1.0 Planning and Scoping
2.0 Information Gathering and Vulnerability Scanning
3.0 Attacks and Exploits
4.0 Reporting and Communication
5.0 Tools and Code Analysis


UpComing Classes

Full Course

CompTIA PenTest+ Certification Exam Objectives

About the Exam

Candidates are encouraged to use this document to help prepare for the CompTIA PenTest+ (PT0-002) certification exam. The CompTIA PenTest+ certification exam will verify the successful candidate has the knowledge and skills required to:
•    Plan and scope a penetration testing engagement
•    Understand legal and compliance requirements
•    Perform vulnerability scanning and penetration testing using appropriate tools and techniques, and then analyze the results
•    Produce a written report containing proposed remediation techniques, effectively communicate results to the management team, and provide practical recommendations
This is equivalent to three to four years of hands-on experience working in a security consultant or penetration tester job role.
These content examples are meant to clarify the test objectives and should not be construed as a comprehensive listing of all the content of this examination.
The CompTIA PenTest+ (PT0-002) exam is accredited by ANSI to show compliance with the ISO 17024 standard and, as such, undergoes regular reviews and updates to the exam objectives.
CompTIA exams result from subject-matter expert workshops and industry-wide survey results regarding the skills and knowledge required of an IT professional.
CompTIA Certifications, LLC is not affiliated with and does not authorize, endorse, or condone utilizing any content provided by unauthorized third-party training sites (aka “brain dumps”). Individuals who utilize such materials in preparation for any CompTIA examination will have their certifications revoked and be suspended from future testing in accordance with the CompTIA Candidate Agreement. In an effort to more clearly communicate CompTIA’s exam policies on use of unauthorized study materials, CompTIA directs
all certification candidates to the CompTIA Certification Exam Policies. Please review all CompTIA policies before beginning the study process for any CompTIA exam. Candidates will be required to abide by the CompTIA Candidate Agreement. If a candidate has a question as to whether study materials are considered unauthorized (aka “brain dumps”), he/she should contact CompTIA at to confirm.
The lists of examples provided in bulleted format are not exhaustive lists. Other examples of technologies, processes, or tasks pertaining to each objective may also be included on the exam although not listed or covered in this objectives document. CompTIA is constantly reviewing the content of our exams and updating test questions to be sure our exams are current, and the security of the questions is protected. When necessary, we will publish updated exams based on existing exam objectives. Please know that all related exam preparation materials will still be valid.

Required exam    PT0-002 Number of questions    Maximum of 85
Types of questions    Multiple-choice and performance-based Length of test    165 minutes
Recommended experience 3–4 years of hands-on experience performing
penetration tests, vulnerability assessments, and code analysis
Passing score    750 (on a scale of 100-900)

The table below lists the domains measured by this examination and the extent to which they are represented.

1.0 Planning and Scoping    14%
2.0 Information Gathering and Vulnerability Scanning    22%
3.0 Attacks and Exploits    30%
4.0 Reporting and Communication    18%
5.0 Tools and Code Analysis    16%
Total    100%

Compare and contrast governance, risk, and compliance concepts.

•    Regulatory compliance considerations
-    Payment Card Industry Data Security Standard (PCI DSS)
-    General Data Protection Regulation (GDPR)
•    Location restrictions
-    Country limitations
-    Tool restrictions
-    Local laws
-    Local government requirements
- Privacy requirements
•    Legal concepts
-    Service-level agreement (SLA)
-    Confidentiality
-    Statement of work
-    Non-disclosure agreement (NDA)
-    Master service agreement
•    Permission to attack


Explain the importance of scoping and organizational/customer requirements.

