CompTIA PenTest+: Scoping & Engagement

CompTIA    |    Intermediate
  • 15 videos | 1h 23m 44s
  • Includes Assessment
  • Earns a Badge
Rating 4.3 of 69 users Rating 4.3 of 69 users (69)
Penetration testing is a coordinated and simulated cyberattack used to evaluate the security of a computer system or computer network. The initial and critical planning phase of penetration testing is key to a successful engagement process. In this course, you'll explore the fundamentals of penetration testing, including a comparison of governance, risk, and compliance concepts. You'll examine legal concepts such as service level agreements, statements of work, non-disclosure agreements, and master service agreements. You'll learn the importance of scoping and organizational and customer requirements, including common standards and methodologies, rules of engagement, environmental considerations, target list definition, and scope of the engagement validation. This course is one of a collection that helps prepare learners for the CompTIA PenTest+ (PT0-002) certification exam.

WHAT YOU WILL LEARN

  • Discover the key concepts covered in this course
    Recognize compliance considerations such as payment card industry data security standard (pci dss) and general data protection regulation (gdpr)
    List geographical location restrictions such as country limitations, tool restrictions, local laws, and local government requirements
    Describe when to use service level agreements (slas)
    Recognize the importance of protecting confidentiality during penetration testing exercises
    Recognize what details should be included in a penetration testing statement of work
    Recognize key components of a non-disclosure agreement
    List the benefits of defining a master server agreement prior to penetration testing
  • Describe how to use approval forms to document the permission to attack
    Recognize common standards and methodologies including mitre att&ck, open web application security project (owasp), and the national institute of standards and technology (nist)
    Recognize how clearly defined rules of engagement can help document the expectations of penetration testing
    Recognize environmental considerations such as network, application, and cloud
    Recognize how to define target lists such as wireless networks, domain, and physical locations
    Recognize how to validate the scope of engagement using strategies such as time management and client contract review
    Summarize the key concepts covered in this course

