SE flag SE
+46 (0)8 506 668 00
+46 (0)8 506 668 00

CompTIA PenTest+® Training

Course 2049

  • Duration: 5 days
  • Exam Voucher: Yes
  • Language: English
  • Level: Intermediate

The CompTIA PenTest+ (PTO-003) course is designed for cybersecurity professionals who want to develop and validate their penetration testing and vulnerability assessment skills. It provides a hands-on, performance-based approach to ethical hacking, focusing on real-world attack techniques, tools, and strategies used by security professionals to identify, exploit, and mitigate vulnerabilities in IT systems. This course bridges the gap between security analysts and penetration testers by covering both offensive and defensive cybersecurity tactics.

U.S. DoDM 8140.03 APPROVED BY DEPARTMENT OF DEFENSE

CompTIA PenTest+ Training Delivery Methods

  • In-Person

  • Online

  • Upskill your whole team by bringing Private Team Training to your facility.

CompTIA PenTest+ Training Information

In this course, you will learn the following:

  • Plan, scope, and perform information gathering as part of a penetration test.
  • Perform attacks that are aligned to and fulfill legal and compliance requirements.
  • Perform each phase of a penetration test using and modifying appropriate tools and use the appropriate tactics, techniques, and procedures.
  • Analyze the results of each phase of a penetration test to develop a written report, effectively communicate findings to stakeholders and provide practical recommendations.

Training Prerequisites

While prior experience is not mandatory, having a background in cybersecurity and hands-on practice with penetration testing tools will significantly improve comprehension and performance in the course and certification exam.

Certification Information

You must take and pass the CompTIA PenTest+ (PTO-003) certification exam to earn this certification. Exam vouchers are available upon request and included in the tuition fee.

CompTIA PenTest+ Training Outline

1.0 Engagement Management

1.1 Summarize pre-engagement activities.

  • Scope definition
  • Shared responsibility model
  • Legal and ethical considerations

1.2 Explain collaboration and communication activities.

  • Peer review and  Stakeholder alignment
  • Root cause analysis
  • Escalation path and Secure distribution
  • Articulation of risk, severity, and impact
  • Goal reprioritization and  Business impact analysis
  • Client acceptance

1.3 Compare and contrast testing frameworks and methodologies.

  • Open Source Security Testing Methodology Manual (OSSTMM)
  • Council of Registered Ethical Security Testers (CREST)
  • Penetration Testing Execution Standard (PTES)
  • MITRE ATT&CK
  • Open Worldwide Application Security Project (OWASP) Top 10
  • OWASP Mobile Application Security Verification Standard (MASVS)
  • Purdue model
  • Threat modeling frameworks

1.4 Explain the components of a penetration test report.

  • Format alignment
  • Documentation specifications
  • Risk scoring
  • Definitions and Report components
  • Test limitations and assumptions
  • Reporting considerations

1.5 Given a scenario, analyze the findings and recommend the appropriate remediation within a report.

  • Technical, Administrative, Operational and Physical controls

2.0  Reconnaissance and Enumeration

 2.1  Given a scenario, apply information gathering techniques.

  • Active and passive reconnaissance
  • Open-source intelligence (OSINT)
  • Network reconnaissance
  • Protocol scanning
  • Certificate transparency logs
  • Information disclosure
  • Search engine analysis/ enumeration
  • Network sniffing and Banner grabbing
  • Hypertext Markup Language (HTML) scraping

2.2 Given a scenario, apply enumeration techniques.

  • Operating system (OS) fingerprinting
  • Service discovery
  • Protocol enumeration
  • DNS and Directory enumeration
  • Host discovery and  Share enumeration
  • Local user and Email account enumeration
  • Wireless, Permission and Secrets enumeration
  • Attack path mapping
  • Web application firewall (WAF) enumeration
  • Web crawling
  • Manual enumeration

2.3 Given a scenario, modify scripts for reconnaissance and enumeration.

  • Information gathering
  • Data manipulation
  • Scripting languages
  • Logic constructs

2.4 Given a scenario, use the appropriate tools for reconnaissance and enumeration.

  • Wayback Machine
  • Maltego
  • Recon-ng
  • Shodan
  • SpiderFoot
  • WHOIS
  • nslookup/dig