•    Standards and methodologies
-    Open Web Application Security Project (OWASP)
-    National Institute of Standards and Technology (NIST)
-    Open-source Security Testing Methodology Manual (OSSTMM)
-    Penetration Testing Execution Standard (PTES)
-    Information Systems Security Assessment Framework (ISSAF)
•    Rules of engagement
-    Time of day
-    Types of allowed/disallowed tests
-    Other restrictions
•    Environmental considerations
-    Network
-    Application
-    Cloud
•    Target list/in-scope assets
-    Wireless networks
-    Internet Protocol (IP) ranges
-    Domains
-    Application programming interfaces (APIs)
-    Physical locations
-    Domain name system (DNS)
-    External vs. internal targets
-    First-party vs. third-party hosted
•    Validate scope of engagement
-    Question the client/review contracts
-    Time management
-    Strategy
-    Unknown-environment vs. known-environment testing


Given a scenario, demonstrate an ethical hacking mindset by maintaining professionalism and integrity.

•    Background checks of penetration testing team
•    Adhere to specific scope of engagement
•    Identify criminal activity
•    Immediately report breaches/ criminal activity
•    Limit the use of tools to a particular engagement
•    Limit invasiveness based on scope
•    Maintain confidentiality of data/information
•    Risks to the professional
-    Fees/fines
-    Criminal charges

2.0 Information Gathering
and Vulnerability Scanning

Given a scenario, perform passive reconnaissance.

•    DNS lookups
•    Identify technical contacts
•    Administrator contacts
•    Cloud vs. self-hosted
•    Social media scraping
-    Key contacts/job responsibilities
-    Job listing/technology stack
•    Cryptographic flaws
-    Secure Sockets Layer (SSL) certificates
-    Revocation
•    Company reputation/security posture
•    Data
-    Password dumps
-    File metadata
-    Strategic search engine analysis/enumeration
-    Website archive/caching
-    Public source-code repositories
•    Open-source intelligence (OSINT)
-    Tools
-    Shodan
-    Recon-ng
-    Sources
-    Common weakness enumeration (CWE)
-    Common vulnerabilities and exposures (CVE)


Given a scenario, perform active reconnaissance.

•    Enumeration
-    Hosts
-    Services
-    Domains
-    Users
-    Uniform resource locators (URLs)
•    Website reconnaissance
-    Crawling websites
-    Scraping websites
-    Manual inspection of web links
- robots.txt
•    Packet crafting
-    Scapy
•    Defense detection
-    Load balancer detection
-    Web application firewall (WAF) detection
-    Antivirus
-    Firewall
•    Tokens
-    Scoping
-    Issuing
-    Revocation
•    Wardriving
•    Network traffic
-    Capture API requests and responses
-    Sniffing
•    Cloud asset discovery
•    Third-party hosted services
•    Detection avoidance
2.0 Information Gathering and Vulnerability Scanning     

Given a scenario, analyze the results of a reconnaissance exercise.

•    Fingerprinting
-    Operating systems (OSs)
-    Networks
-    Network devices
-    Software
•    Analyze output from:
-    DNS lookups
-    Crawling websites
-    Network traffic
-    Address Resolution Protocol (ARP) traffic
-    Nmap scans
-    Web logs


Given a scenario, perform vulnerability scanning.

•    Considerations of vulnerability scanning
-    Time to run scans
-    Protocols
-    Network topology
-    Bandwidth limitations
-    Query throttling
-    Fragile systems
-    Non-traditional assets
•    Scan identified targets for vulnerabilities
•    Set scan settings to avoid detection
•    Scanning methods
-    Stealth scan
-    Transmission Control Protocol (TCP) connect scan
-    Credentialed vs. non-credentialed
•    Nmap
-    Nmap Scripting Engine (NSE) scripts
-    Common options
-T 1-5
•    Vulnerability testing tools that facilitate automation

3.0    Attacks and Exploits

Given a scenario, research attack vectors and perform network attacks.

