all For Dummies books, chapters are organized into parts. The chapters in each part are related by a specific theme or topic. For example, Part 1: Planning and Information Gathering, contains all the information you need to know in the initial stages of a penetration test.
Pre-assessment
Before you dive into the book, you'll find a set of pre-assessment questions to test your initial knowledge of the areas covered by the CompTIA PenTest+ certification exam. Take time to review each question to see where you stand, and then verify your work with the answers that follow. Use the chapter reference given to learn more about the topic related to the question.
Part 1: Planning and Information Gathering
In this part, you discover what the PenTest+ certification is all about and what you will be tested on when taking the CompTIA PenTest+ certification exam. You also learn about how to plan and scope the penetration test, and the tools to use to perform information gathering and vulnerability identification.
Part 2: Attacks and Exploits
In Part 2, you learn about how exploits are performed on systems to gain access to those systems. You learn about exploiting systems, wireless networks, and how to exploit common weaknesses in applications.
Part 3: Post-Exploitation and Reporting
Part 3 discusses common post-exploitation actions you can take after exploiting a system and gaining access to that system. Part 3 also discusses scripting languages and how to create a penetration testing report.
Appendixes
Three appendixes provide helpful information about the PenTest+ exam and useful information to help you create a hands-on lab environment to help with your studies. Appendix A introduces you to the exam and gives you a good idea of what you can expect when you go to take the exam. Appendix B includes an exam objective mapping table that lets you know where in the book each of the exam objectives are covered. This is very useful when you are preparing for the CompTIA PenTest+ certification exam to ensure you know each point in the objectives. Appendix C contains a list of the virtual machines (VMs) I use to create the lab exercises and contains useful information to help you build a matching lab environment to practice your penetration testing skills!
Practice exam
After you have read through the book multiple times, performed the lab exercises a few times, and completed the end of chapter review questions, you should then take the practice exam available for this book on www.dummies.com
. The practice exam gives you the opportunity to experience the feel of a live exam to help you prepare for the real exam. The practice exam also contains sample performance-based questions, which are interactive questions you will find on the real exam. See the section, “Beyond the Book” later in this introduction for more information about how to access the online practice exam.
Icons Used in This Book
I use a number of icons in this book to draw your attention to pieces of useful information.
Beyond the Book
In addition to what you’re reading right now, this book comes with a free access-anywhere Cheat Sheet that includes tips to help you prepare for the PenTest+ certification exam. To get this Cheat Sheet, simply go to www.dummies.com
and type CompTIA PenTest+ Certification For Dummies Cheat Sheet in the Search box.
You also get access to practice exam questions. To gain access to the online practice exam, all you have to do is register. Just follow these simple steps:
1 Register your book or ebook at Dummies.com to get your PIN. Go to www.dummies.com/go/getaccess
.
2 Select your product from the drop-down list on that page.
3 Follow the prompts to validate your product, and then check your email for a confirmation message that includes your PIN and instructions for logging in.
If you do not receive this email within two hours, please check your spam folder before contacting us through our Technical Support website at https://support.wiley.com
or by phone at 877-762-2974.
Now you’re ready to go! You can come back to the practice material as often as you want — simply log on with the username and password you created during your initial login. No need to enter the access code a second time.
Your registration is good for one year from the day you activate your PIN.
Where to Go from Here
The CompTIA PenTest+ certification is one of the most popular security certifications for individuals new to ethical hacking and penetration testing. After you pass the CompTIA PenTest+ certification exam, you might want to continue your certification path by studying for the following certifications from CompTIA:
Security+: If you haven’t completed CompTIA’s Security+ certification, this could be the next step. Most candidates complete Security+ before doing PenTest+, but if you haven’t, there is no problem going back to do it. Security+ covers IT security topics that help you secure company assets.
CySA+: The CySA+ certification is a vendor-neutral certification that ensures the candidate knows how to respond to security incidents by covering security analytics, intrusion detection, and incident response.
CASP+: The final security certification in the CompTIA security track is the CASP+ certification, which covers advanced technical IT security topics.
Pre-Assessment
The following questions are designed to test you on areas of the CompTIA PenTest+ certification exam that you may