Whew! How may questions in Pentest+ about Script Analysis?
For those of y'all who have taken the exam how many script analysis questions did you encounter? I mean those questions where you have to look at the script then say what the script is doing?
I'm just curious about this because I've been studying using the Mike Chapple book Pentest+ Study Guide and the chapter on script analysis is quite intense. You're literally learning programming in Python, Bash, Powershell, etc.
I'm just curious about this because I've been studying using the Mike Chapple book Pentest+ Study Guide and the chapter on script analysis is quite intense. You're literally learning programming in Python, Bash, Powershell, etc.
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Tagged:
Comments
-
iBrokeIT Member Posts: 1,318 ■■■■■■■■■□Good, someone claiming to have a certified pentest test skillset should be able to read, understand, and edit basic scripts at a very minimum. Many of the pentest tools run on those languages and you need to know how to modify them to meet your testing criteria.
You should download the exam blueprint from Comptia's website which has the detail exam breakdown.2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response -
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□From exam blue print
Objective 4.4 :Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell).
• Logic - Looping - Flow control
• I/O - File vs. terminal vs. network
• Substitutions
• Variables
• Common operations - String operations - Comparisons
• Error handling
• Arrays
• Encoding/decoding
Well. basic programming is into scope So it is up to you if you take the chance to be less prepared for those question -
egrizzly Member Posts: 533 ■■■■■□□□□□yeah, but from personal experience with the exam has anybody actually checked the number of scripting-related questions?B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
-
JDMurray Admin Posts: 13,099 AdminDiscussing such specific information about the exam's content would be a violation of the CompTIA non-disclosure agreement that we have all signed--including you.
-
egrizzly Member Posts: 533 ■■■■■□□□□□Ok. I've found a solution to this though. In the book Pentest+ Study Guide (by Mike Chapple, David Seidl) they have a system for identifying what type of script you're presented with. It also provides many effective ways to learn the various components of scripting (Flow Control, Variables, etc).
Problem solvedB.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+ -
yoba222 Member Posts: 1,237 ■■■■■■■■□□Took the beta version 1, so my anecdote probably isn't all that accurate anymore. That said, from I remember, I left the testing center with the feeling that if I didn't have a good grasp on how to read a script, I would not have passed. There were numerous script questions.A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
egrizzly Member Posts: 533 ■■■■■□□□□□yoba222 said:Took the beta version 1, so my anecdote probably isn't all that accurate anymore. That said, from I remember, I left the testing center with the feeling that if I didn't have a good grasp on how to read a script, I would not have passed. There were numerous script questions.
I ENDED my relationship with Ruby my ex-girlfriend (Ruby scripts always contain an END statement)
I bashed the IF backwards into FI (Bash scripts always end with FI, or the reverse of the conditional statement)
I crown my sayings with powerful crowns {} (PowerShell statements use curly braces which I see as crowns for memorization)
A python looks like a colon-the large intestine (Only Python scripts use colons)
So for the recognition part they give you a nice methodical way. I went further by associating them with creative stories.B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+ -
charismaticx Member Posts: 163 ■■■■□□□□□□When I took it last year, it had a quite a bit of of scripting questions. If you know how to break down the script then you generally have an idea of what it’s doing. Scripting has always been a weak area of mine, but it’s something I have worked on the last few months.
Certs: Sec +, GSEC, GCED, GCIH, CEH, CySA, GSNA, CASP, PenTest + , GCIA, APTC, Linux +, AWS CCP, CISM, GPEN, GCWN, GSLC, GCCC, PCNSA, AWS Solutions Architect
Goals: PNPT; OSCP; GPYC; GSE -
r073r Member Posts: 10 ■■■□□□□□□□egrizzly said:Ok. I've found a solution to this, though. In the book Pentest+ Study Guide (by Mike Chapple, David Seidl) they have a system for identifying what type of script you're presented with. It also provides many effective ways to learn the various components of scripting (Flow Control, Variables, etc).
Problem solved
Found the chapter that's 11 right will go through it after breaking the other chapters in half, tho i already have experience of some chapters want to take this around December and just ace it once and for all. LOL -
bjpeter Member Posts: 198 ■■■□□□□□□□egrizzly said:For those of y'all who have taken the exam how many script analysis questions did you encounter? I mean those questions where you have to look at the script then say what the script is doing?
I'm just curious about this because I've been studying using the Mike Chapple book Pentest+ Study Guide and the chapter on script analysis is quite intense. You're literally learning programming in Python, Bash, Powershell, etc.2021 Goals (2): SSCP, eCPPT
Achieved (27): Certified Associate in Python Programming, Microsoft Certified: Azure Fundamentals, PenTest+, Project+, CySA+, Flutter Certified Application Developer, OCP Java EE 7 Application Developer, CCSP, OCP Java SE 11 Developer, CISSP, Linux+/LPIC-1, CCSKv4, OCE Java EE 6 JPA Developer, CSSLP, Server+, Cloud+, Arcitura Certified Cloud Professional, CASP+, Mobility+, Storage+, Android Certified Application Developer, OCP Java SE 8 Programmer, Security+, OCM Java SE 6 Developer, B.S. and M.S. in Computer Science -
r073r Member Posts: 10 ■■■□□□□□□□I just hope it'll be something straight forward and not the way poeple who passed it making it look scary 😸😅