•    Stress testing for availability
•    Exploit resources
-    Exploit database (DB)
-    Packet storm
•    Attacks
-    ARP poisoning
-    Exploit chaining
-    Password attacks
-    Password spraying
-    Hash cracking
-    Brute force
-    Dictionary
-    On-path (previously known as man-in-the-middle)
-    Kerberoasting
-    DNS cache poisoning
-    Virtual local area network (VLAN) hopping
-    Network access control (NAC) bypass
-    Media access control (MAC) spoofing
-    Link-Local Multicast Name Resolution (LLMNR)/NetBIOS- Name Service (NBT-NS) poisoning
-    New Technology LAN Manager (NTLM) relay attacks
•    Tools
-    Metasploit
-    Netcat
-    Nmap


Given a scenario, research attack vectors and perform wireless attacks.

•    Attack methods
-    Eavesdropping
-    Data modification
-    Data corruption
-    Relay attacks
-    Spoofing
-    Deauthentication
-    Jamming
-    Capture handshakes
-    On-path
•    Attacks
-    Evil twin
-    Captive portal
-    Bluejacking
-    Bluesnarfing
-    Radio-frequency identification (RFID) cloning
-    Bluetooth Low Energy (BLE) attack
-    Amplification attacks [Near- field communication (NFC)]
-    WiFi protected setup (WPS) PIN attack
•    Tools
-    Aircrack-ng suite
-    Amplified antenna
3.0 Attacks and Exploits

Given a scenario, research attack vectors and perform application-based attacks.

•    OWASP Top 10
•    Server-side request forgery
•    Business logic flaws
•    Injection attacks
-    Structured Query Language (SQL) injection
-    Blind SQL
-    Boolean SQL
-    Stacked queries
-    Command injection
-    Cross-site scripting
-    Persistent
-    Reflected
-    Lightweight Directory Access Protocol (LDAP) injection
•    Application vulnerabilities
-    Race conditions
-    Lack of error handling
-    Lack of code signing
-    Insecure data transmission
-    Session attacks
-    Session hijacking
-    Cross-site request forgery (CSRF)
-    Privilege escalation
-    Session replay
-    Session fixation
•    API attacks
-    Restful
-    Extensible Markup Language- Remote Procedure Call (XML-RPC)
-    Soap
•    Directory traversal
•    Tools
-    Web proxies
-    OWASP Zed Attack Proxy (ZAP)
-    Burp Suite community edition
-    SQLmap
-    DirBuster
•    Resources
-    Word lists


Given a scenario, research attack vectors and perform attacks on cloud technologies.

•    Attacks
-    Credential harvesting
-    Privilege escalation
-    Account takeover
-    Metadata service attack
-    Misconfigured cloud assets
-    Identity and access management (IAM)
-    Federation misconfigurations
-    Object storage
-    Containerization technologies
-    Resource exhaustion
-    Cloud malware injection attacks
-    Denial-of-service attacks
-    Side-channel attacks
-    Direct-to-origin attacks
•    Tools
- Software development kit (SDK)
3.0 Attacks and Exploits

Explain common attacks and vulnerabilities against specialized systems.

•    Mobile
-    Attacks
-    Reverse engineering
-    Sandbox analysis
-    Spamming
-    Vulnerabilities
-    Insecure storage
-    Passcode vulnerabilities
-    Certificate pinning
-    Using known vulnerable components
(i)    Dependency vulnerabilities
(ii)    Patching fragmentation
-    Execution of activities using root
-    Over-reach of permissions
-    Biometrics integrations
-    Business logic vulnerabilities
-    Tools
-    Burp Suite
-    Drozer
-    Mobile Security Framework (MobSF)
-    Postman
-    Ettercap
-    Frida
-    Objection
-    Android SDK tools
-    ApkX
-    APK Studio
•    Internet of Things (IoT) devices
-    BLE attacks
-    Special considerations
-    Fragile environment
-    Availability concerns
-    Data corruption
-    Data exfiltration
-    Vulnerabilities
-    Insecure defaults
-    Cleartext communication
-    Hard-coded configurations
-    Outdated firmware/hardware
-    Data leakage
-    Use of insecure or outdated components
•    Data storage system vulnerabilities
-    Misconfigurations—on-premises and cloud-based
-    Default/blank username/password
- Network exposure
-    Lack of user input sanitization
-    Underlying software vulnerabilities
-    Error messages and debug handling
-    Injection vulnerabilities
- Single quote method
•    Management interface vulnerabilities
-    Intelligent platform management interface (IPMI)
•    Vulnerabilities related to supervisory control and data acquisition (SCADA)/ Industrial Internet of Things (IIoT)/ industrial control system (ICS)
•    Vulnerabilities related to virtual environments
-    Virtual machine (VM) escape
-    Hypervisor vulnerabilities
-    VM repository vulnerabilities
•    Vulnerabilities related to containerized workloads


