Showing posts with label Sybex. Show all posts

Richard Mansfield


e-books shop
e-books shop
Purchase Now !
Just with Paypal



Book Details
 Price
 8.00
 Pages
 1420 p
 File Size 
 12,552 KB
 File Type
 PDF format
 ISBN
 978-1-119-22538-6
 978-1-119-22539-3 (ebk.)
 978-1-119-22540-9 (ebk.)
 Copyright©   
 2016 by John Wiley & Sons, Inc 

About the Author
Mastering VBA for Microsoft Office 2016 is Richard Mansfield's 45th book. His
other titles include Visual Guide to Visual Basic (Ventana), CSS Web Design for
Dummies (Wiley), and Programming: A Beginner's Guide (McGraw-Hill).
Overall, his books have sold more than 500,000 copies worldwide and have been
translated into 12 languages. Richard also teaches a course titled Introduction to
XML at the online school ed2go.

Introduction
Visual Basic for Applications (VBA) is a powerful tool that enables you to
automate tasks in Microsoft Office applications.
Automating can save you and your colleagues considerable time and effort.
Getting more work done in less time is usually good for your self-esteem, and it
can do wonderful things for your job security and your career.

How Should I Use This Book?
This book tries to present material in a sensible and logical way. To avoid
repeating information unnecessarily, the chapters build on each other, so the later
chapters generally assume that you've read the earlier chapters.

The first five parts of the book offer a variety of code samples using Word, Excel,
PowerPoint, and, to a lesser extent, Access. If you have these applications (or
some of them), work through these examples as far as possible to get the most
benefit from them. While you may be able to apply some of the examples directly
to your work, mostly you'll find them illustrative of general VBA techniques and
principles, and you can customize them to suit your own needs.

The sixth and last part of this book shows you some more advanced techniques
that are useful when using VBA to program Word, Excel, PowerPoint, Outlook,
and Access. Work through the chapters that cover the application or applications
that you want to program with VBA.

Chapters 30 and 31 are specialized, but quite useful. Chapter 30 shows you how to
use one application to control another application; for example, you might use
Word to contact Excel and benefit from its special mathematic or graphing
capabilities. And Chapter 31 shows you many different ways to program the
Ribbon—the primary user interface in Office 2016 applications.

