--- # System prepended metadata title: CompTIA PenTest+ 考試準備心得 tags: [CompTIA] --- # CompTIA PenTest+ 考試準備心得 更新時間:2026/05/24 通過考試條件 --- - 考試科目/版本:PT0-003 - 考試費用: PT0-002考試已經漲價了本來是392美金 現在漲價到439美金(換算台幣大概是13,808.53),考試時間因應你是台灣人考英文版本他給你最多220分鐘,考試語系支援英文、法文、日文、葡萄牙文 - 題目最多90 - 題型:單選、多選、拖圖實作選擇 - 通過分數:750分,滿分900分 - 題語系:English, French, Japanese, and Portuguese - 考場:因為我在台北,前次考Security+是到恆逸的考試中心也是最方便的 通過考試之後 --- - CompTIA維持費用:一年50美金,繳三年總共150美金 維持費用可以參考 https://www.comptia.org/continuing-education/learn/ce-program-fees - 證照持續學分:證照到期前必須拿到60點Continuing Education Units (CEUs)登載並且被受理 證照持續學分可以參考 https://www.comptia.org/continuing-education/learn/earn-continuing-education-units ※ 這張證照有被列入數位發展部資通安全署資通安全專業證照清單 準備方向/攻略 --- 考試的比重供參考,主要就是5個領域 Engagement management (13%) Reconnaissance and enumeration (21%) Vulnerability discovery and analysis (17%) Attacks and exploits (35%) Post-exploitation and lateral movement (14%) **分類重點提示** **Engagement management** -- 在做滲透測之前必須要注意到,所有的作業前必須注意到當地的法規及國際相關的法規,特別是當接觸到的產業或資料有敏感資訊時,特別是個資相關法規、金融相關法規及資料 Personally Identifiable Information,PII Personal Health Information,PHI 老生常談的法規 支付卡產業資料安全標準 Payment Card Industry Data Security Standard (PCI DSS) 歐盟個資法 General Data Protection Regulation (GDPR) 美國金融服務業現代化法 Gramm-Leach-Bliley Act(GLBA) 美國沙賓法案 Sarbanes Oxley Act (SOX) 美國健康保險流通與責任法案 Health Insurance Portability and Accountability Act (HIPAA) 滲透測試作業中常見的一些要求 Request for Information(RFI) 需求資訊書 Request for Proposal(RFP) 需求建議書 Master Service Agteement(MSA) 主要服務協議 Service-Level Agreement(SLA) 服務水準協議 Non-Disclosure Agreement(NDA) 保密協議 Statement of Work(SOW) 工作說明書 Rule of Engagement(ROE) 交戰規則 Communication Plan 溝通計畫 常見的滲透測試策略大概有目標導向、合規導向、紅藍隊演練、黑箱、白箱、灰箱 應用程式測試常見亦有 靜態Static Application Security Testing,SAST 動態Dynamic Application Security Testing,DAST 滲透測試過程中應注意到的風險管理 Risk Acceptance 風險接受 Risk Reduction 風險降低 Risk Transfer 風險移轉 Risk Avoidance 風險避免 Risk Mointoring 風險監控 滲透測試常見的方法論/基準 MITRE ATT&CK Open Web Application Security Project (OWASP) National Institute of Standards and Technology (NIST) Open-source Security Testing Methodology Manual (OSSTMM) Penetration Testing Execution Standard (PTES) Information Systems Security Assessment Framework (ISSAF) 滲透測試應注意 法規、標的範圍、程序、環境(內網、外網、AP、雲端) Reconnaissance and enumeration -- Vulnerability discovery and analysis -- Attacks and exploits -- Post-exploitation and lateral movement -- 持續更新中.. 