Given a scenario, perform a social engineering or physical attack.

•    Pretext for an approach
•    Social engineering attacks
-    Email phishing
-    Whaling
-    Spear phishing
-    Vishing
-    Short message service (SMS) phishing
-    Universal Serial Bus (USB) drop key
-    Watering hole attack
•    Physical attacks
-    Tailgating
-    Dumpster diving
-    Shoulder surfing
-    Badge cloning
•    Impersonation
•    Tools
-    Browser exploitation framework (BeEF)
-    Social engineering toolkit
-    Call spoofing tools
•    Methods of influence
-    Authority
-    Scarcity
-    Social proof
-    Urgency
-    Likeness
-    Fear
3.0 Attacks and Exploits

Given a scenario, perform post-exploitation techniques.

•    Post-exploitation tools
-    Empire
-    Mimikatz
-    BloodHound
•    Lateral movement
-    Pass the hash
•    Network segmentation testing
•    Privilege escalation
-    Horizontal
-    Vertical
•    Upgrading a restrictive shell
•    Creating a foothold/persistence
-    Trojan
-    Backdoor
-    Bind shell
-    Reverse shell
-    Daemons
-    Scheduled tasks
•    Detection avoidance
-    Living-off-the-land techniques/fileless malware
-    PsExec
-    Windows Management Instrumentation (WMI)
-    PowerShell (PS) remoting/Windows Remote Management (WinRM)
-    Data exfiltration
-    Covering your tracks
-    Steganography
-    Establishing a covert channel
•    Enumeration
-    Users
-    Groups
-    Forests
-    Sensitive data
-    Unencrypted files

4.0 Reporting and Communication
Compare and contrast important components of written reports.

•    Report audience
-    C-suite
-    Third-party stakeholders
-    Technical staff
-    Developers
•    Report contents (** not in a particular order)
-    Executive summary
-    Scope details
-    Methodology
-    Attack narrative
-    Findings
-    Risk rating (reference framework)
-    Risk prioritization
-    Business impact analysis
-    Metrics and measures
-    Remediation
-    Conclusion
-    Appendix
•    Storage time for report
•    Secure distribution
•    Note taking
-    Ongoing documentation during test
-    Screenshots
•    Common themes/root causes
-    Vulnerabilities
-    Observations
-    Lack of best practices


Given a scenario, analyze the findings and recommend the appropriate remediation within a report.

•    Technical controls
-    System hardening
-    Sanitize user input/ parameterize queries
-    Implemented multifactor authentication
-    Encrypt passwords
-    Process-level remediation
-    Patch management
-    Key rotation
-    Certificate management
-    Secrets management solution
-    Network segmentation
•    Administrative controls
-    Role-based access control
-    Secure software development life cycle
-    Minimum password requirements
-    Policies and procedures
•    Operational controls
-    Job rotation
-    Time-of-day restrictions
-    Mandatory vacations
-    User training
•    Physical controls
-    Access control vestibule
-    Biometric controls
-    Video surveillance
4.0 Reporting and Communication

Explain the importance of communication during the penetration testing process.