Table of Contents
Title Page
Copyright
Dedication
Acknowledgments
About the Author
Introduction
Where to Get This Book's Example Code
If You Have Questions
What Can I Do with VBA?
What's in This Book?
How Should I Use This Book?
Is This Book Suitable for Me?
Conventions Used in This Book
The Mastering Series
For More Information
Part 1: Recording Macros and Getting Started with VBA
Chapter 1: Recording and Running Macros in the Office Applications
What Is VBA and What Can You Do with It?
Understanding Macro Basics
Recording a Macro
Running a Macro
Recording a Sample Word Macro
Recording a Sample Excel Macro
Specifying How to Trigger an Existing Macro
Deleting a Macro
The Bottom Line
Chapter 2: Getting Started with the Visual Basic Editor
Opening the Visual Basic Editor
Using the Visual Basic Editor's Main Windows
Setting Properties for a Project
Customizing the Visual Basic Editor
The Bottom Line
Chapter 3: Editing Recorded Macros
Testing a Macro in the Visual Basic Editor
Editing a Word Macro
Editing the Excel Macro
Editing a PowerPoint Macro
The Bottom Line
Chapter 4: Creating Code from Scratch in the Visual Basic Editor
Setting Up the Visual Basic Editor to Create Macros
Creating a Procedure for Word
Creating a Macro for Excel
Creating a Procedure for PowerPoint
Creating a Procedure for Access
The Bottom Line
Part 2: Learning How to Work with VBA
Chapter 5: Understanding the Essentials of VBA Syntax
Getting Ready
Procedures
Statements
Keywords
Expressions
Operators
Variables
Constants
Arguments
Objects
Collections
Properties
Methods
Events
The Bottom Line
Chapter 6: Working with Variables, Constants, and Enumerations
Working with Variables
Working with Constants
Working with Enumerations
The Bottom Line
Chapter 7: Using Array Variables
What Is an Array?
Declaring an Array
Storing Values in an Array
Multidimensional Arrays
Declaring a Dynamic Array
Redimensioning an Array
Returning Information from an Array
Erasing an Array
Determining Whether a Variable Is an Array
Finding the Bounds of an Array
Sorting an Array
Searching an Array
The Bottom Line
Chapter 8: Finding the Objects, Methods, and Properties You Need
What Is an Object?
Working with Collections
Finding the Objects You Need
Using Object Variables to Represent Objects
Team Programming and OOP
The Bottom Line
Part 3: Making Decisions and Using Loops and Functions
Chapter 9: Using Built-In Functions
What Is a Function?
Using Functions
Using Functions to Convert Data
Using the Asc Function to Return a Character Code
Using the Val Function to Extract a Number from the Start of a String
Using the Format Function to Format an Expression
Using the Chr Function and Constants to Enter Special Characters in a
String
Using Functions to Manipulate Strings
Using the Left, Right, and Mid Functions to Return Part of a String
Using InStr and InStrRev to Find a String Within Another String
Using LTrim, RTrim, and Trim to Remove Spaces from a String
Using Len to Check the Length of a String
Using StrConv, LCase, and UCase to Change the Case of a String
Using the StrComp Function to Compare Apples to Apples
Using VBA's Mathematical Functions[[Page_232]]
Using VBA's Date and[[Page_233]] Time Functions
Using the DatePart Function to Parse Dates
Calculating Time Intervals Using the DateDiff Function
Using the DateAdd Function to Add or Subtract Time from a Date
Using File-Management Functions
Checking Whether a File Exists Using the Dir Function
The Bottom Line
Chapter 10: Creating Your Own Functions
Components of a Function
Creating a Function
Examples of Functions for Any VBA-Enabled Office Application
Creating a Function for Word
Creating a Function for Excel
Creating a Function for PowerPoint
Creating a Function for Access
The Bottom Line
Chapter 11: Making Decisions in Your Code
How Do You Compare Things in VBA?
Testing Multiple Conditions by Using Logical Operators
Select Case Blocks
The Bottom Line
Chapter 12: Using Loops to Repeat Actions
When Should You Use a Loop?
Understanding the Basics of Loops
Using For…Loops for Fixed Repetitions
Using Do…Loops for Variable Numbers of Repetitions
While…Wend Loops
Nesting Loops
Avoiding Infinite Loops
The Bottom Line
Part 4: Using Message Boxes, Input Boxes, and Dialog Boxes
Chapter 13: Getting User Input with Message Boxes and Input Boxes
Opening a Macro
Displaying Status-Bar Messages in Word and Excel
Message Boxes
Input Boxes
Forms: When Message Boxes and Input Boxes Won't Suffice
The Bottom Line
Chapter 14: Creating Simple Custom Dialog Boxes
When Should You Use a Custom Dialog Box?
Creating a Custom Dialog Box
Working with Groups of Controls
Linking a Form to a Procedure
Retrieving the User's Choices from a Dialog Box
Examples of Connecting Forms to Procedures
Using an Application's Built-In Dialog Boxes from VBA
The Bottom Line
Chapter 15: Creating Complex Forms
Creating and Working with Complex Dialog Boxes
Using Events to Control Forms
The Bottom Line
Part 5: Creating Effective Code
Chapter 16: Building Modular Code and Using Classes
Creating Modular Code
Creating and Using Classes
The Bottom Line
Chapter 17: Debugging Your Code and Handling Errors
Principles of Debugging
The Different Types of Errors
VBA's Debugging Tools
Dealing with Infinite Loops
Dealing with Runtime Errors
Suppressing Alerts
Handling User Interrupts in Word, Excel, and Project
Documenting Your Code
The Bottom Line
Chapter 18: Building Well-Behaved Code
What Is a Well-Behaved Procedure?
Retaining or Restoring the User Environment
Leaving the User in the Best Position to Continue Working
Keeping the User Informed During the Procedure
Making Sure a Procedure Is Running Under Suitable Conditions
Cleaning Up After a Procedure
The Bottom Line
Chapter 19: Exploring VBA's Security Features
Understanding How VBA Implements Security
Signing Your Macro Projects with Digital Signatures
Choosing a Suitable Level of Security
Locking Your Code
The Bottom Line
Part 6: Programming the Office Applications
Chapter 20: Understanding the Word Object Model and Key Objects
Examining the Word Object Model
Working with the Documents Collection and the Document Object
Saving a Document
Opening a Document
Closing a Document
Printing a Document
Working with the ActiveDocument Object
Working with the Selection Object
Creating and Using Ranges
Manipulating Options
The Bottom Line
Chapter 21: Working with Widely Used Objects in Word
Using Find and Replace via VBA
Working with Headers, Footers, and Page Numbers
Working with Sections, Page Setup, Windows, and Views
Working with Tables
The Bottom Line
Chapter 22: Understanding the Excel Object Model and Key Objects
Getting an Overview of the Excel Object Model
Understanding Excel's Creatable Objects
Managing Workbooks
Working with Worksheets
Working with the Active Cell or Selection
Working with Ranges
Setting Options
The Bottom Line
Chapter 23: Working with Widely Used Objects in Excel
Working with Charts
Working with Windows Objects
Working with Find and Replace
Adding Shapes
The Bottom Line
Chapter 24: Understanding the PowerPoint Object Model and Key Objects
Getting an Overview of the PowerPoint Object Model
Understanding PowerPoint's Creatable Objects
Working with Presentations
Working with Windows and Views
Working with Slides
Working with Masters
The Bottom Line
Chapter 25: Working with Shapes and Running Slide Shows
Working with Shapes
Working with Headers and Footers
Setting Up and Running a Slide Show
The Bottom Line
Chapter 26: Understanding the Outlook Object Model and Key Objects
Getting an Overview of the Outlook Object Model
Working with the Application Object
Understanding General Methods for Working with Outlook Objects
Working with Messages
Working with Calendar Items
Working with Tasks and Task Requests
Searching for Items
The Bottom Line
Chapter 27: Working with Events in Outlook
Working with Application-Level Events
Working with Item-Level Events
Understanding Quick Steps
The Bottom Line
Chapter 28: Understanding the Access Object Model and Key Objects
Getting Started with VBA in Access
Getting an Overview of the Access Object Model
Understanding Creatable Objects in Access
Opening and Closing Databases
Working with the Screen Object
Using the DoCmd Object to Run Access Commands
The Bottom Line
Chapter 29: Manipulating the Data in an Access Database via VBA
Understanding How to Proceed
Preparing to Manage the Data in a Database
Opening a Recordset
Accessing a Particular Record in a Recordset
Searching for a Record
Returning the Fields in a Record
Editing a Record
Inserting and Deleting Records
Closing a Recordset
Saving a Recordset to the Cloud
The Bottom Line
Chapter 30: Accessing One Application from Another Application
Understanding the Tools Used to Communicate Between Applications
Using Automation to Transfer Information
Using the Shell Function to Run an Application
Using Data Objects to Store and Retrieve Information
Communicating via DDE
Communicating via SendKeys
Going Beyond VBA
The Bottom Line
Chapter 31: Programming the Office 2016 Ribbon
What Is XML?
Hiding the Clipboard Group on the Word Ribbon
Working with Excel and PowerPoint
Undoing Ribbon Modifications
Selecting the Scope of Your Ribbon Customization
Adding a New Group
Adding Callbacks
Adding Attributes
Using Menus and Lists
Toggling with a Toggle-Button Control
Modifying the Ribbon in Access
Adding a Callback in Access
What to Look For If Things Go Wrong
Where to Go from Here
The Bottom Line
Appendix: The Bottom Line
Chapter 1: Recording and Running Macros in the Office Applications
Chapter 2: Getting Started with the Visual Basic Editor[[Page_878]]
Chapter 3: Editing Recorded Macros
Chapter 4: Creating Code from Scratch in the Visual Basic Editor
Chapter 5: Understanding the Essentials of VBA Syntax
Chapter 6: Working with Variables, Constants, and Enumerations
Chapter 7: Using Array Variables
Chapter 8: Finding the Objects, Methods, and Properties You Need
Chapter 9: Using Built-In Functions
Chapter 10: Creating Your Own Functions
Chapter 11: Making Decisions in Your Code
Chapter 12: Using Loops to Repeat Actions
Chapter 13: Getting User Input with Message Boxes and Input Boxes
Chapter 14: Creating Simple Custom Dialog Boxes
Chapter 15: Creating Complex Forms
Chapter 16: Building Modular Code and Using Classes
Chapter 17: Debugging Your Code and Handling Errors
Chapter 18: Building Well-Behaved Code
Chapter 19: Exploring VBA's Security Features
Chapter 20: Understanding the Word Object Model and Key Objects
Chapter 21: Working with Widely Used Objects in Word
Chapter 22: Understanding the Excel Object Model and Key Objects
Chapter 23: Working with Widely Used Objects in Excel
Chapter 24: Understanding the PowerPoint Object Model and Key Objects
Chapter 25: Working with Shapes and Running Slide Shows
Chapter 26: Understanding the Outlook Object Model and Key Objects
Chapter 27: Working with Events in Outlook
Chapter 28: Understanding the Access Object Model and Key Objects
Chapter 29: Manipulating the Data in an Access Database via VBA
Chapter 30: Accessing One Application from Another Application
Chapter 31: Programming the Office 2016 Ribbon
End User License Agreement


Bookscreen
e-books shop

Is This Book Suitable for Me?
Yes.
No programming experience required. This book is for anyone who wants to learn
to use VBA to automate their work in Office. Automating your work could involve
anything from creating a few simple procedures that would enable you to perform
some complex and tedious operations via a single keystroke, to building a custom
application with a complete interface that looks quite different from the host application.

