to help you perform common pentest-related tasks on the job.
I hope you find this book a useful tool that you can refer to time and time again in your career.
Conventions Used in This Book
Each chapter in this book has different elements that help you prepare to pass the PenTest+ exam. Each chapter includes the following features:
Icons: Look for the icons used in each chapter to draw your attention to information needed for the PenTest+ exam or in the real world. For more details on the icons I use, check out the section, “Icons Used in This Book” later in this introduction.
Reviewing Key Concepts: Found at the end of each chapter, the “Reviewing Key Concepts” summary covers key points you should remember for the exam.
Prep Test: Following each chapter’s “Reviewing Key Concepts” section, you will find example questions to help you review the chapter content in preparation for the PenTest+ certification exam. Be sure to do the review questions with each chapter! Then, after you complete the book, check out the practice exam that accompanies this book on the www.dummies.com
website. This practice exam is designed to function like the real exam, with the same level of difficulty. (See the section, “Beyond the Book” later in this Introduction for more information about how to access the online practice exam.)
Foolish Assumptions
I make a few assumptions about you as a reader and have written this book with these assumptions in mind:
You are interested in obtaining the PenTest+ certification. After all, the focus of this book is helping you pass the exam.
You have a computer to work on. To perform the lab exercises in this book, you need a computer with virtualization software to run multiple virtual machines. I recommend using virtualization software such as Hyper-V or VMWare Player to run Kali Linux, Metasploitable2, a Windows Server, and a Windows client.
You will study hard and do as much hands-on work as possible. There is a lot of content covered by the PenTest+ certification exam, and you should read over the information in this book a few times to ensure you understand everything. You should also experiment as much as possible after you read about a particular topic. For example, after you read about running a vulnerability scan, you should try it. There are lab exercises to help you with this as well.
How This Book Is Organized
Like all For Dummies books, chapters are organized into parts. The chapters in each part are related by a specific theme or topic. For example, Part 1: Planning and Information Gathering, contains all the information you need to know in the initial stages of a penetration test.
Pre-assessment
Before you dive into the book, you'll find a set of pre-assessment questions to test your initial knowledge of the areas covered by the CompTIA PenTest+ certification exam. Take time to review each question to see where you stand, and then verify your work with the answers that follow. Use the chapter reference given to learn more about the topic related to the question.
Part 1: Planning and Information Gathering
In this part, you discover what the PenTest+ certification is all about and what you will be tested on when taking the CompTIA PenTest+ certification exam. You also learn about how to plan and scope the penetration test and the tools used to perform information gathering and vulnerability identification.
Part 2: Exploiting Systems
In Part 2, you learn about how exploits are performed on systems to gain access to those systems. You learn about exploiting systems, wireless networks, and how to exploit common weaknesses in applications.
Part 3: Post-Exploitation and Reporting
Part 3 discusses common post-exploitation actions you can take after exploiting a system and gaining access to that system. Part 3 also discusses scripting languages and how to create a penetration testing report.
Appendixes
Three appendixes provide helpful information about the PenTest+ exam and useful information to help you create a hands-on lab environment to help with your studies. Appendix A introduces you to the exam and gives you a good idea of what you can expect when you go to take the exam. Appendix B includes an exam objective mapping table that lets you know where in the book each of the exam objectives are covered. This is very useful when you are preparing for the CompTIA PenTest+ certification exam to ensure you know each point in the objectives. Appendix C contains a list of the virtual machines (VMs) I use to create the lab exercises and contains useful information to help you build a matching lab environment to practice your penetration testing skills!
Practice exam
After you have read through the book multiple times, performed the lab exercises a few times, and completed the end of chapter review questions, you should then take the practice exam available for this book on www.dummies.com
. The practice exam gives you the opportunity to experience the feel of a live exam to help you prepare for the Actual works exam. The practice exam also contains sample performance-based questions, which are interactive questions you will find on the real exam. See the section, “Beyond the Book” later in this introduction for more information about how to access the online practice exam.
Icons Used in This Book
I use a number of icons in this book to draw your attention to pieces of useful information.
Beyond