CompTIA PenTest＋考試準備心得

# CompTIA PenTest＋考試準備心得更新時間:2024/07/27 通過考試條件 --- - 考試科目/版本:PT0-002 有消息說會改版成PT1-003，目前Beta - 考試費用: PT0-002考試已經漲價了本來是392美金現在漲價到404美金，這裡補充一下PT1-003現在有開放測試版考試，價錢是50美金但是它是PT1-003 Beta，考試時間他寫有235分鐘，目前該科只有英文語系版本 - 題目最多85題 - 題型:單選、多選、拖圖實作選擇 - 考試時間:PT0-002考試他寫有220分鐘 - 通過分數:750分，滿分900分 - 題語系:English, Japanese, Portuguese and Thai - 支援英文、日文、葡萄牙文、泰文語系考試通過考試之後 --- - CompTIA維持費用:一年50美金，繳三年總共150美金維持費用可以參考 https://www.comptia.org/continuing-education/learn/ce-program-fees - 證照持續學分:證照到期前必須拿到60點Continuing Education Units (CEUs)登載並且被受理證照持續學分可以參考 https://www.comptia.org/continuing-education/learn/earn-continuing-education-units ※ 這張證照有被列入數位發展部資通安全署資通安全專業證照清單準備方向/攻略 --- 考試的比重供參考，主要就是5個領域 Planning and Scoping (14%) Information Gathering and Vulnerability Scanning (22%) Attacks and Exploits (30%) Reporting and Communication (18%) Tools and Code Analysis (16%) **分類重點提示** **Planning and Scoping(如何規劃滲透測試的範圍)** -- 在做滲透測之前必須要注意到，所有的作業前必須注意到當地的法規及國際相關的法規，特別是當接觸到的產業或資料有敏感資訊時，特別是個資相關法規、金融相關法規及資料 Personally Identifiable Information,PII Personal Health Information,PHI 老生常談的法規支付卡產業資料安全標準 Payment Card Industry Data Security Standard (PCI DSS) 歐盟個資法 General Data Protection Regulation (GDPR) 美國金融服務業現代化法 Gramm-Leach-Bliley Act(GLBA) 美國沙賓法案 Sarbanes Oxley Act (SOX) 美國健康保險流通與責任法案 Health Insurance Portability and Accountability Act (HIPAA) 滲透測試作業中常見的一些要求 Request for Information(RFI) 需求資訊書 Request for Proposal(RFP) 需求建議書 Master Service Agteement(MSA) 主要服務協議 Service-Level Agreement(SLA) 服務水準協議 Non-Disclosure Agreement(NDA) 保密協議 Statement of Work(SOW) 工作說明書 Rule of Engagement(ROE) 交戰規則 Communication Plan 溝通計畫常見的滲透測試策略大概有目標導向、合規導向、紅藍隊演練、黑箱、白箱、灰箱應用程式測試常見亦有靜態Static Application Security Testing,SAST 動態Dynamic Application Security Testing,DAST 滲透測試過程中應注意到的風險管理 Risk Acceptance 風險接受 Risk Reduction 風險降低 Risk Transfer 風險移轉 Risk Avoidance 風險避免 Risk Mointoring 風險監控滲透測試常見的方法論/基準 MITRE ATT&CK Open Web Application Security Project (OWASP) National Institute of Standards and Technology (NIST) Open-source Security Testing Methodology Manual (OSSTMM) Penetration Testing Execution Standard (PTES) Information Systems Security Assessment Framework (ISSAF) 滲透測試應注意法規、標的範圍、程序、環境(內網、外網、AP、雲端) Information Gathering and Vulnerability Scanning -- Attacks and Exploits -- Reporting and Communication -- Tools and Code Analysis -- 持續更新中.. 