This book attempts to present theoretical material in a practical context by
including lots of examples of the theory in action. For example, when you learn
about loops, you execute short procedures that illustrate the uses of each kind of
loop so that you can see how and why they work, and when to use them. And you'll
also find many step-throughs—numbered lists that take you through a task, one
step at a time. Above all, I've tried to make this book clear and understandable,
even to readers who've never written any programming in their life.

Sean-Philip Oriyano

Ethical Hacking Study Guide

Development Editor: Kim Wimpsett
Technical Editors: Raymond Blockmon, Jason McDowell, Tom Updegrove
Production Editor: Rebecca Anderson
Copy Editor: Linda Recktenwald
Editorial Manager: Mary Beth Wakefield
Production Manager: Kathleen Wisor
Executive Editor: Jim Minatel
Media Supervising Producer: Rich Graves
Book Designers: Judy Fung and Bill Gibson
Proofreader: Nancy Carrasco
Indexer: J & J Indexing
Project Coordinator, Cover: Brent Savage
Cover Designer: Wiley

Cover Image: ©Getty Images Inc./Jeremy Woodhouse


e-book shop
e-book shop
Purchase Now !
Just with Paypal



Book Details
 Price
 5.00 USD
 Pages
 662 p
 File Size
 9,774 KB
 File Type
 PDF format
 ISBN
 978-1-119-25224-5
 978-1-119-25227-6 (ebk.)
 978-1-119-25225-2 (ebk.)
 Copyright   
 2016 by John Wiley & Sons, Inc   

About the Author
Sean Oriyano (www.oriyano.com) is a seasoned security professional and entrepreneur.
Over the past 25 years he has split his time among writing, researching, consulting, and
training various people and organizations on a wide range of topics relating to both IT and
security. As an instructor and consultant, Sean has traveled all over the world, sharing his
knowledge as well as gaining exposure to many different environments and cultures
along the way. His broad knowledge and easy-to-understand manner, along with a healthy
dose of humor, have led to Sean being a regularly requested instructor.

Outside of training and consulting, Sean is also a best-selling author with many years of
experience in both digital and print media. Sean has published books for McGraw-Hill,
Wiley, Sybex, O’Reilly Media, and Jones & Bartlett. Over the last decade Sean has
expanded his reach even further by appearing in shows on both TV and radio. To date,
Sean has appeared in over a dozen TV programs and radio shows discussing various
cybersecurity topics and technologies. 

When in front of the camera, Sean has been noted for his casual demeanor and praised for his ability to explain complex topics in an easy-tounderstand manner.
Outside his own business activities, Sean is a member of the military as a chief warrant
officer specializing in infrastructure and security as well as the development of
new troops. In addition, as a CWO he is recognized as a subject matter expert in his field
and is frequently called upon to provide expertise, training, and mentoring wherever needed.
When not working, Sean is an avid obstacle course racer, having completed numerous
races, including a world championship race and a Spartan Trifecta. 

He also enjoys traveling, bodybuilding, training, and developing his mixed martial arts skills plus taking survival courses.
Sean holds many certifications and qualifications that demonstrate his knowledge and
experience in the IT field, such as the CISSP, CNDA, and Security+.

Acknowledgments
Writing acknowledgements is probably the toughest part of writing a book in my opinion
as I always feel that I have forgotten someone who had to deal with my hijinks over the
past few months. Anyway, here goes.
First of all, I want to thank my Mom and Dad for all of your support over the years as well
as being your favorite son. That’s right, I said it.
I would also like to take a moment to thank all the men and women I have served with
over the years. It is an honor for this Chief Warrant Officer to serve with each of you. I
would also like to extend a special thanks to my own unit for all the work you do, you are
each a credit to the uniform. Finally, thanks to my Commander for your mentorship,
support, and faith in my abilities.
To my friends I want to say thanks for tearing me away from my computer now and then
when you knew I needed to let my brain cool off a bit. Mark, Jason, Jennifer, Fred, Misty,
Arnold, Shelly, and especially Lisa, you all helped me put my focus elsewhere for a while
before I went crazy(er).
I would also like to thank Shigeru Miyamoto for bringing the Legend of Zelda into reality.
Finally, on a more serious note, I would like to dedicate this book to Medal of Honor
recipient (and personal hero) Sgt. Maj. (USA) Jon R. Cavaiani who passed away some
time before this book was written. Thank you for giving me the honor to shake your hand.
—Sean-Philip Oriyano
Duty, Service, Honor