線上參考資源 --- CompTIA PenTest+ https://www.comptia.org/certifications/pentest CompTIA PenTest+滲透測試和漏洞管理國際認證班 https://www.uuu.com.tw/Course/Show/1826/CompTIA-PenTest-%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E5%92%8C%E6%BC%8F%E6%B4%9E%E7%AE%A1%E7%90%86%E5%9C%8B%E9%9A%9B%E8%AA%8D%E8%AD%89%E7%8F%AD CompTIA PenTest+ https://tryhackme.com/path/outline/pentestplus CompTIA Pentest+ (Ethical Hacking) Course & Practice Exam https://www.udemy.com/course/pentestplus/ Pass CompTIA Pentest+ : Tips & Tricks https://medium.com/@kaorrosi/pass-comptia-pentest-tips-tricks-2513c138b818 Preparing for the CompTIA PenTest+ certification https://jackbaylor.medium.com/preparing-for-the-comptia-pentest-certification-aa6626efb9f7 CompTIA-Pentest-Ethical-Hacking-Course-and-Practice-Exam https://github.com/PacktPublishing/CompTIA-Pentest-Ethical-Hacking-Course-and-Practice-Exam Ethical-Hacking-and-CompTIA-PenTest-Exam-Prep-PT0-002- https://github.com/PacktPublishing/-Ethical-Hacking-and-CompTIA-PenTest-Exam-Prep-PT0-002- CompTIA PenTest+ Study Resources https://github.com/pentestplus CompTIA-Pentest-Ethical-Hacking-Course-and-Practice-Exam https://github.com/PacktPublishing/CompTIA-Pentest-Ethical-Hacking-Course-and-Practice-Exam/blob/master/CompTIA%20PenTest%2B%20Practice%20Exam.pdf entest_plus https://github.com/dustypioneer/pentest_plus pentest-plus-study-notes https://github.com/luca-regne/pentest-plus-study-notes CompTIA-Pentest-Ethical-Hacking-Course-and-Practice-Exam https://github.com/PacktPublishing/CompTIA-Pentest-Ethical-Hacking-Course-and-Practice-Exam?search=1 CompTIA PenTest+ Full Course - FREE [11 Hours] PT0-002 https://www.youtube.com/watch?v=WczBlBjoQeI Try Hack Me CompTIA Pentest+ https://tryhackme.com/path/outline/pentestplus CompTIA-Pentest-Ethical-Hacking-Course-and-Practice-Exam https://github.com/PacktPublishing/CompTIA-Pentest-Ethical-Hacking-Course-and-Practice-Exam/blob/master/CompTIA%20PenTest%2B%20Practice%20Exam.pdf CompTIA Pentest+ Practice Test https://www.youtube.com/watch?v=aFlQixAG1lQ CompTIA PenTest+ (PT0-002) Practice Certification Exams https://www.udemy.com/course/comptia-pentest-exams-002/ pentest_plus https://github.com/dustypioneer/pentest_plus Ethical-Hacking-and-CompTIA-PenTest-Exam-Prep-PT0-002 https://github.com/PacktPublishing/-Ethical-Hacking-and-CompTIA-PenTest-Exam-Prep-PT0-002- CompTIA PenTest+ Certification Exam Review https://kcco.io/comptia-pentest-certification-exam-review-1a0a02883650#:~:text=If%20you're%20looking%20at,found%20they%20are%20quite%20similar 7 Best CompTIA PenTest+ Certification Courses and Practice Tests in 2023 https://medium.com/javarevisited/7-best-comptia-pentest-certification-courses-and-practice-tests-46d827689cdc CompTIA PenTest+ Certification https://www.ucertify.com/certifications/CompTIA/PenTest-Plus.html CompTIA Pentest+: Your Go-To Exam Guide https://infosecwriteups.com/comptia-pentest-your-go-to-exam-guide-4565471d8494 Best CompTIA PenTest+ Certification Courses and Practice Tests in 2023 https://netcomlearning.medium.com/best-comptia-pentest-certification-courses-and-practice-tests-in-2023-25ac16cacce ###### tags: `CompTIA` `PenTest+`