CompTIA PenTest+ Study Guide (häftad)
Fler böcker inom
Häftad (Paperback / softback)
Antal sidor
Sybex Inc.,U.S.
228 x 177 x 31 mm
884 g
Antal komponenter
CompTIA PenTest+ Study Guide (häftad)

CompTIA PenTest+ Study Guide

Exam PT0-001

Häftad Engelska, 2018-10-19
Skickas inom 5-8 vardagar.
Fri frakt inom Sverige för privatpersoner.
Finns även som
Visa alla 2 format & utgåvor
World-class preparation for the new PenTest+ exam The CompTIA PenTest+ Study Guide: Exam PT0-001 offers comprehensive preparation for the newest intermediate cybersecurity certification exam. With expert coverage of Exam PT0-001 objectives, this book is your ideal companion throughout all stages of study; whether you're just embarking on your certification journey or finalizing preparations for the big day, this invaluable resource helps you solidify your understanding of essential skills and concepts. Access to the Sybex online learning environment allows you to study anytime, anywhere with electronic flashcards, a searchable glossary, and more, while hundreds of practice exam questions help you step up your preparations and avoid surprises on exam day. The CompTIA PenTest+ certification validates your skills and knowledge surrounding second-generation penetration testing, vulnerability assessment, and vulnerability management on a variety of systems and devices, making it the latest go-to qualification in an increasingly mobile world. This book contains everything you need to prepare; identify what you already know, learn what you don't know, and face the exam with full confidence! Perform security assessments on desktops and mobile devices, as well as cloud, IoT, industrial and embedded systems Identify security weaknesses and manage system vulnerabilities Ensure that existing cybersecurity practices, configurations, and policies conform with current best practices Simulate cyberattacks to pinpoint security weaknesses in operating systems, networks, and applications As our information technology advances, so do the threats against it. It's an arms race for complexity and sophistication, and the expansion of networked devices and the Internet of Things has integrated cybersecurity into nearly every aspect of our lives. The PenTest+ certification equips you with the skills you need to identify potential problems--and fix them--and the CompTIA PenTest+ Study Guide: Exam PT0-001 is the central component of a complete preparation plan.
Visa hela texten

Passar bra ihop

  1. CompTIA PenTest+ Study Guide
  2. +
  3. CompTIA CySA+ Practice Tests

De som köpt den här boken har ofta också köpt CompTIA CySA+ Practice Tests av Mike Chapple, David Seidl (häftad).

Köp båda 2 för 708 kr


Har du läst boken? Sätt ditt betyg »

Bloggat om CompTIA PenTest+ Study Guide

Övrig information

MIKE CHAPPLE, PHD, CISSP, PenTest+, is Associate Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame. He's a cybersecurity professional and educator with over 20 years of experience, and provides cybersecurity certification resources at his website, DAVID SEIDL, CISSP, CySA+, Pentest+, GPEN, GCIH is Senior Director for Campus Technology Services at the University of Notre Dame. A former Director of Information Security, he is now responsible for cloud operations, middleware, enterprise operating systems, applications, and identity and access management.


Introduction xxv Assessment Test lvi Chapter 1 Penetration Testing 1 What Is Penetration Testing? 2 Cybersecurity Goals 2 Adopting the Hacker Mind-Set 4 Reasons for Penetration Testing 5 Benefits of Penetration Testing 5 Regulatory Requirements for Penetration Testing 6 Who Performs Penetration Tests? 8 Internal Penetration Testing Teams 8 External Penetration Testing Teams 9 Selecting Penetration Testing Teams 9 The CompTIA Penetration Testing Process 10 Planning and Scoping 11 Information Gathering and Vulnerability Identification 11 Attacking and Exploiting 12 Reporting and Communicating Results 13 The Cyber Kill Chain 13 Reconnaissance 15 Weaponization 15 Delivery 16 Exploitation 16 Installation 16 Command and Control 16 Actions on Objectives 17 Tools of the Trade 17 Reconnaissance 19 Vulnerability Scanners 20 Social Engineering 21 Credential-Testing Tools 21 Debuggers 21 Software Assurance 22 Network Testing 22 Remote Access 23 Exploitation 23 Summary 23 Exam Essentials 24 Lab Exercises 25 Activity 1.1: Adopting the Hacker Mind-Set 25 Activity 1.2: Using the Cyber Kill Chain 25 Review Questions 26 Chapter 2 Planning and Scoping Penetration Tests 31 Scoping and Planning Engagements 35 Assessment Types 36 White Box, Black Box, or Gray Box? 36 The Rules of Engagement 38 Scoping Considerations: A Deeper Dive 40 Support Resources for Penetration Tests 42 Key Legal Concepts for Penetration Tests 45 Contracts 45 Data Ownership and Retention 46 Authorization 46 Environmental Differences 46 Understanding Compliance-Based Assessments 48 Summary 50 Exam Essentials 51 Lab Exercises 52 Review Questions 53 Chapter 3 Information Gathering 57 Footprinting and Enumeration 60 OSINT 61 Location and Organizational Data 64 Infrastructure and Networks 67 Security Search Engines 72 Active Reconnaissance and Enumeration 74 Hosts 75 Services 75 Networks, Topologies, and Network Traffic 81 Packet Crafting and Inspection 83 Enumeration 84 Information Gathering and Code 88 Information Gathering and Defenses 89 Defenses Against Active Reconnaissance 90 Preventing Passive Information Gathering 90 Summary 90 Exam Essentials 91 Lab Exercises 92 Activity 3.1: Manual OSINT Gathering 92 Activity 3.2: Exploring Shodan 93 Activity 3.3: Running a Nessus Scan 93 Review Questions 94 Chapter 4 Vulnerability Scanning 99 Identifying Vulnerability Management Requirements 102 Regulatory Environment 102 Corporate Policy 106 Support for Penetration Testing 106 Identifying Scan Targets 106 Determining Scan Frequency 107 Configuring and Executing Vulnerability Scans 109 Scoping Vulnerability Scans 110 Configuring Vulnerability Scans 111 Scanner Maintenance 117 Software Security Testing 119 Analyzing and Testing Code 120 Web Application Vulnerability Scanning 121 Developing a Remediation Workflow 125 Prioritizing Remediation 126 Testing and Implementing Fixes 127 Overcoming Barriers to Vulnerability Scanning 127 Summary 129 Exam Essentials 129 Lab Exercises 130 Activity 4.1: Installing a Vulnerability Scanner 130 Activity 4.2: Running a Vulnerability Scan 130 Activity 4.3: Developing a Penetration Test Vulnerability Scanning Plan 131 Review Questions 132 Chapter 5 Analyzing Vulnerability Scans 137 Reviewing and Interpreting Scan Reports 138 Understanding CVSS 142 Validating Scan Results 147 False Positives 147 Documented Exceptions 147 Understanding Informational Results 148 Reconciling Scan Results with Other Data Sources 149 Trend Analysis 149 Common Vulnerabilities 150 Server and Endpoint Vulnerabilities 151 Network Vulnerabilities 161 Virtualization Vulnerabilities 167 Internet of Things (IoT) 169 Web Application Vulnerabilities 170 Summary 172 Exam Essentials 173 Lab Exercises 174 Activity 5.1: Interpreting a Vulnerabili