•    Communication path
-    Primary contact
-    Technical contact
-    Emergency contact
•    Communication triggers
-    Critical findings
-    Status reports
-    Indicators of prior compromise
•    Reasons for communication
-    Situational awareness
-    De-escalation
-    Deconfliction
-    Identifying false positives
-    Criminal activity
•    Goal reprioritization
•    Presentation of findings


Explain post-report delivery activities.

•    Post-engagement cleanup
-    Removing shells
-    Removing tester-created credentials
-    Removing tools
•    Client acceptance
•    Lessons learned
•    Follow-up actions/retest
•    Attestation of findings
•    Data destruction process

5.0 Tools and Code Analysis
Explain the basic concepts of scripting and software development.

•    Logic constructs
-    Loops
-    Conditionals
-    Boolean operator
-    String operator
-    Arithmetic operator
•    Data structures
-    JavaScript Object Notation (JSON)
-    Key value
-    Arrays
-    Dictionaries
-    Comma-separated values (CSV)
-    Lists
-    Trees
•    Libraries
•    Classes
•    Procedures
•    Functions


Given a scenario, analyze a script or code sample for use in a penetration test.

•    Shells
-    Bash
-    PS
•    Programming languages
-    Python
-    Ruby
-    Perl
-    JavaScript
•    Analyze exploit code to:
-    Download files
-    Launch remote access
-    Enumerate users
-    Enumerate assets
•    Opportunities for automation
-    Automate penetration testing process
-    Perform port scan and then automate next
steps based on results
-    Check configurations and produce a report
-    Scripting to modify IP addresses during a test
-    Nmap scripting to enumerate ciphers and produce reports

Explain use cases of the following tools during the phases of a penetration test.
(**The intent of this objective is NOT to test specific vendor feature sets.)
5.0 Tools and Code Analysis

•    Scanners
-    Nikto
-    Open vulnerability assessment scanner (Open VAS)
-    SQLmap
-    Nessus
-    Open Security Content Automation Protocol (SCAP)
-    Wapiti
-    WPScan
-    Brakeman
-    Scout Suite
•    Credential testing tools
-    Hashcat
-    Medusa
-    Hydra
-    CeWL
-    John the Ripper
-    Cain
-    Mimikatz
-    Patator
-    DirBuster
-    w3af
•    Debuggers
-    OllyDbg
-    Immunity Debugger
-    GNU Debugger (GDB)
-    WinDbg
-    Interactive Disassembler (IDA)
-    Covenant
-    SearchSploit
•    OSINT
-    WHOIS
-    Nslookup
-    Fingerprinting Organization with Collected Archives (FOCA)
-    theHarvester
-    Shodan
-    Maltego
-    Recon-ng
-    Censys
•    Wireless
-    Aircrack-ng suite
-    Kismet
-    Wifite2
-    Rogue access point
-    EAPHammer
-    mdk4
-    Spooftooph
-    Reaver
-    Wireless Geographic Logging Engine (WiGLE)
-    Fern
•    Web application tools
-    Burp Suite
-    Gobuster
•    Social engineering tools
-    Social Engineering Toolkit (SET)
-    BeEF
•    Remote access tools
-    Secure Shell (SSH)
-    Ncat
-    Netcat
-    ProxyChains
•    Networking tools
-    Wireshark
-    Hping
•    Misc.
-    SearchSploit
-    Responder
-    Impacket tools
-    Empire
-    Metasploit
-    mitm6
-    CrackMapExec
-    TruffleHog
-    Censys
•    Steganography tools
-    Openstego
-    Steghide
-    Snow
-    Coagula
-    Sonic Visualiser
-    TinEye
•    Cloud tools
-    Scout Suite
-    CloudBrute
-    Pacu
-    Cloud Custodian

PenTest+ (PT0-002) Acronym List

The following is a list of acronyms that appear on the CompTIA PenTest+ exam. Candidates are encouraged to review the complete list and attain a working knowledge of all listed acronyms as part of a comprehensive exam preparation program.

