About performance based test for PenTest+

newguy2000

Hi,
I have sat Pentest+ twice but failed.
Yes, my knowledge wasn't enough to pass but 20 to 30 more points to pass this.
Anyone would like to tell me how you guys managed to study/learn/understand how to tackle the performance-based test part?
I cannot find suitable material or past/similar questions/answers to get myself prepared.

regards

Find more posts tagged with

Pentest+ CEH CompTIA

PenTest+

comptia certification

Comments

Elitis

I think the best way to study for the exam in general (beyond just the performance scenarios) is to get familiar with the tools and attacks. TryHackMe has a Pentest+ path available and you could also play around in any of the rooms there or use another hands-on resource like HackTheBox, Virtual Hacking Labs, Pentester Academy, VulnHub, etc.

shochan

Yeah, I would suggest doing a practical pentesting exam instead...passing a hands on exam would be more valuable than taking an multiple choice exam IMO...I've taken the Pentest+ before and yes, it was a booger, don't plan on taking it again...and I agree with Elitis, subscribing to a few of those sites before tackling either of the types of exams you plan to take again. Good luck!

JDMurray

My weakest area that I could tell was in tool use. I can also see how non-programmers might have problems in the code items.

shochan

@JDMurray
Yeah, someone on YouTube or Online training site needs to sift through all the Kali programs & spend like an hour dissecting the in's and out's of EACH tool...It would definitely be a great money maker for them if they can pull it off well.

JDMurray

@shochan

Coincidentally enough, I was contracted by Pluralsight back in 2015 to make several courses explaining how to use the digital forensics tools included with Kali. I made an initial course detailing the basics of DF and basic imaging tools. PS decided not to pursue making courses on the more advanced DF tools--at least not with me--but the two courses I did make are excellent examples of what tools courses for cert prep would look like.

newguy2000

Dear All

Thanks for your helpful advice and really appreciate your kindness.

FluffyBunny

The others are correct that you'll do well to try and get practice with a few pentest learning boxes.

Aside to that I would recommend getting acquainted with the basic grammar of at least the following: Python, Javascript, PHP, Bash, Ruby, Perl, Powershell. And when I say "basic" I do mean basic: know how each language structures things like loops (for, while, etc.) and tests (if/then/else, case/switch, etc.) and how they set and call variables.

For example -> https://dev.to/rattanakchea/for-loop-for-different-programming-languages-bgb

Not knowing something simple as the following can trip you up:

Bash: VAR="bla"; echo ${VAR}
Powershell: $Var="bla"; echo ${Var}
Python: var="bla"; print(var)
PHP: $var="bla"; echo $var
Javascript: var var="bla"; console.log(var)
Ruby: Is a mess! Vars either start with $, @ or nothing and get called with or without #.

And those aren't even 100% correct

shochan

FluffyBunny said:

The others are correct that you'll do well to try and get practice with a few pentest learning boxes.

Aside to that I would recommend getting acquainted with the basic grammar of at least the following: Python, Javascript, Bash, Ruby, Perl, Powershell. And when I say "basic" I do mean basic: know how each language structures things like loops (for, while, etc.) and tests (if/then/else, case/switch, etc.) and how they set and call variables.

For example -> https://dev.to/rattanakchea/for-loop-for-different-programming-languages-bgb

It's probably why I failed the PenTest+, as I am no programmer...it's probably my weakness whilst trying to get into pentesting, though I have over 20yrs of sys admin experience. I will eventually "get it" it just takes more experiences.

FluffyBunny

shochan said:
It's probably why I failed the PenTest+, as I am no programmer...

You and me both!

I'm just very happy I can plod my way through someone else's Java code well enough if I know there's a vulnerability in there.

newguy2000

By the way, does following is useful for passing the exam? I sat yesterday for my 3rd trial and scored 730(pass mark is 750...damm it!!)

<CompTIA CertMaster Learn for PenTest+ (PT0-001) – Individual License >
https://jp-store.comptia.org/p/PEN-001-CMLR-2018