Table of Contents
Introduction
Exam 312-50 Exam Objectives
Assessment Test
Answers to Assessment Test
Chapter 1: Introduction to Ethical Hacking
Hacking: the Evolution
So, What Is an Ethical Hacker?
Summary
Exam Essentials
Review Questions
Chapter 2: System Fundamentals
Exploring Network Topologies
Working with the Open Systems Interconnection Model
Dissecting the TCP/IP Suite
IP Subnetting
Hexadecimal vs. Binary
Exploring TCP/IP Ports
Understanding Network Devices
Working with MAC Addresses
Intrusion Prevention and Intrusion Detection Systems
Network Security
Knowing Operating Systems
Backups and Archiving
Summary
Exam Essentials
Review Questions
Chapter 3: Cryptography
Cryptography: Early Applications and Examples
Cryptography in Action
Understanding Hashing
Issues with Cryptography
Applications of Cryptography
Summary
Exam Essentials
Review Questions
Chapter 4: Footprinting
Understanding the Steps of Ethical Hacking
What Is Footprinting?
Terminology in Footprinting
Threats Introduced by Footprinting
The Footprinting Process
Summary
Exam Essentials
Review Questions
Chapter 5: Scanning
What Is Scanning?
Checking for Live Systems
Checking the Status of Ports
The Family Tree of Scans
OS Fingerprinting
Countermeasures
Vulnerability Scanning
Mapping the Network
Using Proxies
Summary
Exam Essentials
Review Questions
Chapter 6: Enumeration
A Quick Review
What Is Enumeration?
About Windows Enumeration
Linux Basic
Enumeration with SNMP
Unix and Linux Enumeration
LDAP and Directory Service Enumeration
Enumeration Using NTP
SMTP Enumeration
Summary
Exam Essentials
Review Questions
Chapter 7: System Hacking
Up to This Point
System Hacking
Summary
Exam Essentials
Review Questions
Chapter 8: Malware
Malware
Overt and Covert Channels
Summary
Exam Essentials
Review Questions
Chapter 9: Sniffers
Understanding Sniffers
Using a Sniffer
Switched Network Sniffing
Summary
Exam Essentials
Review Questions
Chapter 10: Social Engineering
What Is Social Engineering?
Social Networking to Gather Information?
Commonly Employed Threats
Identity Theft
Summary
Exam Essentials
Review Questions
Chapter 11: Denial of Service
Understanding DoS
Understanding DDoS
DoS Tools
DDoS Tools
DoS Defensive Strategies
DoS Pen-Testing Considerations
Summary
Exam Essentials
Review Questions
Chapter 12: Session Hijacking
Understanding Session Hijacking
Exploring Defensive Strategies
Summary
Exam Essentials
Review Questions
Chapter 13: Web Servers and Applications
Exploring the Client-Server Relationship
Summary
Exam Essentials
Review Questions
Chapter 14: SQL Injection
Introducing SQL Injection
Summary
Exam Essentials
Review Questions
Chapter 15: Hacking Wi-Fi and Bluetooth
What Is a Wireless Network?
Summary
Exam Essentials
Review Questions
Chapter 16: Mobile Device Security
Mobile OS Models and Architectures
Goals of Mobile Security
Device Security Models
Countermeasures
Summary
Exam Essentials
Review Questions
Chapter 17: Evasion
Honeypots, IDSs, and Firewalls
Summary
Exam Essentials
Review Questions
Chapter 18: Cloud Technologies and Security
What Is the Cloud?
Summary
Exam Essentials
Review Questions
Chapter 19: Physical Security
Introducing Physical Security
Summary
Exam Essentials
Review Questions
Appendix A: Answers to Review Questions
Chapter 1: Introduction to Ethical Hacking
Chapter 2: System Fundamentals
Chapter 3: Cryptography
Chapter 4: Footprinting
Chapter 5: Scanning
Chapter 6: Enumeration
Chapter 7: System Hacking
Chapter 8: Malware
Chapter 9: Sniffers
Chapter 10: Social Engineering
Chapter 11: Denial of Service
Chapter 12: Session Hijacking
Chapter 13: Web Servers and Applications
Chapter 14: SQL Injection
Chapter 15: Hacking Wi-Fi and Bluetooth
Chapter 16: Mobile Device Security
Chapter 17: Evasion
Chapter 18: Cloud Technologies and Security
Chapter 19: Physical Security
Appendix B: Penetration Testing Frameworks
Overview of Alternative Methods
Penetration Testing Execution Standard
Summary
Appendix C: Building a Lab
Why Build a Lab?
Creating a Test Setup
The Installation Process
Summary
Advert
EULA

Bookscreen
e-books shop

Introduction
If you’re preparing to take the CEH exam, you’ll undoubtedly want to find as much
information as you can about computers, networks, applications, and physical security.
The more information you have at your disposal and the more hands-on experience you
gain, the better off you’ll be when taking the exam. This study guide was written with that
goal in mind—to provide enough information to prepare you for the test, but not so much
that you’ll be overloaded with information that is too far outside the scope of the exam.
To make the information more understandable, I’ve included practical examples and
experience that supplement the theory.

This book presents the material at an advanced technical level. An understanding of
network concepts and issues, computer hardware and operating systems, and applications
will come in handy when you read this book. While every attempt has been made to
present the concepts and exercises in an easy-to-understand format, you will need to have
experience with IT and networking technology to get the best results.

I’ve included review questions at the end of each chapter to give you a taste of what it’s
like to take the exam. If you’re already working in the security field, check out these
questions first to gauge your level of expertise. You can then use the book to fill in the
gaps in your current knowledge. This study guide will help you round out your knowledge
base before tackling the exam itself.

If you can answer 85 percent to 90 percent or more of the review questions correctly for a
given chapter, you can feel safe moving on to the next chapter. If you’re unable to answer
that many questions correctly, reread the chapter and try the questions again. Your score
should improve.

Before You Begin Studying
Before you begin preparing for the exam, it’s imperative that you understand a few things
about the CEH certification. CEH is a certification from the International Council of
Electronic Commerce Consultants (EC-Council) granted to those who obtain a passing
score on a single exam (number 312-50). The exam is predominantly multiple choice,
with some questions including diagrams and sketches that you must analyze to arrive at
an answer. This exam requires intermediate- to advanced-level experience; you’re
expected to know a great deal about security from an implementation and theory
perspective as well as a practical perspective.

In many books, the glossary is filler added to the back of the text; this book’s glossary
(included as part of the online test bank at sybextestbanks.wiley.com) should be
considered necessary reading. You’re likely to see a question on the exam about what a
black- or white-box test is—not how to specifically implement it in a working
environment. Spend your study time learning the various security solutions and
identifying potential security vulnerabilities and where they are applicable. Also spend
time thinking outside the box about how things work—the exam is also known to alter
phrases and terminology—but keep the underlying concept as a way to test your thought process.

The EC-Council is known for presenting concepts in unexpected ways on their exam. The
exam tests whether you can apply your knowledge rather than just commit information to
memory and repeat it back. Use your analytical skills to visualize the situation and then
determine how it works. The questions throughout this book make every attempt to recreate
the structure and appearance of the CEH exam questions.

Why Become CEH Certified?
There are a number of reasons for obtaining the CEH certification. These include the
following:
Provides Proof of Professional Achievement Specialized certifications are the best
way to stand out from the crowd. In this age of technology certifications, you’ll find
hundreds of thousands of administrators who have successfully completed the Microsoft
and Cisco certification tracks. To set yourself apart from the crowd, you need a bit more.
The CEH exam is part of the EC-Council certification track, which includes other securitycentric
certifications if you wish to attempt those.

Increases Your Marketability The CEH for several years has provided a valuable
benchmark of the skills of a pentester to potential employers or clients. Once you hold
the CEH certification, you’ll have the credentials to prove your competency. Moreover,
certifications can’t be taken from you when you change jobs—you can take that
certification with you to any position you accept.