AAA    Authentication, Authorization and Accounting    IaaS    Infrastructure as a Service
ACL    Access Control List    IAM    Identity and Access Management
AES    Advanced Encryption Standard    ICMP    Internet Control Message Protocol
AP    Access Point    ICS    Industrial Control System
API    Application Programming Interface    IDA    Interactive Disassembler
APT    Advanced Persistent Threat    IDS    Intrusion Detection System
ARP    Address Resolution Protocol    IIoT    Industrial Internet of Things
AS2    Applicability Statement 2    IMEIs    International Mobile Equipment Identity
BeEF    Browser Exploitation Framework    IoT    Internet of Things
BLE    Bluetooth Low Energy    IP    Internet Protocol
BSSID    Basic Service Set Identifiers    IPMI    Intelligent Platform Management Interface
CA    Certificate Authority    IPS    Intrusion Prevention System
CAPEC    Common Attack Pattern    ISO    International Organization for Standardization
    Enumeration and Classification    ISP    Internet Service Provider
CLI    Command-Line Interface    ISSAF    Information Systems Security
CSRF    Cross-Site Request Forgery        Assessment Framework
CSV    Comma-Separated Values    JSON    JavaScript Object Notation
CVE    Common Vulnerabilities and Exposures    LAN    Local Area Network
CVSS    Common Vulnerability Scoring Systems    LDAP    Lightweight Directory Access Protocol
CWE    Common Weakness Enumeration    LLMNR    Link-Local Multicast Name Resolution
DB    Database    LSASS    Local Security Authority Subsystem Service
DDoS    Distributed Denial-of-Service    MAC    Media Access Control
DHCP    Dynamic Host Configuration Protocol    MDM    Mobile Device Management
DLL    Dynamic Link Library    MobSF    Mobile Security Framework
DLP    Data Loss Prevention    MOU    Memorandum of Understanding
DNS    Domain Name System    MSA    Master Service Agreement
DNSSEC    Domain Name System Security Extensions    MX    Mail Exchange
EAP    Extensible Authentication Protocol    NAC    Network Access Control
FOCA    Fingerprinting Organization with    NBT-NS    NetBIOS Name Service
    Collected Archives    NDA    Non-disclosure Agreement
FTP    File Transfer Protocol    NFC    Near-Field Communication
FTPS    File Transfer Protocol Secure    NIST    National Institute of Standards and Technology
GDB    GNU Debugger    NIST SP    National Institute of Standards
GDPR    General Data Protection Regulation        and Technology Special Publication
GPU    Graphics Processing Unit    NS    Name Server
HTTP    Hypertext Transfer Protocol    NSE    Nmap Scripting Engine
HTTPS    Hypertext Transfer Protocol Secure    NTLM    New Technology LAN Manager
NTP    Network Time Protocol    URL    Uniform Resource Locator
OS    Operating System    URI    Uniform Resource Identifier
OSINT    Open-source Intelligence    USB    Universal Serial Bus
OSSTMM    Open-source Security Testing    UTF    Unicode Transformation Format
    Methodology Manual    VAS    Vulnerability Assessment Scanner
OWASP    Open Web Application Security Project    VLAN    Virtual Local Area Network
PBKDF2    Password-Based Key Deviation Function 2    VM    Virtual Machine
PCI DSS    Payment Card Industry Data Security Standard    VoIP    Voice over Internet Protocol
PHP    PHP: Hypertext Preprocessor    VPN    Virtual Private Network
PII    Personal Identifiable Information    VPS    Virtual Private Server
PKI    Public Key Infrastructure    WAF    Web Application Firewall
PLC    Programmable Logic Controller    WEP    Wired Equivalent Privacy
PS    PowerShell    WiGLE    Wireless Geographic Logging Engine
PSK    Pre-Shared Key    WinRM    Windows Remote Management
PTES    Penetration Testing Execution Standard    WMI    Windows Management Instrumentation
RAT    Remote Access Trojan    WPA    Wi-Fi Protected Access
RDP    Remote Desktop Protocol    WPS    Wi-Fi Protected Setup
RF    Radio Frequency    XML-RPC    Extensible Markup Language-Remote
RFC    Request for Comment        Procedure Call
RFID    Radio-Frequency Identification    XSS    Cross-Site Scripting
ROE    Rules of Engagement    ZAP    Zed Attack Proxy
SCADA    Supervisory Control and Data Acquisition        
SCAP    Security Content Automation Protocol        
SDK    Software Development Kit        
SDLC    Software Development Life Cycle        
SDR    Software-defined Radio        
SET    Social Engineering Toolkit        
SGID    Set Group ID        
SIEM    Security Information and Event Management        
SIP    Session Initiation Protocol        
SLA    Service-level Agreement        
SMB    Server Message Block        
S/MIME    Secure/Multipurpose Internet Mail Extensions        
SMS    Short Message Service        
SMTP    Simple Mail Transfer Protocol        
SNMP    Simple Network Management Protocol        
SOC    Security Operations Center        
SOW    Statement of Work        
SQL    Structured Query Language        
SSD    Solid-State Drive        
SSH    Secure Shell        
SSHD    Solid-State Hybrid Drive        
SSID    Service Set Identifier        
SSL    Secure Sockets Layer        
SSO    Single Sign-On        
SUID    Set User ID        
TCP    Transmission Control Protocol        
TKIP    Temporal Key Integrity Protocol        
TLS    Transport Layer Security        
TTL    Time to Live        
TTPs    Tactics, Techniques and Procedures        
UDP    User Datagram Protocol        

