02/12/2024, 07:56 4.1.

Notes [ ± 60 min ] | Eduvos

Eduvos (Pty) Ltd (formerly Pearson Institute of Higher Education) is registered with
the Department of Higher Education and Training as a private higher education
institution under the Higher Education Act, 101, of 1997. Registration Certificate
number: 2001/HE07/008.

Date: Monday, 2 December 2024, 7:56 AM

PenTest+ (Penetration Testing) (2024)

4.1. Notes [ ± 60 min ]

1. Learning outcomes

By the end of this lesson, you should be able to:

Define the rules of engagement, scope, budget, and other

details that need to be determined before a penetration test
starts.

Prescribed Reading
The Official CompTIA PenTest+ Instructor Guide
(Exam PT0-002), pp 121 - 166

Time Allocation:

2 Hours

https://mylms.vossie.net/mod/book/tool/print/index.php?id=498939 1/3
02/12/2024, 07:56 4.1. Notes [ ± 60 min ] | Eduvos

2. Topic 4A: Scan Identified Targets, Evaluate Network Traffic and

Uncover Wireless Assets

In the PenTest, the team will scan the network and look for
computers, servers, and applications. This will help them prepare
for the next phase of the assessment. In this section, we'll talk
about the different types of scans and how to look for web apps
that aren't safe. The team will look for flaws in the Local Area
Network during the PenTest process (LAN). The process can be
done by passively listening to the traffic to see what information
is being sent in plain text, or it can be done by actively scanning
the network to see what is going on. In this part, we'll look at how
we can look at network traffic with tools like Wireshark and
Nessus. By looking at the traffic, this will make sure that the
networks have been properly divided up to keep things like
assets and data stores safe. They might need to look at wireless
assets as they scan the network. Here, we'll talk about
wardriving, which is actively looking for open WiFi networks. We'll
also talk about how the Wireless Geographic Logging Engine
(WiGLE) can help in this process. Then, we'll look at how we can
boost the Wi-Fi signal to make it go a long way.

3. Topic 4B: Discover Nmap and NSE and Enumerate Network Hosts

When it comes to scanning networks, Nmap is the most popular

tool out there right now. Also, network administrators use it to
check the LAN. It's used in a lot of commercial and open-source
products to check for security flaws. In this section, we'll talk
about some of the most important features of Nmap, as well as
how to hide your location. We'll then show you how to use
Nmap's advanced scripting options, which will show you how
powerful it is as a full network search tool. The team will first
need to map the network to get a better sense of the hosts and
services that are running on the target environment. There are
many ways to scan the network to find interesting hosts. In this
section, we'll talk about some of them. We'll also learn how to

https://mylms.vossie.net/mod/book/tool/print/index.php?id=498939 2/3
02/12/2024, 07:56 4.1. Notes [ ± 60 min ] | Eduvos

find out the make and model of network devices, evidence of

listening services, and the operating systems that people are
running on them.

4. Topic 4C : Analyse Output from Scans

After the reconnaissance phase, the team will need to look at the
results of scans. Here, we'll look at what we can learn about
network traffic. When we compare Nmap, a Command Line
Interface (CLI) tool, and Zenmap, a Graphical User Interface
(GUI) tool, we can see how they work better. In addition, we'll
learn how information from DNS and web servers can give us a
better picture of the network we're trying to find.

https://mylms.vossie.net/mod/book/tool/print/index.php?id=498939 3/3