eBook - ePub
CompTIA PenTest+ Study Guide
Exam PT0-002
Mike Chapple,David Seidl
This is a test
- English
- ePUB (adapté aux mobiles)
- Disponible sur iOS et Android
eBook - ePub
CompTIA PenTest+ Study Guide
Exam PT0-002
Mike Chapple,David Seidl
DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations
Ă propos de ce livre
Prepare for success on the new PenTest+ certification examand an exciting career in penetration testing
In therevamped Second Edition of CompTIA PenTest+ Study Guide: Exam PT0-002, veteran information security expertsDr.Mike Chapple and David Seidl delivera comprehensiveroadmap to the foundational and advanced skills everypentester(penetration tester)needs tosecure their CompTIAPenTest+ certification, ace their next interview, and succeed in an exciting new career in a growing field.
You'lllearn toperformsecurityassessments of traditional servers, desktopand mobileoperating systems, cloudinstallations, Internet-of-Thingsdevices, and industrial or embedded systems.You'llplan and scope a penetration testing engagement including vulnerability scanning, understand legal andregulatorycompliance requirements, analyzetestresults, and produce a written report with remediation techniques.
This book will:
- Prepareyoufor success on thenewly introduced CompTIA PenTest+ PT0-002 Exam
- Multiply your career opportunities witha certification that complies with ISO 17024standards and meetsDepartment of DefenseDirective 8140/8570.01-M requirements
- Allow accesstothe Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms
Perfect for anyonepreparingfor the updated CompTIA PenTest+ certification exam, CompTIA PenTest+ Study Guide: Exam PT0-002 is also a must-read resource foraspiring penetration testers and IT security professionals seeking to expand and improve their skillset.
Foire aux questions
Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier lâabonnement ». Câest aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via lâapplication. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă la bibliothĂšque et Ă toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode dâabonnement : avec lâabonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă 12 mois dâabonnement mensuel.
Quâest-ce que Perlego ?
Nous sommes un service dâabonnement Ă des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă toute une bibliothĂšque pour un prix infĂ©rieur Ă celui dâun seul livre par mois. Avec plus dâun million de livres sur plus de 1 000 sujets, nous avons ce quâil vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Ăcouter sur votre prochain livre pour voir si vous pouvez lâĂ©couter. Lâoutil Ăcouter lit le texte Ă haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, lâaccĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que CompTIA PenTest+ Study Guide est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă CompTIA PenTest+ Study Guide par Mike Chapple,David Seidl en format PDF et/ou ePUB ainsi quâĂ dâautres livres populaires dans Computer Science et Certification Guides in Computer Science. Nous disposons de plus dâun million dâouvrages Ă dĂ©couvrir dans notre catalogue.
Informations
Chapter 1
Penetration Testing
THE COMPTIA PENTEST+ EXAM OBJECTIVES COVERED IN THIS CHAPTER INCLUDE:
Domain 1: Planning and Scoping
- 1.3 Given a scenario, demonstrate an ethical hacking mindset by maintaining professionalism and integrity.
- Background checks of penetration testing team
- Adhere to specific scope of engagement
- Identify criminal activity
- Immediately report breaches/criminal activity
- Limit the use of tools to a particular engagement
- Limit invasiveness based on scope
- Maintain confidentiality of data/information
- Risks to the professional
Hackers employ a wide variety of tools to gain unauthorized access to systems, networks, and information. Automated tools, including network scanners, software debuggers, password crackers, exploitation frameworks, and malware, do play an important role in the attacker's toolkit. Cybersecurity professionals defending against attacks should have access to the same tools in order to identify weaknesses in their own defenses that an attacker might exploit.
These automated tools are not, however, the most important tools at a hacker's disposal. The most important tool used by attackers is something that cybersecurity professionals can't download or purchase. It's the power and creativity of the human mind. Skilled attackers leverage quite a few automated tools as they seek to defeat cybersecurity defenses, but the true test of their ability is how well they are able to synthesize the information provided by those tools and pinpoint potential weaknesses in an organization's cybersecurity defenses.
What Is Penetration Testing?
Penetration testing seeks to bridge the gap between the rote use of technical tools to test an organization's security and the power of those tools when placed in the hands of a skilled and determined attacker. Penetration tests are authorized, legal attempts to defeat an organization's security controls and perform unauthorized activities. The tests are timeâconsuming and require staff who are as skilled and determined as the realâworld attackers who will attempt to compromise the organization. However, they're also the most effective way for an organization to gain a complete picture of its security vulnerability.
Cybersecurity Goals
Cybersecurity professionals use a wellâknown model to describe the goals of information security. The CIA triad, shown in Figure 1.1, includes the three main characteristics of information that cybersecurity programs seek to protect:
- Confidentiality measures seek to prevent unauthorized access to information or systems.
- Integrity measures seek to prevent unauthorized modification of information or systems.
- Availability measures seek to ensure that legitimate use of information and systems remains possible.
FIGURE 1.1 The CIA triad
Attackers, and therefore penetration testers, seek to undermine these goals and achieve three corresponding goals of their own. The attackers' goals are known as the DAD triad, shown in Figure 1.2:
- Disclosure attacks seek to gain unauthorized access to information or systems.
- Alteration attacks seek to make unauthorized changes to information or systems.
- Denial attacks seek to prevent legitimate use of information and systems.
FIGURE 1.2 The DAD triad
These two models, the CIA and DAD triads, are the cornerstones of cybersecurity. As shown in Figure 1.2, the elements of both models are directly correlated, with each leg of the attackers' DAD triad directly corresponding to a leg of the CIA triad that is designed to counter those attacks. Confidentiality controls seek to prevent disclosure attacks. Integrity controls seek to prevent alteration attacks. Availability controls seek to keep systems running, preventing denial attacks.
Adopting the Hacker Mindset
If you've been practicing cybersecurity for some time, you're probably intimately familiar with the elements of the CIA triad. Cybersecurity defenders spend the majority of their time thinking in these terms, designing controls and defenses to protect information and systems against a wide array of known and unknown threats.
Penetration testers must take a very different approach in their thinking. Instead of trying to defend against all possible threats, they only need to find a single vulnerability that they might exploit to achieve their goals. To find these flaws, they must think like the adversary who might attack the system in the real world. This approach is commonly known as adopting the hacker mindset.
Before we explore the hacker mindset in terms of technical systems, let's explore it using an example from the physical world. If you were responsible for the physical security of an electronics store, you might consider a variety of threats and implement controls designed to counter those threats. You'd be worried about shoplifting, robbery, and employee embezzlement, among other threats, and you might build a system of security controls that seeks to prevent those threats from materializing. These controls might include the following items:
- Security cameras in highârisk areas
- Auditing of cash register receipts
- Theft detectors at the main entrance/exit of the store
- Exit alarms on emergency exits
- Burglar al...