|
Domain |
Percentage of Examination |
|
1.0 Planning and Scoping |
15% |
|
2.0 Information Gathering and Vulnerability Identification |
22% |
|
3.0 Attacks and Exploits |
30% |
|
4.0 Penetration Testing Tools |
17% |
|
5.0 Reporting and Communication |
16% |
|
Total |
100% |
- Planning and Scoping
- Explain the importance of planning for an engagement.
- Explain key legal concepts.
- Explain the importance of scoping an engagement properly.
- Explain the key aspects of compliance-based assessments. 1.4
- Information Gathering and Vulnerability Identification
- Given a scenario, conduct information gathering using appropriate techniques.
- Given a scenario, perform a vulnerability scan.
- Given a scenario, analyze vulnerability scan results.
- Explain the process of leveraging information to prepare for exploitation.
- Explain weaknesses related to specialized systems.
- Attacks and Exploits
- Compare and contrast social engineering attacks.
- Given a scenario, exploit network-based vulnerabilities.
- Given a scenario, exploit wireless and RF-based vulnerabilities.
- Given a scenario, exploit application-based vulnerabilities.
- Given a scenario, exploit local host vulnerabilities.
- Summarize physical security attacks related to facilities.
- Given a scenario, perform post-exploitation techniques.
- Penetration Testing Tools
- Given a scenario, use Nmap to conduct information gathering exercises.
- Compare and contrast various use cases of tools.
- Given a scenario, analyze tool output or data related to a penetration test.
- Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell).
- Reporting and Communication
- Given a scenario, use report writing and handling best practices.
- Explain post-report delivery activities.
- Given a scenario, recommend mitigation strategies for discovered vulnerabilities.
- Explain the importance of communication during the penetration testing process.