Provides Opportunity for Advancement Individuals who prove themselves to be
competent and dedicated are the ones who will most likely be promoted. Becoming
certified is a great way to prove your skill level and show your employer that you’re
committed to improving your skill set. Look around you at those who are certified: They
are probably the people who receive good pay raises and promotions.

Fulfills Training Requirements Many companies have set training requirements for
their staff so that they stay up to date on the latest technologies. Having a certification
program in security provides administrators with another certification path to follow
when they have exhausted some of the other industry-standard certifications.
Raises Customer Confidence Many companies, small businesses, and the
governments of various countries have long discovered the advantages of being a CEH.
Many organizations require that employees and contractors hold the credential in order
to engage in certain work activities.

How to Become a CEH-Certified Professional
The first place to start on your way to certification is to register for the exam at any
Pearson VUE testing center. Exam pricing might vary by country or by EC-Council
membership. You can contact Pearson VUE by going to their website (www.vue.com) or
in the United States and Canada by calling toll-free (877)-551-7587.

When you schedule the exam, you’ll receive instructions about appointment and
cancellation procedures, ID requirements, and information about the testing center
location. In addition, you will be required to provide a special EC-Council–furnished code
in order to complete the registration process. Finally, you will also be required to fill out a
form describing your professional experience and background before a code will be issued
for you to register.

After you’ve successfully passed your CEH exam, the EC-Council will award you with
certification. Within four to six weeks of passing the exam, you’ll receive your official ECCouncil
CEH certificate.

Who Should Read This Book?
If you want to acquire solid information in hacking and pen-testing techniques and your
goal is to prepare for the exam by learning how to develop and improve security, this book
is for you. You’ll find clear explanations of the concepts you need to grasp and plenty of
help to achieve the high level of professional competency you need to succeed in your chosen field.

If you want to become certified, this book is definitely what you need. However, if you
just want to attempt to pass the exam without really understanding security, this study
guide isn’t for you. You must be committed to learning the theory and concepts in this
book to be successful.

What Does This Book Cover?
This book covers everything you need to know to pass the CEH exam. Here’s a breakdown
chapter by chapter:
Chapter 1: Introduction to Ethical Hacking This chapter covers the purpose of
ethical hacking, defines the ethical hacker, and describes how to get started performing
security audits.
Chapter 2: System Fundamentals This chapter presents a look at the various
components that make up a system and how they are affected by security.
Chapter 3: Cryptography This chapter explores the art and science of cryptography;
you’ll learn how cryptography works and how it supports security.
Chapter 4: Footprinting In this chapter, you’ll learn how to gain information from a
target using both passive and active methods.
Chapter 5: Scanning This chapter shows you how to gain information about the hosts
and devices on a network as well as what the information means.
Chapter 6: Enumeration In this chapter, you’ll learn how to probe the various services
present on a given host and how to process the information to determine what it means
and how to use it for later actions.
Chapter 7: System Hacking This chapter shows you how to use the information gained
from footprinting, scanning, and earlier examinations in order to break into or gain access
to a system.
Chapter 8: Malware This chapter covers the varieties of malware and how each can be
created, used, or defended against.
Chapter 9: Sniffers This chapter discusses using packet sniffers to gather information
that is flowing across the network. You’ll learn how to dissect this information for
immediate or later use.
Chapter 10: Social Engineering This chapter covers how to manipulate human beings
in order to gain sensitive information.
Chapter 11: Denial of Service This chapter includes an analysis of attacks that are
designed to temporarily or permanently shut down a target.
Chapter 12: Session Hijacking This chapter covers how to disrupt communications as
well as take over legitimate sessions between two parties.
Chapter 13: Web Servers and Applications This chapter explains how to break into
and examine web servers and applications as well as the various methods of attack.
Chapter 14: SQL Injection In this chapter, you’ll learn how to attack databases and
data stores using SQL injection to alter, intercept, view, or destroy information.
Chapter 15: Hacking Wi-Fi and Bluetooth In this chapter, you’ll learn how to target,
analyze, disrupt, and shut down wireless networks either temporarily or permanently.
Chapter 16: Mobile Device Security In this chapter, you’ll learn how to target,
analyze, and work with mobile devices.
Chapter 17: Evasion This chapter covers how to deal with the common protective
measures that a system administrator may put into place; these measures include
intrusion detection systems (IDSs), firewalls, and honeypots.
Chapter 18: Cloud Technologies and Security In this chapter, you’ll learn how to
integrate and secure cloud technologies.
Chapter 19: Physical Security This chapter deals with the aspects of physical security
and how to protect assets from being stolen, lost, or otherwise compromised.
Appendix A: Answers to Review Questions In this appendix, you can find all the
answers to the review questions throughout the book.
Appendix B: Penetration Testing Frameworks In this appendix, you will explore an
alternative penetration testing framework.
Appendix C: Building a Lab In this appendix, you’ll learn how to build a lab to test and
experiment with your penetration testing skills.

Exam PT0-001

Mike Chapple & David Seidl

Penetration Testing
Planning and Scoping Penetration Tests
Information Gathering
Vulnerability Scanning
Analyzing Vulnerability Scans 
Exploit and Pivot
Exploiting Network Vulnerabilities
Exploiting Physical and Social Vulnerabilities
Exploiting Application Vulnerabilities
Exploiting Host Vulnerabilities
Scripting for Penetration Testing
Reporting and Communication

e-books shop
e-books shop
Purchase Now !
Just with Paypal



Book Details
 Price
 3.00 USD
 Pages
 521 p
 File Size
 34,054 KB
 File Type
 PDF format
 ISBN
 978-1-119-50422-1
 978-1-119-50425-2 (ebk.)
 978-1-119-50424-5 (ebk.)
 Copyright   
 2019 by John Wiley & Sons, Inc  

About the Author
Mike Chapple, PhD, Security+, CISSP, CISA, PenTest+,
CySA+, is an associate teaching professor of IT, analytics, and
operations at the University of Notre Dame. He is also the
academic director of the University’s master’s program in
business analytics.
Mike is a cybersecurity professional with over 20 years of
experience in the field. Prior to his current role, Mike served
as senior director for IT service delivery at Notre Dame, where
he oversaw the University’s cybersecurity program, cloud computing
efforts, and other areas. Mike also previously served as
chief information officer of Brand Institute and an information security researcher with the
National Security Agency and the U.S. Air Force.
Mike is a frequent contributor to several magazines and websites and is the author or
coauthor of more than 25 books, including CISSP Official (ISC)2 Study Guide, CISSP
Official (ISC)2 Practice Tests, CompTIA CySA+ Study Guide: Exam CS0-001, and
CompTIA CySA+ Practice Tests: Exam CS0-001, all from Wiley, and Cyberwarfare:
Information Operations in a Connected World (Jones and Bartlett, 2014).
Mike offers free study groups for the PenTest+, CySA+, Security+, CISSP, and SSCP certifications
at his website, certmike.com.

