Final Exam: Penetration Tester will test your knowledge and application of the topics presented throughout the Penetration Tester track of the Skillsoft Aspire Penetration Tester to SecOps Engineer Journey.
capture and analyze network traffic using Wireshark
compare vulnerability to penetration testing and describe the function of each
describe active information gathering along with methods and techniques for collecting information
describe black box penetration testing and why it may be used
describe common client-side attacks such as Cross-Site Scripting attacks and methods to help prevent them
describe common web cyber attacks and countermeasures to prevent these attacks
describe cryptography and its four goals
describe defensive and quick win controls for the major control types, how they are compromised, and steps for root cause analysis
describe grey box penetration testing and why it may be used
describe how to assess security controls, including establishing security metrics for risk management framework and reporting
describe how to find a vulnerability using scanners and other techniques
describe how to perform social engineering penetration testing
describe how to protect sensitive data with security testing and the five penetration testing rules of engagement
describe how to set expectations and why it is important
describe passive information gathering and methods for collecting information
describe penetration testing tools that are used by professional hackers
describe security controls in relation to the overall NIST Cybersecurity Framework and how security controls are relevant in SecOps
describe the cause of buffer overflow and how this exploit can be used for attacks
describe the CIS critical security controls and how they are implemented
describe the common types of penetration and the importance of testing each type
describe the different categories of findings
describe the goals of social engineering penetration tests
describe the importance of physical penetration testing and why organizations must perform penetration testing
describe the importance of setting stopping points and when to stop a penetration test
describe the importance of working with management to conduct further testing after recommendations are implemented
describe the limitations of penetration testing and challenges for organizations
describe the major security control types and the components of a security control
describe the processes used to undermine a Wi-Fi client's vulnerabilities
describe the purpose and results of dumpster diving and how to protect against this form of attack
describe the role of end-user awareness in preventing cybersecurity attacks and during penetration testing
describe the rules of engagement and how they are used
describe the steps necessary to implement a physical penetration testing program and the phases of penetration testing
describe tips and tricks for preventing social engineering attacks
describe user privilege escalation and methods that can be used to protect your system from security attacks
describe various areas where security controls are commonly used
describe various complex security controls and how they are implemented, including industrial and government security controls and baselines
describe what penetration testing is and why it is important to the organization
describe what should be documented during a penetration test and why it is important
describe when to use security controls and how they are enforced
describe white box penetration testing and why it may be used
differentiate between malware types and recognize some of the consequences of using targeted malware
differentiate between scanning and enumeration
differentiate between symmetric and asymmetric cryptography
identify different lock pick tools and why lock picking is important in cybersecurity
identify how to recognize and prevent tailgating and recognize the risks that it exposes
identify how to translate penetration testing results into a formalized report that can be used for the end-user awareness program
identify penetration testing types and describe their reliance on end-user behavior
identify the business need to provide Wi-Fi access for internal employees and external partners and recognize the categories of wireless threats that can compromise networks
identify the role of human error in causing data breaches
identify the types of penetration testing and common terminology
identify the vulnerabilities and processes used to undermine an unsecured Wi-Fi hotspot
identify web application security testing methodologies and the five stages of OPSEC
investigate security controls when one fails and describe how to mitigate the outcome
list the vulnerabilities of WEP security and identify how they can be exploited
outline the steps used to perform a Denial of Service attack against a wireless network
recognize how to choose a password cracking technique
recognize social engineering attacks, and how to they relate to penetration testing
recognize the built-in sniffing capabilities of Wi-Fi used for penetration testing
recognize wireless security technologies such as WEP, WPA/2/3, and the vulnerabilities they have that could be exploited
step through the process to perform rough AP analysis