Watch this Recorded IT Webinar-Getting Started With CompTIA PenTest+

1
Getting Started With CompTIA PenTest
Patrick Lane NetCom Learning
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
2
Agenda

• What is CompTIA PenTest?
• Cybersecurity career pathway
• PenTest exam objectives
• Partner and instructor resources
• QA

www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
3
What is CompTIA PenTest?
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
4
CompTIA PenTest Certification

• CompTIA PenTest is a certification for
  intermediate skills level cybersecurity
  professionals who are tasked with hands-on
  penetration testing to identify, exploit, report,
  and manage vulnerabilities on a network.
• PenTest assesses the most up-to-date penetration
  testing, and vulnerability assessment and
  management skills necessary to determine the
  resiliency of the network against attacks.
  Successful candidates will have the intermediate
  skills and best practices required to customize
  assessment frameworks to effectively collaborate
  on and report findings, and communicate
  recommended strategies to improve the overall
  state of IT security.
• Skills competence for key job roles
• Application Security Engineer
• Penetration Tester
• Vulnerability Tester
• Security Analyst (II)
• Network Security Operations
• Application Security Vulnerability

Domain of Exam
1.0 Planning and Scoping 15
2.0 Information Gathering and Vulnerability Identification 22
3.0 Attacks and Exploits 30
4.0 Penetration Testing Tools 17
5.0 Reporting and Communication 16
Total 100
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
5
Why is it different?

1. CompTIA PenTest is the only exam taken at a
   Pearson VUE testing center with both hands-on,
   performance-based questions and multiple-choice,
   to ensure each candidate possesses the skills,
   knowledge, and ability to perform tasks on
   systems.
2. CompTIA PenTest exam not only covers hands-on
   penetration testing and vulnerability
   assessment, but includes management skills used
   to plan, scope, and manage weaknesses, not just
   exploit them.
3. CompTIA PenTest is unique because our
   certification requires a candidate to
   demonstrate the hands-on ability and knowledge to
   test devices in new environments such as the
   cloud and mobile, in addition to traditional
   desktops and servers.

www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
6
Job Task Analysis (JTA) Participants

• Key JTA participants
• Brotherhood Mutual
• Global Cyber Security
• SecureWorks
• North State Technology Solutions
• BlackFire Consulting
• TransUnion

• Las Vegas Sands Corporation
• Integra LifeSciences
• Enterprise Holdings
• Paylocity
• Johns Hopkins University Applied Physics
  Laboratory
• ASICS Corporation

www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
7
PenTest Exam Information
Item Description
Exam code PT0-001
Launch Date July 31, 2018
Availability Worldwide
Pricing 346 USD
Testing Provider Pearson VUE Testing Centers
Question Types Performance based and multiple choice
No. of Questions TBD
Length of Test TBD
Passing Score TBD (on a scale of 100-900)
Languages English only
Recommended Experience Network, Security or equivalent knowledge.
CE Program, ISO/ANSI and DoD accreditation Yes, part of CE program. CompTIA will pursue ISO/ANSI 17024 and DoD 8140/8570 approval.
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
8
Proposed Hardware/Software for Labs

• The CompTIA PenTest exam will include hands-on,
  performance-based simulations.
• To prepare for these performance-based
  assessments, trainers, educators and publishers
  should emphasize open-source tools and teamwork.
  The following items were recommended by the
  subject matter experts (SMEs) at the JTA and are
  included in the exam objectives.

Software Hardware Tools
OS licensing Open source OS Penetration testing frameworks Virtual machine software Scanning tools Credential testing tools Debuggers Software assurance tools Wireless testing tools Web proxying tools Social engineering tools Remote access tools Network tools Mobility testing tools Laptops Wireless access points Servers Switches Cabling Monitors Firewalls HID/door access controls Wireless adapters capable of packet injection Directional antenna Mobile device SPARE HARDWARE Cables Keyboards Mouse Power supplies Dongles/adapters Lock pick kit Badge cloner Fingerprint lifter
These software/hardware/tools may or may not
appear on the exam. It is listed so that readers
may better understand the job role.
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
9
Metasploit Example
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
10
SET (Social Engineering Toolkit) Example
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
11
Workforce Indicators