PenTest+ Proposed Hardware and Software List

CompTIA has included this sample list of hardware and software to assist candidates as they prepare for the PenTest+ exam. This list may also be helpful for training companies that wish to create a lab component to their training offering. The bulleted lists below each topic are sample lists and are not exhaustive.

•    Laptops
•    Wireless access points
•    Servers
•    Graphics processing units (GPUs)
•    Switches
•    Cabling
•    Monitors
•    Firewalls
•    HID/door access controls
•    Wireless adapters capable of packet injection
•    Directional antenna
•    Mobile device
•    IoT equipment (cameras, Raspberry Pi, smart TV, etc.)
•    Bluetooth adapter
•    Access to cloud environment
-    Command-line interface (CLI) access
-    Management console access
-    Instances of cloud services
•    Multifunction printers (wired/ wireless enabled)
•    Domain joined printer
•    RFID readers
•    Biometric device
•    Programmable logic controller
-    Software-defined radio (SDR) kit
•    USB flash drives
-    Weaponized USB drive
•    Cables
•    Keyboards
•    Mouse
•    Power supplies
•    Dongles/adapters

•    HDMI cables
•    Spare hard drives
•    Spare monitors

•    Lock pick kit
•    Badge cloner
•    Fingerprint lifter
•    Nail polish (to mask fingerprints)

•    OS licensing
•    Open-source OS
•    Penetration testing frameworks
•    VM software
•    Scanning tools
•    Credential testing tools
-    Spraying tools
-    Password crackers
•    Debuggers
•    Fuzzing tools
•    Software assurance tools
•    Wireless testing tools
•    Web proxying tools
•    Social engineering tools
•    Remote access tools
•    Network tools
•    Mobility testing tools
•    Security information and event management (SIEM)/intrusion detection system (IDS)/intrusion prevention system (IPS)
•    Command and control tools
•    Detection and avoidance tools

© 2020 CompTIA, Inc., used under license by CompTIA, Inc. All rights reserved. All certification programs and education related to such programs are operated exclusively by CompTIA, Inc. CompTIA is a registered trademark of CompTIA, Inc. in the U.S. and internationally. Other brands and company names mentioned herein may be trademarks or service marks of CompTIA, Inc. or of their respective owners. Reproduction or dissemination prohibited without the written consent of CompTIA, Inc. Printed in the U.S. 08301-Nov2020


Back to top