3.1 Given a scenario, conduct vulnerability discovery using various techniques.

  • Types of scans
  • Industrial control systems (ICS) vulnerability assessment
  • Tools

3.2 Given a scenario, analyze output from reconnaissance, scanning, and enumeration phases.

  • Validate scan, reconnaissance, and enumeration results
  • Public exploit selection
  • Use scripting to validate results

3.3 Explain physical security concepts.

  • Tailgating
  • Site surveys
  • Universal Serial Bus (USB) drops
  • Badge cloning
  • Lock picking

4.0 Attacks and Exploits

4.1 Given a scenario, analyze output to prioritize and prepare attacks.

  • Target prioritization
  • Capability selection

4.2 Given a scenario, perform network attacks using the appropriate tools.

  • Attack types and Tools

4.3 Given a scenario, perform authentication attacks using the appropriate tools.

  • Attack types and  Tools

4.4 Given a scenario, perform host-based attacks using the appropriate tools.

  • Attack types and Tools

4.5 Given a scenario, perform web application attacks using the appropriate tools.

  • Attack types and Tools

4.6 Given a scenario, perform cloud-based attacks using the appropriate tools.

  • Attack types and Tools

4.7 Given a scenario, perform wireless attacks using the appropriate tools.

  • Attack types and Tools

4.8 Given a scenario, perform social engineering attacks using the appropriate tools.

  • Attack types and Tools

4.9 Explain common attacks against specialized systems.

  • Attack types and Tools

4.10 Given a scenario, use scripting to automate attacks.

  • Attack types and Tools

5.0 Post-exploitation and Lateral Movement

5.1 Given a scenario, perform tasks to establish and maintain persistence.

  • Scheduled tasks/cron jobs
  • Service creation
  • Reverse and Bind Shell
  • Add new accounts and Obtain valid account credentials
  • Registry keys
  • Command and control (C2) frameworks
  • Backdoor and Rootkit
  • Browser extensions
  • Tampering security controls

5.2 Given a scenario, perform tasks to move laterally throughout the environment.

  • Pivoting
  • Relay creation
  • Enumeration
  • Service discovery
  • Window Management Instrumentation (WMI)
  • Window Remote Management (WinRM)
  • Tools

5.3 Summarize concepts related to staging and exfiltration.

  • File encryption and compression
  • Covert channel
  • Email
  • Cross-account resources
  • Cloud storage
  • Alternate data streams
  • Text storage sites
  • Virtual drive mounting
  • Remove persistence mechanisms
  • Revert configuration changes

5.4 Explain cleanup and restoration activities.

  • Remove tester-created credentials
  • Remove tools
  • Spin down infrastructure
  • Preserve artifacts
  • Secure data destruction
Get This Course 27 930 kr For Team Prices Call: +46 (0)8 506 668 00
  • 5-day instructor-led training course

  • CompTIA-approved PenTest+ training programs

  • Earn 29 NASBA CPEs (live, in-class training only)
  • Earn 29 CompTIA CEUs
  • PenTest+ Study Guide
  • Practice exam questions
  • Exam voucher included
  • One-on-one after course instructor coaching
#2049
  • Guaranteed to Run - you can rest assured that the class will not be cancelled.
    apr 28 - maj 2 15:00 - 22:30 CEST
    Virtual
  • jun 9 - 13 16:00 - 23:30 CEST
    Austin or Virtual
  • jun 23 - 27 9:00 - 16:30 CEST
    Stockholm or Virtual
  • jun 23 - 27 10:00 - 17:30 CEST
    London or Virtual
  • jul 7 - 11 15:00 - 22:30 CEST
    Herndon, VA or Virtual
  • aug 25 - 29 15:00 - 22:30 CEST
    Herndon, VA or Virtual
  • sep 8 - 12 16:00 - 23:30 CEST
    Austin or Virtual
  • sep 15 - 19 10:00 - 17:30 CEST
    London or Virtual
  • sep 15 - 19 9:00 - 16:30 CEST
    Stockholm or Virtual
  • okt 27 - 31 14:00 - 21:30 CET
    Herndon, VA or Virtual
  • dec 1 - 5 16:00 - 23:30 CET
    Austin or Virtual
  • dec 15 - 19 9:00 - 16:30 CET
    Stockholm or Virtual
  • dec 15 - 19 10:00 - 17:30 CET
    London or Virtual
  • feb 2 - 6 15:00 - 22:30 CET
    Herndon, VA or Virtual
  • mar 9 - 13 15:00 - 22:30 CET
    Austin or Virtual

Scroll to view additional course dates

  • Bring this or any training to your organization

  • Full-scale program development

  • Delivered when, where, and how you want it
  • Blended learning models
  • Tailored content
  • Expert team coaching
#2049
Questions about this course?
* Required Fields
Customise Your Team Training Experience

Fill out the form below or call +46 (0)8 506 668 00

* Required Fields
Preferred method of contact:

Need Help Finding The Right Training Solution?