• The U.S. Bureau of Labor Statistics (BLS)
  classifies the job role under Information
  Security Analysts, which includes
• Conduct penetration testing, which is when
  analysts simulate attacks to look for
  vulnerabilities in their systems before they can
  be exploited
• 2017 Median Pay 92,600 per year
• Number of Jobs Available 82,900
• Job Outlook 28 growth by 2026 (Much faster
  than average)

• Cyberseek.org classifies the job role under
  Penetration Vulnerability Tester, which
  includes
• 2017 Median Pay 98,000
• per year
• Number of Jobs Available 6,695
• (For comparison purposes, Cyberseek.org states
  Cybersecurity Analyst open jobs at 19,017 jobs.
• That identifies one pen tester / vulnerability
  assessor job for every three security analyst
  jobs.).

www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
12
Cybersecurity Career Pathway
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
13
Cybersecurity Career Pathway with PenTest
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
14
Lab concept for red team / blue team activities
Penetration testing (red team) and security
analyst (blue team) hands-on cybersecurity skills
are taught. For example
Red team
Blue team
Red team exploits are demonstrated
Blue team intrusion detection tools discover
the red team exploits
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
15
PenTest Exam Domains
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
16
15
PenTest Domain Objectives
1.0 Planning and Scoping

1. Explain the importance of planning for an
   engagement.
2. Explain key legal concepts.
3. Explain the importance of scoping an engagement
   properly.
4. Explain the key aspects of compliance-based
   assessments.

www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
17
22
PenTest Domain Objectives
2.0 Information Gathering and Vulnerability
Identification

1. Given a scenario, conduct information gathering
   using appropriate techniques.
2. Given a scenario, perform a vulnerability scan.
3. Given a scenario, analyze vulnerability scan
   results.
4. Explain the process of leveraging information to
   prepare for exploitation.
5. Explain weaknesses related to specialized systems.

www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
18
30
PenTest Domain Objectives
3.0 Attacks and Exploits

1. Compare and contrast social engineering attacks.
2. Given a scenario, exploit network-based
   vulnerabilities.
3. Given a scenario, exploit wireless and RF-based
   vulnerabilities.
4. Given a scenario, exploit application-based
   vulnerabilities.
5. Given a scenario, exploit local host
   vulnerabilities.
6. Summarize physical security attacks related to
   facilities.
7. Given a scenario, perform post-exploitation
   techniques.

www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
19
4.0 Penetration Testing Tools
PenTest Domain Objectives
17

1. Given a scenario, use Nmap to conduct information
   gathering exercises.
2. Compare and contrast various use cases of tools.
3. Given a scenario, analyze tool output or data
   related to a penetration test.
4. Given a scenario, analyze a basic script (limited
   to Bash, Python, Ruby, and PowerShell).

www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
20
16
PenTest Domain Objectives
5.0 Reporting and Communication

1. Given a scenario, use report writing and handling
   best practices.
2. Explain post-report delivery activities.
3. Given a scenario, recommend mitigation strategies
   for discovered vulnerabilities.
4. Explain the importance of communication during
   the penetration testing process.

www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
21
Partner instructor resources
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
22
Official CompTIA Content for PenTest

• Instructor-Led Training planned availability by
  July 31
• Official CompTIA PenTest Instructor Guide (print
  or eBook)
• Official CompTIA PenTest Student Guide (print or
  eBook)
• LogicalLABS
• CompTIA CHOICE Platform
• eLearning fall 2018 availability, exact dates
  TBD
• CertMaster Learn
• CertMaster Practice
• CertMaster Labs
• Designed for self-paced audiences

www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
23
Features of Official Content

• Comprehensive Instructional Tools
• Robust Instructor Guide with presentation
  planners, helpful tips, and solutions in the
  margin
• Class tested with real instructors before
  publication
• Resources within CompTIA Choice including PPT
  slides
• Focused on Job Roles and 100 Coverage of
  Objectives
• Lessons in the book align with real world job
  objectives and scenarios
• Activities require students knowledge into
  practice (some align with Labs)
• Appendix aligns content to exam objectives
• Flexible and Customizable Content Based on Course
  Format
• Instructor Guide references different course
  formats and how presentation should be tailored
• The CompTIA Choice platform is the one stop shop
  for all resources for course including eBook,
  instructor files, videos, assessments and labs
  (if applicable)
• Students get lifetime access

www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
24
CertMaster Suite
CompTIA Official Content can be purchased at
https//store.comptia.org/
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
25
PenTest Train the Trainer (TTT)