David Seidl, CISSP, PenTest+, CySA+, GCIH, GPEN, is
the senior director for campus technology services at the
University of Notre Dame. As the senior director for CTS,
David is responsible for Amazon AWS cloud operations, virtualization,
enterprise storage, platform and operating system
support, database and ERP administration and services, identity
and access management, application services, enterprise
content management, digital signage, labs, lecterns, and academic
printing and a variety of other services and systems.
During his over 22 years in information technology, David
has served in a variety of leadership, technical, and information security roles, including
leading Notre Dame’s information security team as director of information security. He has
written books on security certification and cyberwarfare, including coauthoring CompTIA
CySA+ Study Guide: Exam CS0-001, CompTIA CySA+ Practice Tests: Exam CS0-001,
and CISSP (ISC)2 Official Practice Tests from Wiley and Cyberwarfare: Information
Operations in a Connected World (Jones and Bartlett, 2014).
David holds a bachelor’s degree in communication technology and a master’s degree in
information security from Eastern Michigan University.

Acknowledgments
Books like this involve work from many people, and as authors, we truly appreciate the
hard work and dedication that the team at Wiley shows. We would especially like to thank
Senior Acquisitions Editor Kenyon Brown. We have worked with Ken on multiple projects
and consistently enjoy our work with him.
We also greatly appreciated the editing and production team for the book, including
Jim Compton, our developmental editor, whose prompt and consistent oversight got this
book out the door, and Christine O’Connor, our production editor, who guided us through
layouts, formatting, and final cleanup to produce a great book. We’d also like to thank our
technical editor, Jeff Parker, who provided us with thought-provoking questions and technical
insight throughout the process. We would also like to thank the many behind-thescenes
contributors, including the graphics, production, and technical teams who make the
book and companion materials into a finished product.
Our agent, Carole Jelen of Waterside Productions, continues to provide us with wonderful
opportunities, advice, and assistance throughout our writing careers.
Finally, we would like to thank our families, friends, and significant others who support
us through the late evenings, busy weekends, and long hours that a book like this requires
to write, edit, and get to press.

