certification is a fast-growing cybersecurity certification that security professionals attain to prove their security and penetration testing knowledge. The CompTIA PenTest+ certification is a well-recognized certification that not only tests your knowledge on the common tools used to perform a penetration test, but also it tests your knowledge on the process to follow when performing a penetration test.
About This Book
CompTIA PenTest+ Certification For Dummies is designed to be a hands-on, practical guide to help you pass the CompTIA PenTest+ certification exam. This book is written in a way that helps you understand complex technical content and prepares you to apply that knowledge to real-world scenarios.
I understand the value of a book that covers the points needed to pass the PenTest+ certification exam, but I also understand the value of ensuring that the information helps you perform IT-related tasks when you are on the job. That is what this book offers — key points to pass the exam combined with practical information to help you in the real world, which means that this book can be used in more than one way:
As an exam preparation tool: Because my goal is to help you pass the PenTest+ exam, this book is packed with exam-specific information. You should understand everything that is in this book before taking the PenTest+ exam, but to help identify key points that you must know, look for icons called For the Exam to help you prepare.
As a reference: Rely on my extensive experience in the IT industry not only to study for (and pass) the PenTest+ exam but also to help you perform common pentest-related tasks on the job.
I hope you find this book a useful tool that you can refer to time and time again in your career.
Conventions Used in This Book
Each chapter in this book has different elements that help you prepare to pass the PenTest+ exam. Each chapter includes the following features:
Icons: Look for the icons used in each chapter to draw your attention to information needed for the PenTest+ exam or in the real world. For more details on the icons I use, check out the section, “Icons Used in This Book” later in this introduction.
Reviewing Key Concepts: Found at the end of each chapter, the “Reviewing Key Concepts” summary covers key points you should remember for the exam.
Prep Test: Following each chapter’s “Reviewing Key Concepts” section, you will find example questions to help you review the chapter content in preparation for the PenTest+ certification exam. Be sure to do the review questions with each chapter! Then, after you complete the book, check out the practice exam that accompanies this book on the www.dummies.com website. This practice exam is designed to function like the real exam, with the same level of difficulty. (See the section, “Beyond the Book” later in this Introduction for more information about how to access the online practice exam.)
Foolish Assumptions
I make a few assumptions about you as a reader and have written this book with these assumptions in mind:
You are interested in obtaining the PenTest+ certification. After all, the focus of this book is helping you pass the exam.
You have a computer to work on. To perform the lab exercises in this book, you need a computer with virtualization software to run multiple virtual machines. I recommend using virtualization software such as Hyper-V or VMWare Player to run Kali Linux, Metasploitable2, a Windows Server, and a Windows client.
You will study hard and do as much hands-on work as possible. There is a lot of content covered by the PenTest+ certification exam, and you should read over the information in this book a few times to ensure you understand everything. You should also experiment as much as possible after you read about a particular topic. For example, after you read about running a vulnerability scan, you should try it. There are lab exercises to help you with this as well.
How This Book Is Organized
Like all For Dummies books, chapters are organized into parts. The chapters in each part are related by a specific theme or topic. For example, Part 1: Planning and Information Gathering, contains all the information you need to know in the initial stages of a penetration test.
Pre-assessment
Before you dive into the book, you'll find a set of pre-assessment questions to test your initial knowledge of the areas covered by the CompTIA PenTest+ certification exam. Take time to review each question to see where you stand, and then verify your work with the answers that follow. Use the chapter reference given to learn more about the topic related to the question.
Part 1: Planning and Information Gathering
In this part, you discover what the PenTest+ certification is all about and what you will be tested on when taking the CompTIA PenTest+ certification exam. You also learn about how to plan and scope the penetration test and the tools used to perform information gathering and vulnerability identification.
Part 2: Exploiting Systems
In Part 2, you learn about how exploits are performed on systems to gain access to those systems. You learn about exploiting systems, wireless networks, and how to exploit common weaknesses in applications.
Part 3: Post-Exploitation and Reporting
Part 3 discusses common post-exploitation actions you can take after exploiting a system and gaining access to that system. Part 3 also discusses scripting languages and how to create a penetration testing report.
Appendixes
Three appendixes provide helpful information about the PenTest+ exam and useful information to help you create a hands-on lab environment to help with your studies. Appendix A introduces you to the exam and gives you a good idea of what you can expect when you go to take the exam. Appendix B includes an exam objective mapping table that lets you know where in the book each of the exam objectives are covered. This is very useful when you are preparing for the CompTIA PenTest+ certification exam to ensure you know each point in the objectives. Appendix C contains a list of the virtual machines (VMs) I use to create the lab exercises and contains useful information to help you build a matching lab environment to practice your penetration testing skills!
Practice