• Complimentary Webinar Series
• The recorded sessions cover
• PenTest exam domains
• Comprehensive understanding of key pen testing
  and vulnerability assessment concepts
• Hands-on experience with key technology tools
  used
• by security professionals
• Instructional strategy to implement PenTest
• Preparation for PenTest certification

PenTest Train the Trainer (TTT) recorded
sessions are available on demand https//gateway.
on24.com/wcc/gateway/comptiainstructornet/1119137/
category/10121/pentest-ttt
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
26
Partner Marketing Sales Tools
Partners.CompTIA.org
Resource Centers
Product Info

• Exam objectives
• Number of questions
• Length of test
• Passing score
• Languages
• Exam code

Presentations / Webinars
Logos Brand Guidelines
Product Guide
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
27
Useful Links
Resource Location
Content Availability http//certification.comptia.org/Training/studymaterials.aspx
Classroom Training Availability http//www.comptiastore.com/ http//certification.comptia.org/Training/training.aspx
Exam Voucher Purchase http//www.comptiastore.com/ http//www.pearsonvue.com/vouchers/pricelist/comptia.asp
Exam Registration http//home.pearsonvue.com/test-taker.aspx
Partner Website http//partners.comptia.org

LinkedIn CompTIA Instructor Network https//www.linkedin.com/grp/home?gid8350296 CompTIA Certified Professionals Group https//www.linkedin.com/groups?homegid143484trkanet_ug_hm
Twitter _at_CompTIA https//twitter.com/comptia
YouTube https//www.youtube.com/CompTIATV
Facebook https//www.facebook.com/CompTIA 27
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
28
Partner Launch Strategy
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
29

• PenTest Partner Launch Strategy
• The PenTest exam will be available worldwide at
  Pearson VUE on July 31, 2018. Although the exam
  will be available everywhere, CompTIA will not
  announce the release to the public until August
  21, 2018, in order to help our partners prepare
  to teach PenTest.
• During the three-week period from July 31 to
  August 21, please do the following
• Certify your instructors in PenTest
• Guide your instructors to view the PenTest
  train-the-trainer series
• Select your courseware (July 31 CompTIA-branded
  ILT e-book available)
• Obtain, prepare and deliver hands-on labs
• Schedule PenTest courses and advertise on the
  CompTIA Website by updating your instructor
  information through the Partner Website

www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
30
Cybersecurity labs

• Three options
• Purchase certification-specific hands-on labs for
  Security, CySA and PenTest. Guide students
  through the labs in classroom assign as
  homework.
• Purchase a cyber range for red team (PenTest)
  and blue team (CySA) labs and competitions.
• Build your own labs (requires expert
  cybersecurity instructor)

www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
31
Recorded Webinar Video
To watch the recorded webinar video for live
demos, please access the link https//bit.ly/2NSa
UbZ
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
32
About NetCom Learning
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
33
Recommended Courses
CompTIA PenTest Certification Prep (Exam
PT0-001) - Class scheduled on Oct 22 CompTIA
Security Certification - Class scheduled on Oct
22 CompTIA Cybersecurity Analyst (CySA)
Certification - Class scheduled on Oct 29
CompTIA Security Certification Prep Boot Camp -
Class scheduled on Oct 29 CompTIA Advanced
Security Practitioner (CASP) Certification -
Class scheduled on Nov 12
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
34
PowerPoint 2016 10 Tips to Master Presentations
Hands-On Power BI for Data Visualization ASP.NET
Functions on Microsoft Azure Autodesk Inventor
Essentials Visual Styles, Visualization, and
Graphics Business Acumen for Project Managers
DevOps Foundations Lean and Agile CISSP
Certification Prep Security and Risk Management
Cross Team Collaboration Increasing Productivity
with Office 365 Groups SharePoint 2019 "Wow"
First Look at new SharePoint 2019 Adobe InDesign
CC Down and Dirty Tips and Tricks Architecting
for Security on AWS Big Data for Enterprise
Managing Data and Values
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
35
Promotions
From Cloud to Security, to Data and AI, to
Networking, to Application Development, to
Design, to Business Process Application all
classes delivered by top-notch instructors in
in-person Instructor-led Classroom or Live
Online. And after you train, treat yourself with
Gift Card rewards. Learn More
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
36
Follow Us On
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
37
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266
38
THANK YOU !!!
www.netcomlearning.com info_at_netcomlearning.com
(888) 563 8266