Table of Contents
Introduction xxv
Assessment Test lvi
Chapter 1 Penetration Testing 1
What Is Penetration Testing? 2
Cybersecurity Goals 2
Adopting the Hacker Mind-Set 4
Reasons for Penetration Testing 5
Benefits of Penetration Testing 5
Regulatory Requirements for Penetration Testing 6
Who Performs Penetration Tests? 8
Internal Penetration Testing Teams 8
External Penetration Testing Teams 9
Selecting Penetration Testing Teams 9
The CompTIA Penetration Testing Process 10
Planning and Scoping 11
Information Gathering and Vulnerability Identification 11
Attacking and Exploiting 12
Reporting and Communicating Results 13
The Cyber Kill Chain 13
Reconnaissance 15
Weaponization 15
Delivery 16
Exploitation 16
Installation 16
Command and Control 16
Actions on Objectives 17
Tools of the Trade 17
Reconnaissance 19
Vulnerability Scanners 20
Social Engineering 21
Credential-Testing Tools 21
Debuggers 21
Software Assurance 22
Network Testing 22
Remote Access 23
Exploitation 23
Summary 23
Exam Essentials 24
Lab Exercises 25
Activity 1.1: Adopting the Hacker Mind-Set 25
Activity 1.2: Using the Cyber Kill Chain 25
Review Questions 26
Chapter 2 Planning and Scoping Penetration Tests 31
Scoping and Planning Engagements 35
Assessment Types 36
White Box, Black Box, or Gray Box? 36
The Rules of Engagement 38
Scoping Considerations: A Deeper Dive 40
Support Resources for Penetration Tests 42
Key Legal Concepts for Penetration Tests 45
Contracts 45
Data Ownership and Retention 46
Authorization 46
Environmental Differences 46
Understanding Compliance-Based Assessments 48
Summary 50
Exam Essentials 51
Lab Exercises 52
Review Questions 53
Chapter 3 Information Gathering 57
Footprinting and Enumeration 60
OSINT 61
Location and Organizational Data 64
Infrastructure and Networks 67
Security Search Engines 72
Active Reconnaissance and Enumeration 74
Hosts 75
Services 75
Networks, Topologies, and Network Traffic 81
Packet Crafting and Inspection 83
Enumeration 84
Information Gathering and Code 88
Information Gathering and Defenses 89
Defenses Against Active Reconnaissance 90
Preventing Passive Information Gathering 90
Summary 90
Exam Essentials 91
Lab Exercises 92
Activity 3.1: Manual OSINT Gathering 92
Activity 3.2: Exploring Shodan 93
Activity 3.3: Running a Nessus Scan 93
Review Questions 94
Chapter 4 Vulnerability Scanning 99
Identifying Vulnerability Management Requirements 102
Regulatory Environment 102
Corporate Policy 106
Support for Penetration Testing 106
Identifying Scan Targets 106
Determining Scan Frequency 107
Configuring and Executing Vulnerability Scans 109
Scoping Vulnerability Scans 110
Configuring Vulnerability Scans 111
Scanner Maintenance 117
Software Security Testing 119
Analyzing and Testing Code 120
Web Application Vulnerability Scanning 121
Developing a Remediation Workflow 125
Prioritizing Remediation 126
Testing and Implementing Fixes 127
Overcoming Barriers to Vulnerability Scanning 127
Summary 129
Exam Essentials 129
Lab Exercises 130
Activity 4.1: Installing a Vulnerability Scanner 130
Activity 4.2: Running a Vulnerability Scan 130
Activity 4.3: Developing a Penetration Test
Vulnerability Scanning Plan 131
Review Questions 132
Chapter 5 Analyzing Vulnerability Scans 137
Reviewing and Interpreting Scan Reports 138
Understanding CVSS 142
Validating Scan Results 147
False Positives 147
Documented Exceptions 147
Understanding Informational Results 148
Reconciling Scan Results with Other Data Sources 149
Trend Analysis 149
Common Vulnerabilities 150
Server and Endpoint Vulnerabilities 151
Network Vulnerabilities 161
Virtualization Vulnerabilities 167
Internet of Things (IoT) 169
Web Application Vulnerabilities 170
Summary 172
Exam Essentials 173
Lab Exercises 174
Activity 5.1: Interpreting a Vulnerability Scan 174
Activity 5.2: Analyzing a CVSS Vector 174
Activity 5.3: Developing a Penetration Testing Plan 175
Review Questions 176
Chapter 6 Exploit and Pivot 181
Exploits and Attacks 184
Choosing Targets 184
Identifying the Right Exploit 185
Exploit Resources 188
Developing Exploits 189
Exploitation Toolkits 191
Metasploit 192
PowerSploit 198
Exploit Specifics 199
RPC/DCOM 199
PsExec 199
PS Remoting/WinRM 199
WMI 200
Scheduled Tasks and cron Jobs 200
SMB 201
RDP 202
Apple Remote Desktop 203
VNC 203
X-Server Forwarding 203
Telnet 203
SSH 204
Leveraging Exploits 204
Common Post-Exploit Attacks 204
Privilege Escalation 207
Social Engineering 208
Persistence and Evasion 209
Scheduled Jobs and Scheduled Tasks 209
Inetd Modification 210
Daemons and Services 210
Back Doors and Trojans 210
New Users 211
Pivoting 211
Covering Your Tracks 212
Summary 213
Exam Essentials 214
Lab Exercises 215
Activity 6.1: Exploit 215
Activity 6.2: Discovery 215
Activity 6.3: Pivot 216
Review Questions 217
Chapter 7 Exploiting Network Vulnerabilities 223
Conducting Network Exploits 226
VLAN Hopping 226
Network Proxies 228
DNS Cache Poisoning 228
Man-in-the-Middle 229
NAC Bypass 233
DoS Attacks and Stress Testing 234
Exploiting Windows Services 236
NetBIOS Name Resolution Exploits 236
SMB Exploits 240
Exploiting Common Services 240
SNMP Exploits 241
SMTP Exploits 242
FTP Exploits 243
Samba Exploits 244
Wireless Exploits 245
Evil Twins and Wireless MITM 245
Other Wireless Protocols and Systems 247
RFID Cloning 248
Jamming 249
Repeating 249
Summary 250
Exam Essentials 251
Lab Exercises 251
Activity 7.1: Capturing Hashes 251
Activity 7.2: Brute-Forcing Services 252
Activity 7.3: Wireless Testing 253
Review Questions 254
Chapter 8 Exploiting Physical and Social Vulnerabilities 259
Physical Facility Penetration Testing 262
Entering Facilities 262
Information Gathering 266
Social Engineering 266
In-Person Social Engineering 267
Phishing Attacks 269
Website-Based Attacks 270
Using Social Engineering Tools 270
Summary 273
Exam Essentials 274
Lab Exercises 275
Activity 8.1: Designing a Physical Penetration Test 275
Activity 8.2: Brute-Forcing Services 276
Activity 8.3: Using BeEF 276
Review Questions 278
Chapter 9 Exploiting Application Vulnerabilities 283
Exploiting Injection Vulnerabilities 287
Input Validation 287
Web Application Firewalls 288
SQL Injection Attacks 289
Code Injection Attacks 292
Command Injection Attacks 293
Exploiting Authentication Vulnerabilities 293
Password Authentication 294
Session Attacks 295
Kerberos Exploits 298
Exploiting Authorization Vulnerabilities 299
Insecure Direct Object References 299
Directory Traversal 300
File Inclusion 301
Exploiting Web Application Vulnerabilities 302
Cross-Site Scripting (XSS) 302
Cross-Site Request Forgery (CSRF/XSRF) 305
Clickjacking 305
Unsecure Coding Practices 306
Source Code Comments 306
Error Handling 306
Hard-Coded Credentials 307
Race Conditions 308
Unprotected APIs 308
Unsigned Code 308
Application Testing Tools 308
Static Application Security Testing (SAST) 309
Dynamic Application Security Testing (DAST) 310
Mobile Tools 313
Summary 313
Exam Essentials 313
Lab Exercises 314
Activity 9.1: Application Security Testing Techniques 314
Activity 9.2: Using the ZAP Proxy 314
Activity 9.3: Creating a Cross-Site Scripting Vulnerability 315
Review Questions 316
Chapter 10 Exploiting Host Vulnerabilities 321
Attacking Hosts 325
Linux 325
Windows 331
Cross-Platform Exploits 338
Remote Access 340
SSH 340
Netcat and Ncat 341
Proxies and Proxychains 341
Metasploit and Remote Access 342
Attacking Virtual Machines and Containers 342
Virtual Machine Attacks 343
Container Attacks 344
Physical Device Security 345
Cold-Boot Attacks 345
Serial Consoles 345
JTAG Debug Pins and Ports 346
Attacking Mobile Devices 347
Credential Attacks 348
Credential Acquisition 348
Offline Password Cracking 349
Credential Testing and Brute-Forcing Tools 350
Wordlists and Dictionaries 351
Summary 352
Exam Essentials 353
Lab Exercises 354
Activity 10.1: Dumping and Cracking the Windows SAM
and Other Credentials 354
Activity 10.2: Cracking Passwords Using Hashcat 355
Activity 10.3: Setting Up a Reverse Shell
and a Bind Shell 356
Review Questions 358
Chapter 11 Scripting for Penetration Testing 363
Scripting and Penetration Testing 364
Bash 365
PowerShell 366
Ruby 367
Python 368
Variables, Arrays, and Substitutions 368
Bash 370
PowerShell 371
Ruby 371
Python 372
Comparison Operations 372
String Operations 373
Bash 375
PowerShell 376
Ruby 377
Python 378
Flow Control 378
Conditional Execution 379
For Loops 384
While Loops 389
Input and Output (I/O) 394
Redirecting Standard Input and Output 394
Error Handling 395
Bash 395
PowerShell 396
Ruby 396
Python 396
Summary 397
Exam Essentials 397
Lab Exercises 398
Activity 11.1: Reverse DNS Lookups 398
Activity 11.2: Nmap Scan 398
Review Questions 399
Chapter 12 Reporting and Communication 405
The Importance of Communication 408
Defining a Communication Path 408
Communication Triggers 408
Goal Reprioritization 409
Recommending Mitigation Strategies 409
Finding: Shared Local Administrator Credentials 411
Finding: Weak Password Complexity 411
Finding: Plain Text Passwords 413
Finding: No Multifactor Authentication 413
Finding: SQL Injection 414
Finding: Unnecessary Open Services 415
Writing a Penetration Testing Report 415
Structuring the Written Report 415
Secure Handling and Disposition of Reports 417
Wrapping Up the Engagement 418
Post-Engagement Cleanup 418
Client Acceptance 419
Lessons Learned 419
Follow-Up Actions/Retesting 419
Attestation of Findings 419
Summary 420
Exam Essentials 420
Lab Exercises 421
Activity 12.1: Remediation Strategies 421
Activity 12.2: Report Writing 421
Review Questions 422
Appendix Answers to Review Questions 425
Chapter 1: Penetration Testing 426
Chapter 2: Planning and Scoping Penetration Tests 427
Chapter 3: Information Gathering 429
Chapter 4: Vulnerability Scanning 431
Chapter 5: Analyzing Vulnerability Scans 433
Chapter 6: Exploit and Pivot 434
Chapter 7: Exploiting Network Vulnerabilities 436
Chapter 8: Exploiting Physical and Social Vulnerabilities 438
Chapter 9: Exploiting Application Vulnerabilities 440
Chapter 10: Exploiting Host Vulnerabilities 442
Chapter 11: Script for Penetration Testing 444
Chapter 12: Reporting and Communication 445
Index 447


