Transcription
Certified Penetration Testing Professional (CPENT)Exam Blueprint v1
Certified Penetration Testing ProfessionalExam BlueprintExam 412-80Certified Penetration Testing ProfessionalExam Blueprint(Version 1)S. No.DomainSub DomainDomain %1.1 Overview of Penetration Testing1.2 Penetration Testing Types1.3 Penetration Testing Process1.4 Penetration Testing Methodology1.5 Ethics of a Penetration Tester1.6 Collecting the Penetration Testing Requirements1.7 Preparing Response Requirements for ,Scoping andEngagement1.8 Drafting Timeline and Quote for PenetrationTesting1.9 Creating Rules of Engagement (ROE)5%1.10 Estimating the Timeline for the Engagement1.11 Identifying the Resources Required for thePenetration Testing1.12 Handling Legal Issues in Penetration TestingEngagement1.13 Preparing Penetration Testing Team1.14 Preparing a Penetration Testing Test Plan1.15 Obtaining Permissions for Penetration Testing1.16 Handling Scope Creeping During Pen TestingPage 1Certified Penetration Testing Professional Copyright by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Certified Penetration Testing ProfessionalExam BlueprintExam 412-802.1 OSINT through World Wide Web (WWW)2.2 OSINT through Website Analysis2.3 OSINT through DNS Interrogation2.4 OSINT Tools/Frameworks/Scripts2.5 Social Engineering Penetration Testing Concepts2InformationGathering2.6 Social Engineering Penetration Testing using Email Attack Vector7%2.7 Social Engineering Penetration Testing usingTelephone Attack Vector2.8 Social Engineering Penetration Testing usingPhysical Attack Vector2.9 Creating a Social Engineering PenetrationTesting Report3.1 Overview of External Penetration Testing3.2 Port Scanning on Target3.3 OS and Service Fingerprinting on Target3.4 Conducting Vulnerability Research3.5 Exploit Verification3.6 Overview of Internal Penetration Testing3.7 Footprinting on Internal Network3.8 Network Scanning on Internal Network3NetworkPenetrationTesting3.9 OS and Service Fingerprinting on InternalNetwork45%3.10 Various Enumeration Techniques for InternalNetwork3.11 Vulnerability Assessment/ Scanning3.12 Windows Exploitation3.13 Unix/Linux Exploitation3.14 Testing Interwork Network against VariousTypes of Attacks3.15 Automating Internal Network Penetration TestEffort3.16 Post Exploitation activitiesPage 2Certified Penetration Testing Professional Copyright by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Certified Penetration Testing ProfessionalExam BlueprintExam 412-803.17 Testing Interwork Network Using AdvancedTips and Techniques3.18 Assessing Firewall Security Implementation3.19 Assessing IDS Security Implementation3.20 Assessing Security of Routers3.21 Assessing Security of Switches4.1 Overview of Web Application PenetrationTesting4.2 Discovering Web Application Default Content4.3 Discovering Web Application Hidden Content4.4 Web Vulnerability Scanning4.5 Testing for SQL Injection Vulnerabilities4.6 Testing for XSS Vulnerabilities4.7 Testing for Parameter Tampering4.8 Testing for Weak Cryptography Vulnerabilities4Web ApplicationPenetrationTesting4.9 Testing for Security MisconfigurationVulnerabilities16%4.10 Testing for Client-Side Attack4.11 Testing for Broken the Authentication andAuthorization Vulnerabilities4.12 Testing for Broken Session ManagementVulnerabilities4.13 Testing for Web Services Vulnerabilities4.14 Testing for Business Logic Flaws4.15 Testing for Web Server Vulnerabilities4.16 Testing for Thick Clients Vulnerabilities4.17 Testing for Wordpress5.1 Overview of Wireless Penetration Testing5Wireless and IoTPenetrationTesting5.2 Wireless Local Area Network (WLAN)Penetration Testing4%5.3 RFID Penetration Testing5.4 NFC Penetration TestingPage 3Certified Penetration Testing Professional Copyright by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
Certified Penetration Testing ProfessionalExam BlueprintExam 412-805.5 Understanding IoT Attacks and Threats5.6 IoT Penetration Testing6.1 Understanding OT/SCADA Concepts6.2 Overview of Modbus6.3 ICS and SCADA Penetration Testing66.4 Understanding Cloud Computing Security andIndustrialConcernsControls and6.5 Understanding the Scope of Cloud Pen TestingCloud Penetration6.6 Cloud Penetration TestingTesting7%6.7 AWS Specific Penetration Testing6.8 Azure Specific Penetration Testing6.9 Google Cloud Platform Specific PenetrationTesting7Binary Analysisand Exploitation7.1 Overview of Binary Coding Concepts7.2 Understanding Binary Analysis Methodology11%8.1 Overview of Penetration Testing Report8.2 Understanding the Different Phases of ReportDevelopment8Reporting andPost TestingActions8.3 Understanding various Components ofPenetration Testing Report5%8.4 Analyzing Penetration Testing Report8.5 Overview of Penetration Testing Report Delivery8.6 Understanding Post Testing ActionsPage 4Certified Penetration Testing Professional Copyright by EC-CouncilAll Rights Reserved. Reproduction is Strictly Prohibited.
5.6 IoT Penetration Testing 6 Industrial Controls and Cloud Penetration Testing 6.1 Understanding OT/SCADA Concepts 7% 6.2 Overview of Modbus 6.3 ICS and SCADA Penetration Testing 6.4 Understanding Cloud Computing Security and Concerns 6.5 Understanding the Scope of Cloud Pen Testing 6.6 Cloud Penetration Testing 6.7 AWS Specific Penetration .
