Whew! How may questions in Pentest+ about Script Analysis?

egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
For those of y'all who have taken the exam how many script analysis questions did you encounter?  I mean those questions where you have to look at the script then say what the script is doing?

I'm just curious about this because I've been studying using the Mike Chapple book Pentest+ Study Guide and the chapter on script analysis is quite intense.  You're literally learning programming in Python, Bash, Powershell, etc.
B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+

Comments

  • iBrokeITiBrokeIT Member Posts: 1,318 ■■■■■■■■■□
    Good, someone claiming to have a certified pentest test skillset should be able to read, understand, and edit basic scripts at a very minimum.  Many of the pentest tools run on those languages and you need to know how to modify them to meet your testing criteria.  

    You should download the exam blueprint from Comptia's website which has the detail exam breakdown.
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON | GDAT
    2023: GREM  | GSE | GCFA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops SANS Grad Cert: Incident Response
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    From exam blue print

    Objective 4.4 :Given a scenario, analyze a basic script (limited to Bash, Python, Ruby, and PowerShell).
    • Logic - Looping - Flow control
    • I/O - File vs. terminal vs. network
    • Substitutions
    • Variables
    • Common operations - String operations - Comparisons
    • Error handling
    • Arrays
    • Encoding/decoding

    Well. basic programming is into scope :) So it is up to you if you take the chance to be less prepared for those question :)
  • egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
    yeah, but from personal experience with the exam has anybody actually checked the number of scripting-related questions?
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    Discussing such specific information about the exam's content would be a violation of the CompTIA non-disclosure agreement that we have all signed--including you.
  • egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
    Ok.  I've found a solution to this though. In the book Pentest+ Study Guide (by Mike Chapple, David Seidl) they have a system for identifying what type of script you're presented with.  It also provides many effective ways to learn the various components of scripting (Flow Control, Variables, etc).  

    Problem solved  :)
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    edited June 2020
    Took the beta version 1, so my anecdote probably isn't all that accurate anymore. That said, from I remember, I left the testing center with the feeling that if I didn't have a good grasp on how to read a script, I would not have passed. There were numerous script questions.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
    yoba222 said:
    Took the beta version 1, so my anecdote probably isn't all that accurate anymore. That said, from I remember, I left the testing center with the feeling that if I didn't have a good grasp on how to read a script, I would not have passed. There were numerous script questions.
    From the book above I picked up creative ways on how to recognize whether a script was done in Bash, PowerShell, Ruby, or Python.

    I ENDED my relationship with Ruby my ex-girlfriend (Ruby scripts always contain an END statement)
    I bashed the IF backwards into FI (Bash scripts always end with FI, or the reverse of the conditional statement)
    I crown my sayings with powerful crowns {} (PowerShell statements use curly braces which I see as crowns for memorization)
    A python looks like a colon-the large intestine (Only Python scripts use colons)

    So for the recognition part they give you a nice methodical way.  I went further by associating them with creative stories.
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
  • charismaticxcharismaticx Member Posts: 160 ■■■■□□□□□□
    When I took it last year, it had a quite a bit of of scripting questions. If you know how to break down the script then you generally have an idea of what it’s doing. Scripting has always been a weak area of mine, but it’s something I have worked on the last few months. 
    Goals: PNPT; OSCP; GPYC; GSE
  • r073rr073r Member Posts: 10 ■■■□□□□□□□
    edited November 2020
    egrizzly said:
    Ok.  I've found a solution to this, though. In the book Pentest+ Study Guide (by Mike Chapple, David Seidl) they have a system for identifying what type of script you're presented with.  It also provides many effective ways to learn the various components of scripting (Flow Control, Variables, etc).  

    Problem solved  :)

    Found the chapter that's 11 right will go through it after breaking the other chapters in half, tho i already have experience of some chapters want to take this around December and just ace it once and for all. LOL
  • bjpeterbjpeter Member Posts: 198 ■■■□□□□□□□
    egrizzly said:
    For those of y'all who have taken the exam how many script analysis questions did you encounter?  I mean those questions where you have to look at the script then say what the script is doing?

    I'm just curious about this because I've been studying using the Mike Chapple book Pentest+ Study Guide and the chapter on script analysis is quite intense.  You're literally learning programming in Python, Bash, Powershell, etc.
    When do you plan to retake PenTest+?
    2021 Goals (2): SSCP, eCPPT
    Achieved (27): Certified Associate in Python Programming, Microsoft Certified: Azure Fundamentals, PenTest+, Project+, CySA+, Flutter Certified Application Developer, OCP Java EE 7 Application Developer, CCSP, OCP Java SE 11 Developer, CISSP, Linux+/LPIC-1, CCSKv4, OCE Java EE 6 JPA Developer, CSSLP, Server+, Cloud+, Arcitura Certified Cloud Professional, CASP+, Mobility+, Storage+, Android Certified Application Developer, OCP Java SE 8 Programmer, Security+, OCM Java SE 6 Developer, B.S. and M.S. in Computer Science
  • r073rr073r Member Posts: 10 ■■■□□□□□□□
    I just hope it'll be something straight forward and not the way poeple who passed it making it look scary 😸😅
Sign In or Register to comment.