Bookscreen
e-books shop

Introduction
The CompTIA PenTest+ Study Guide: Exam PT0-001 provides accessible explanations
and real-world knowledge about the exam objectives that make up the PenTest+ certification.
This book will help you to assess your knowledge before taking the exam, as well as
provide a stepping stone to further learning in areas where you may want to expand your
skill set or expertise.
Before you tackle the PenTest+ exam, you should already be a security practitioner.
CompTIA suggests that test-takers should have intermediate-level skills based on their
cybersecurity pathway. You should also be familiar with at least some of the tools and techniques
described in this book. You don’t need to know every tool, but understanding how
to use existing experience to approach a new scenario, tool, or technology that you may not
know is critical to passing the PenTest+ exam.

CompTIA
CompTIA is a nonprofit trade organization that offers certification in a variety of IT areas,
ranging from the skills that a PC support technician needs, which are covered in the A+
exam, to advanced certifications like the CompTIA Advanced Security Practitioner, or
CASP, certification. CompTIA divides its exams into three categories based on the skill
level required for the exam and what topics it covers, as shown in the following table:
 Beginner/Novice   Intermediate   Advanced 
 IT Fundamentals
 A+
 Network+
 Security+
 CySA+
 PenTest+
 CASP
CompTIA recommends that practitioners follow a cybersecurity career path that begins
with the IT fundamentals and A+ exam and proceeds to include the Network+ and Security+
credentials to complete the foundation. From there, cybersecurity professionals may choose
the PenTest+ and/or Cybersecurity Analyst+ (CySA+) certifications before attempting the
CompTIA Advanced Security Practitioner (CASP) certification as a capstone credential.
The CySA+ and PenTest+ exams are more advanced exams, intended for professionals
with hands-on experience who also possess the knowledge covered by the prior exams.
CompTIA certifications are ISO and ANSI accredited, and they are used throughout
multiple industries as a measure of technical skill and knowledge. In addition, CompTIA
certifications, including the Security+ and the CASP, have been approved by the U.S. government
as Information Assurance baseline certifications and are included in the State
Department’s Skills Incentive Program.

The PenTest+ Exam
The PenTest+ exam is designed to be a vendor-neutral certification for penetration testers. It
is designed to assess current penetration testing, vulnerability assessment, and vulnerability
management skills with a focus on network resiliency testing. Successful test-takers will
prove their ability plan and scope assessments, handle legal and compliance requirements,
and perform vulnerability scanning and penetration testing activities using a variety of
tools and techniques, and then analyze the results of those activities.
It covers five major domains:
1. Planning and Scoping
2. Information Gathering and Vulnerability Identification
3. Attacks and Exploits
4. Penetration Testing Tools
5. Reporting and Communication
These five areas include a range of subtopics, from scoping penetration tests to performing
host enumeration and exploits, while focusing heavily on scenario-based learning.
The PenTest+ exam fits between the entry-level Security+ exam and the CompTIA
Advanced Security Practitioner (CASP) certification, providing a mid-career certification
for those who are seeking the next step in their certification and career path while specializing
in penetration testing or vulnerability management.
The PenTest+ exam is conducted in a format that CompTIA calls “performance-based
assessment.” This means that the exam uses hands-on simulations using actual security
tools and scenarios to perform tasks that match those found in the daily work of a security
practitioner. There may be multiple types of exam questions, such as multiple-choice, fillin-
the-blank, multiple-response, drag-and-drop, and image-based problems.
CompTIA recommends that test-takers have three or four years of information security–
related experience before taking this exam and that they have taken the Security+ exam or
have equivalent experience, including technical, hands-on expertise. The exam costs $346
in the United States, with roughly equivalent prices in other locations around the globe.
More details about the PenTest+ exam and how to take it can be found at

Study and Exam Preparation Tips
A test preparation book like this cannot teach you every possible security software package,
scenario, and specific technology that may appear on the exam. Instead, you should
focus on whether you are familiar with the type or category of technology, tool, process, or
scenario presented as you read the book. If you identify a gap, you may want to find additional
tools to help you learn more about those topics
Additional resources for hands-on exercises include the following:
■■ Exploit-Exercises.com provides virtual machines, documentation, and challenges covering
a wide range of security issues at https://exploit-exercises.com/.
■■ Hacking-Lab provides capture-the-flag (CTF) exercises in a variety of fields at
■■ The OWASP Hacking Lab provides excellent web application–focused exercises at
■■ PentesterLab provides a subscription-based access to penetration testing exercises at
■■ The InfoSec Institute provides online capture-the-flag activities with bounties for written
explanations of successful hacks at http://ctf.infosecinstitute.com/.
Since the exam uses scenario-based learning, expect the questions to involve analysis
and thought rather than relying on simple memorization. As you might expect, it is impossible
to replicate that experience in a book, so the questions here are intended to help you
be confident that you know the topic well enough to think through hands-on exercises.

Taking the Exam
Once you are fully prepared to take the exam, you can visit the CompTIA website to purchase
your exam voucher:
CompTIA partners with Pearson VUE’s testing centers, so your next step will be to
locate a testing center near you. In the United States, you can do this based on your address
or your zip code, while non-U.S. test-takers may find it easier to enter their city and country.
You can search for a test center near you at
Now that you know where you’d like to take the exam, simply set up a Pearson VUE
testing account and schedule an exam:
On the day of the test, take two forms of identification, and make sure to show up with
plenty of time before the exam starts. Remember that you will not be able to take your notes,
electronic devices (including smartphones and watches), or other materials in with you.

After the PenTest+ Exam
Once you have taken the exam, you will be notified of your score immediately, so you’ll
know if you passed the test right away. You should keep track of your score report with
your exam registration records and the email address you used to register for the exam. If
you’ve passed, you’ll receive a handsome certificate, similar to the one shown here:
Loading...
DMCA.com Protection Status