IN THIS COURSE

  • 1m 24s
    In this video, you’ll learn more about your instructor and this course. In this course, you’ll learn the fundamentals of penetration, including how to compare and contrast governance, risk, and compliance concepts that include regulatory compliance considerations. You’ll explore legal concepts such as service-level agreements, statement of work, non-disclosure agreements, and master service agreements. You’ll also learn the importance of scoping and organizational customer requirements. FREE ACCESS
  • 8m 32s
    In this video, you’ll get an overview of compliance considerations, including Payment Card Industry Data Security Standard, or PCI DSS, and the General Data Protection Regulation, or GDPR. In general, penetration testing for compliance is a special case of penetration test in that the additional requirements must be met. Regulatory requirements, which are government laws passed to protect data and protect users are what drive most compliance considerations. Compliance requirements vary by area. FREE ACCESS
  • Locked
    3.  Geographical Location Restrictions
    7m 59s
    In this video, you’ll learn about geographical location restrictions, such as country limitations, tool restrictions, local laws, and local government requirements. You’ll see that the requirements about how you carry out pentesting must be checked based on the country you're in. This can affect the tools you use as a pentester. Government regulations and restrictions based on acts of government apply in the jurisdictions they're operating in. FREE ACCESS
  • Locked
    4.  Service Level Agreements
    7m 57s
    In this video, you’ll learn when to use the service level agreement, or SLA. You’ll see how it compares to other agreements you'll need when pentesting. You’ll also learn the important points to include in an SLA. You’ll learn a service level agreement describes service commitment and expectations. These expectations are what will and can be done, what cannot be done, and who’s responsible for these things. Governance and compliance basics must also be included. FREE ACCESS
  • Locked
    5.  Confidentiality Protection
    4m 46s
    In this video, you’ll learn the importance of protecting confidentiality during pentesting exercises. The general approach to protecting confidentiality includes providing an efficient and effective pentesting platform, communicating compliance needs to managers and system administrators, eliminating unnecessary tools and libraries that could introduce vulnerabilities, and monitoring and reporting on concerns found or raised during pentesting. One of the models used is the CIA triad model. FREE ACCESS
  • Locked
    6.  Penetration Testing Statement of Work
    5m 30s
    In this video, you’ll learn the details you need to include in a penetration test statement of work. A statement of work, or SOW, is one of the key documents describing project elements to be agreed upon before pentesting starts. Key items in a statement of work are the scope of work in detail and what the penetration tests cover. It also includes the price and payment schedule for the project and milestone payment amounts. FREE ACCESS
  • Locked
    7.  Defining Non-disclosure Agreements
    5m 8s
    In this video, you’ll learn the key components of a non-disclosure agreement for pentesting. In general terms, a non-disclosure agreement, or NDA is the legal document used to enforce a confidential relationship between parties. It says the parties of the agreement may be privy to confidential or private information and that the information can’t be disclosed or shared outside of the agreement. The purpose of that confidential information is disclosed during the course of pentesting. FREE ACCESS
  • Locked
    8.  Working with Master Service Agreements
    5m 1s
    In this video, you’ll learn the important details and benefits of a master services agreement, or MSA. These must be signed prior to penetration testing. An MSA is a governing agreement between the pentester and client. It governs the relationship, not the service or the work performed. It provides general terms for ongoing projects. The MSA focuses on the open-ended and generic terms of the agreement between pentester and client, not on specific project terms. FREE ACCESS
  • Locked
    9.  Obtaining Permission to Attack
    5m 48s
    In this video, you’ll learn how to obtain permission to attack before pentesting. Authorization to attack can only come from written permission to carry out pentesting. It cannot be substituted by an oral agreement or a handshake. If there's no written permission, then you cannot carry out pentesting. Written authorization must come from a signing authority, typically a director or executive. If third parties are involved, you’ll also need third-party authorization. FREE ACCESS
  • Locked
    10.  Standards and Methodologies
    5m 24s
    In this video, you’ll learn about common standards and methodologies, including the Mitre attack framework, the Open Web Application Security Project or OWASP, and the National Institute of Standards and Technology, NIST. In pentesting, best practices include applying common standards and methodology. You'll also need to include standards or guidelines in your documentation to cite the approaches, guidelines, or methodologies you use. FREE ACCESS
  • Locked
    11.  Rules of Engagement
    6m 14s
    In this video, you’ll learn how clearly defined rules of engagement help with the expectations and safety of penetration testing. The rules of engagement broadly cover several high-level aspects. These are considered on a test-by-test basis. Individual tests, categories of tests, or phases of testing may have different rules of engagement. Some tests must be coordinated so they're given advanced warning and others need to test responses for when the test comes unexpectedly. FREE ACCESS
  • Locked
    12.  Environmental Considerations
    4m 42s
    In this video, you’ll learn the important environmental considerations for pentesting. Environmental considerations are about looking at the operating elements, the tools, the places, and the people working together. As pentesters, you’re often focused more on technology-related factors. While you unconsciously factor in elements such as network, application, and cloud into your scope, it’s important to look at the wider environment. This includes the computing environment. FREE ACCESS
  • Locked
    13.  Defining Target Lists
    5m 53s
    In this video, you’ll learn about target lists such as wireless networks, domain, and physical locations. Finding target lists is part of the information gathering and vulnerability identification phase of pentesting. This is done once the scope and authorization have been completed. Carrying out reconnaissance in this phase is about identifying specific tests based on the environment and environments you're operating in. Vulnerabilities discovered inform the response needed to meet compliance and strengthen security. FREE ACCESS
  • Locked
    14.  Validating Scope of Engagement
    8m 19s
    In this video, you’ll learn the important details regarding the scope of engagement using strategies such as time management, reviewing client contracts, and goal reprioritization. When validating the scope of an engagement, it’s important to understand the client’s organization and their needs, whether it’s increased security, compliance-based testing, or a regulatory requirement. You need to gather requirements, know the organization's policies, needs, and goals, and determine the scope. FREE ACCESS
  • Locked
    15.  Course Summary
    1m 8s
    In this video, you’ll summarize what you’ve learned in this course. You’ve learned how to understand the steps, documents, discussions, and resources involved in successfully scoping and engagement. You explored regulatory compliance considerations and geographical location restrictions. You learned about service level agreements, the importance of protecting confidentiality, and the details included in a penetration testing SOW. You also explored NDA details and the benefits of master service agreements. FREE ACCESS

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.

YOU MIGHT ALSO LIKE

Rating 4.6 of 65 users Rating 4.6 of 65 users (65)
Rating 4.6 of 38 users Rating 4.6 of 38 users (38)
Rating 4.8 of 66 users Rating 4.8 of 66 users (66)

PEOPLE WHO VIEWED THIS ALSO VIEWED THESE

Rating 4.3 of 18 users Rating 4.3 of 18 users (18)
Rating 4.8 of 52 users Rating 4.8 of 52 users (52)
Rating 4.5 of 1054 users Rating 4.5 of 1054 users (1054)