMM Open-source Security Testing TTPs Tactics, Techniques and Procedures
Methodology Manual UDP User Datagram Protocol
OWASP Open Web Application Security Project URL Uniform Resource Locator
PBKDF2 Password-Based Key Deviation Function 2 URI Uniform Resource Identifier
PCI DSS Payment Card Industry Data Security Standard USB Universal Serial Bus
PDF Portable Document Format UTF Unicode Transformation Format
PHP PHP: Hypertext Preprocessor VAS Vulnerability Assessment Scanner
PII Personal Identifiable Information VLAN Virtual Local Area Network
PKI Public Key Infrastructure VM Virtual Machine
PLC Programmable Logic Controller VoIP Voice over Internet Protocol
PS PowerShell VPN Virtual Private Network
PSK Pre-Shared Key VPS Virtual Private Server
PTES Penetration Testing Execution Standard WAF Web Application Firewall
RAT Remote Access Trojan WEP Wired Equivalent Privacy
RCE Remote Code Execution WiGLE Wireless Geographic Logging Engine
RDP Remote Desktop Protocol WinRM Windows Remote Management
REST Representational State Transfer WMI Windows Management Instrumentation
RF Radio Frequency WPA Wi-Fi Protected Access
RFC Request for Comment WPS Wi-Fi Protected Setup
RFID Radio-Frequency Identification XML Extensible Markup Language
ROE Rules of Engagement XML-RPC Extensible Markup Language-Remote
SCADA Supervisory Control and Data Acquisition Procedure Call
SCAP Security Content Automation Protocol XSS Cross-Site Scripting
SCP Secure Copy Protocol ZAP Zed Attack Proxy
SDK Software Development Kit
SDLC Software Development Life Cycle
SDR Software-defined Radio
SET Social Engineering Toolkit
SGID Set Group ID
SIEM Security Information and Event Management
SIP Session Initiation Protocol
SLA Service-level Agreement
SMB Server Message Block
S/MIME Secure/Multipurpose Internet Mail Extensions
SMS Short Message Service
SMTP Simple Mail Transfer Protocol
SNMP Simple Network Management Protocol
SOC Security Operations Center
SOW Statement of Work
SOX Sarbanes-Oxley
SQL Structured Query Language
SSD Solid-State Drive
SSH Secure Shell

CompTIA PenTest+ Certification Exam Objectives Version 8.0 (Exam Number: PT0-002)
Copyright © 2020 CompTIA, Inc. All rights reserved.
PenTest+ Proposed Hardware and Software List
CompTIA has included this sample list of hardware and software to assist
candidates as they prepare for the PenTest+ exam. This list may also be helpful for
training companies that wish to create a lab component to their training offering.
The bulleted lists below each topic are sample lists and are not exhaustive.

EQUIPMENT SPARE HARDWARE • Wireless testing tools


• Laptops • Cables • Web proxying tools
• Wireless access points • Keyboards • Social engineering tools
• Servers • Mouse • Remote access tools
• Graphics processing units (GPUs) • Power supplies • Network tools
• Switches • Dongles/adapters • Mobility testing tools
• Cabling • Security information and event
• Monitors SPARE PARTS management (SIEM)/intrusion
• Firewalls • HDMI cables detection system (IDS)/intrusion
• HID/door access controls • Spare hard drives prevention system (IPS)
• Wireless adapters capable • Spare monitors • Command and control tools
of packet injection • Detection and avoidance tools
• Directional antenna TOOLS
• Mobile device • Lock pick kit
• IoT equipment (cameras, • Badge cloner
Raspberry Pi, smart TV, etc.) • Fingerprint lifter
• Bluetooth adapter • Nail polish (to mask fingerprints)
• Access to cloud environment
- Command-line interface (CLI) access SOFTWARE
- Management console access • OS licensing
- Instances of cloud services • Open-source OS
• Multifunction printers (wired/ • Penetration testing frameworks
wireless enabled) • VM software
• Domain joined printer • Scanning tools
• RFID readers • Credential testing tools
• Biometric device - Spraying tools
• Programmable logic controller - Password crackers
- Software-defined radio (SDR) kit • Debuggers
• USB flash drives • Fuzzing tools
- Weaponized USB drive • Software assurance tools

© 2020 CompTIA, Inc., used under license by CompTIA, Inc. All rights reserved. All certification programs and education related to such programs are operated
exclusively by CompTIA, Inc. CompTIA is a registered trademark of CompTIA, Inc. in the U.S. and internationally. Other brands and company names mentioned
herein may be trademarks or service marks of CompTIA, Inc. or of their respective owners. Reproduction or dissemination prohibited without the written consent
of CompTIA, Inc. Printed in the U.S. 08301-Nov2020

You might also like