Our training advisors are here for you.

Contact Us

CompTIA PenTest+ FAQs

The CompTIA PenTest+ certification training is designed to prepare IT professionals to pass the CompTIA PenTest+ PT0-002 certification exam.

It covers general concepts and methodologies related to penetration testing and provides a simulated pen test for a fictitious company.

This course is designed for IT professionals who want to develop penetration testing skills to identify information system vulnerabilities and effective remediation techniques.

It is also suitable for individuals preparing for the CompTIA PenTest+ certification exam or those who plan to use the PenTest+ as a foundation for more advanced security certifications or career roles.

The PenTest+ training includes management skills used to plan, scope, and manage weaknesses, not just exploit them. It assesses the most up-to-date penetration testing, vulnerability assessment, and management skills necessary to determine the network's resiliency against attacks.

In addition, successful exam candidates will have the intermediate skills required to customize assessment frameworks to effectively collaborate on and report findings and communicate recommended strategies to improve IT security.

The training is available in two delivery methods: in-person and online.

The course covers planning and scoping information gathering and vulnerability scanning, attacks and exploits, reporting and communication, tools and code analysis.

To ensure success in this course, you should have intermediate knowledge of information security concepts, practical experience in securing various computing environments, and completion of the Learning Tree course 446, CompTIA Security+® Training

In addition, individuals seeking the certification should also have three to four years of hands-on experience performing penetration tests, vulnerability assessments, and vulnerability management.

To earn the CompTIA PenTest+ certification, you must take and pass the CompTIA PenTest+ certification exam, which is included in the tuition fee.

This course covers planning, information gathering, attacks and exploits, and reporting, all of which can help you to identify vulnerabilities.

Additionally, the course provides a simulated pen test for a fictitious company that allows you to apply what you've learned to identify and exploit vulnerabilities.

Yes, this course covers various attack vectors and how to exploit them to gain access to systems and applications. You will learn about attacks and exploits, including SQL injection and post-exploitation techniques.

Yes, this course covers testing for exploitable vulnerabilities, including vulnerability scanning and application-based attacks. In addition, you will learn to research attack vectors and perform network, wireless, and cloud technology attacks.

SQL injection is a type of attack that targets databases by injecting malicious code into SQL statements. This course covers SQL injection as part of its coverage of application-based attacks.

In addition, you will learn how to perform a script or code analysis for use in a penetration test and analyze the results of a reconnaissance exercise.

This course covers various aspects of computer systems, including computer networking concepts and implementations, standard security technologies, and cryptographic concepts and implementations.

It also covers practical experience in securing various computing environments, including small to medium businesses and enterprise environments.

Yes, this course covers various types of attacks against web applications and how to exploit vulnerabilities.

In addition, you will learn how to perform active and passive surveillance, analyze the results of a reconnaissance exercise, and analyze a script or code sample for use in a penetration test.

Related Courses

  • Learning Tree
    Penetration Testing Training: Tools and Techniques

    In this Penetration Testing course, you will learn to discover weaknesses in your own network by using the mindset and methods of a hacker.

    Intermediate
    4 days
    Online or In-class
    Starts from 32 130 kr
  • Learning Tree
    Vulnerability Assessment Training: Protecting Your Organization

    In this Vulnerability Assessment course, you learn how to create a network security vulnerability assessment checklist to prevent network exploitation.

    Intermediate
    4 days
    Online or In-class
    Starts from 30 750 kr
  • EC-Council
    Certified Ethical Hacker (CEH) Training

    Get CEH certified with our training course! Learn to protect your network with hands-on labs and tools. Pass the EC-Council CEH v13 exam.

    Intermediate
    5 days
    Online or In-class
    Starts from 41 930 kr