線上參考資源 --- CompTIA PenTest+ https://www.comptia.org/certifications/pentest CompTIA PenTest＋滲透測試和漏洞管理國際認證班 https://www.uuu.com.tw/Course/Show/1826/CompTIA-PenTest-%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E5%92%8C%E6%BC%8F%E6%B4%9E%E7%AE%A1%E7%90%86%E5%9C%8B%E9%9A%9B%E8%AA%8D%E8%AD%89%E7%8F%AD CompTIA PenTest＋ https://tryhackme.com/path/outline/pentestplus CompTIA Pentest+ (Ethical Hacking) Course & Practice Exam https://www.udemy.com/course/pentestplus/ Pass CompTIA Pentest+ : Tips & Tricks https://medium.com/@kaorrosi/pass-comptia-pentest-tips-tricks-2513c138b818 Preparing for the CompTIA PenTest+ certification https://jackbaylor.medium.com/preparing-for-the-comptia-pentest-certification-aa6626efb9f7 CompTIA-Pentest-Ethical-Hacking-Course-and-Practice-Exam https://github.com/PacktPublishing/CompTIA-Pentest-Ethical-Hacking-Course-and-Practice-Exam Ethical-Hacking-and-CompTIA-PenTest-Exam-Prep-PT0-002- https://github.com/PacktPublishing/-Ethical-Hacking-and-CompTIA-PenTest-Exam-Prep-PT0-002- CompTIA PenTest+ Study Resources https://github.com/pentestplus CompTIA-Pentest-Ethical-Hacking-Course-and-Practice-Exam https://github.com/PacktPublishing/CompTIA-Pentest-Ethical-Hacking-Course-and-Practice-Exam/blob/master/CompTIA%20PenTest%2B%20Practice%20Exam.pdf entest_plus https://github.com/dustypioneer/pentest_plus pentest-plus-study-notes https://github.com/luca-regne/pentest-plus-study-notes CompTIA-Pentest-Ethical-Hacking-Course-and-Practice-Exam https://github.com/PacktPublishing/CompTIA-Pentest-Ethical-Hacking-Course-and-Practice-Exam?search=1 CompTIA PenTest+ Full Course - FREE [11 Hours] PT0-002 https://www.youtube.com/watch?v=WczBlBjoQeI Try Hack Me CompTIA Pentest+ https://tryhackme.com/path/outline/pentestplus CompTIA-Pentest-Ethical-Hacking-Course-and-Practice-Exam https://github.com/PacktPublishing/CompTIA-Pentest-Ethical-Hacking-Course-and-Practice-Exam/blob/master/CompTIA%20PenTest%2B%20Practice%20Exam.pdf CompTIA Pentest+ Practice Test https://www.youtube.com/watch?v=aFlQixAG1lQ CompTIA PenTest+ (PT0-002) Practice Certification Exams https://www.udemy.com/course/comptia-pentest-exams-002/ pentest_plus https://github.com/dustypioneer/pentest_plus Ethical-Hacking-and-CompTIA-PenTest-Exam-Prep-PT0-002 https://github.com/PacktPublishing/-Ethical-Hacking-and-CompTIA-PenTest-Exam-Prep-PT0-002- CompTIA PenTest+ Certification Exam Review https://kcco.io/comptia-pentest-certification-exam-review-1a0a02883650#:~:text=If%20you're%20looking%20at,found%20they%20are%20quite%20similar 7 Best CompTIA PenTest+ Certification Courses and Practice Tests in 2023 https://medium.com/javarevisited/7-best-comptia-pentest-certification-courses-and-practice-tests-46d827689cdc CompTIA PenTest+ Certification https://www.ucertify.com/certifications/CompTIA/PenTest-Plus.html CompTIA Pentest+: Your Go-To Exam Guide https://infosecwriteups.com/comptia-pentest-your-go-to-exam-guide-4565471d8494 Best CompTIA PenTest+ Certification Courses and Practice Tests in 2023 https://netcomlearning.medium.com/best-comptia-pentest-certification-courses-and-practice-tests-in-2023-25ac16cacce ###### tags: `CompTIA` `PenTest＋`