CompTIA PenTest+ PT0-001 vs. PT0-002: What’s the Difference?

 

IT certifications show employers that candidates have the knowledge and skills they need to do the job, and they help IT pros advance in their careers. As cybersecurity has become a critical function, cybersecurity certifications are among the most popular IT certifications globally.

The CompTIA PenTest+ certification is a vendor-neutral, internationally targeted validation of intermediate-level penetration testing (or pen testing) knowledge and skills. It focuses on the latest pen testing techniques, attack surfaces, vulnerability management, post-delivery and compliance tasks.

The skills covered by CompTIA PenTest+ help companies comply with regulations, such as PCI-DSS and NIST 800-53 Risk Management Framework (RMF), which require pen tests, vulnerability assessments and reports. CompTIA PenTest+ is approved under the Department of Defense (DoD) Directive 8140/8570.01-M and under ANSI/ISO standard 17024.

IT Jobs Related to CompTIA PenTest+
The next version of CompTIA PenTest+ (PT0-002) is slated to launch in October 2021. CompTIA updates its certifications every three years to keep up with evolving technology, so your skills are relevant and you stay up to date on the latest technologies.

When CompTIA updates exams, Subject Matter Experts (SMEs) from the industry participate in workshops to write and review the content, ensuring that the exam domains, objectives and questions validate the skills needed on the job today.

Cybersecurity experts from the following companies contributed to the update of CompTIA PenTest+:
RxSense
John Hopkins University Applied Physics Laboratory
U.S. Army
Target Corp.
General Dynamics IT (GDIT)
Ricoh

CompTIA PenTest+ PT0-001 vs PT0-002
CompTIA PenTest+ addresses the latest trends, techniques and attack surfaces – covering the core and intermediate skills in penetration testing and vulnerability management, ensuring high performance on the job. Let’s break down some of the highlights.

CompTIA PenTest+ Exam Domains
The exam domains covered in CompTIA PenTest+ PT0-001 and PT0-002 are not vastly different, as they are still relevant to the job roles, but you will see some slight changes.

We changed the name of exam domain 2.0 from Information Gathering and Vulnerability Identification to Information Gathering and Vulnerability Scanning.
We also swapped the order of two domains – what was formerly 5.0 Reporting and Communication is now 4.0, (with the same name), and what was formerly 4.0 Penetration Testing Tools is now 5.0 Tools and Code Analysis.

CompTIA PenTest+ PT0-002 Exam Domains
1. Planning and Scoping (14%)
2. Information Gathering and Vulnerability Scanning (22%)
3. Attacks and Exploits (30%)
4. Reporting and Communication (18%)
5. Tools and Code Analysis (16%)

CompTIA PenTest+ PT0-001 Equivalency Exam Domain

How It Applies to the Job

1.0 Planning and Scoping
Includes updated techniques emphasizing governance, risk and compliance concepts, scoping and organizational/customer requirements and demonstrating an ethical hacking mindset
Pen testers can be held criminally liable when operating without ethics or proper approvals. Pen testing is required for compliance to regulations such as PCI-DSS and the NIST 800-53 RMF.

2.0 Information Gathering and Vulnerability Scanning
Includes updated skills on performing vulnerability scanning and passive/active reconnaissance, vulnerability management as well as analyzing the results of the reconnaissance exercise
Automation is required for modern vulnerability management to counteract automated attacks. Organizations must efficiently mitigate vulnerabilities, avoiding unnecessary dangers to operations.

3.0 Attacks and Exploits
Includes updated approaches to expanded attack surfaces; researching social engineering techniques; performing network, wireless, cloud and application-based attacks; and post-exploitation techniques

Updated skills are needed to secure multiple attack surfaces; 87% of CompTIA-certified IT pros already work in expansive hybrid environments (both on-premises and in the cloud), and 93% work in multi-cloud environments.

4.0 Reporting and Communication
Expanded to focus on the importance of reporting and communication in an increased regulatory environment during the pen testing process through analysis and appropriate remediation recommendations
Communication is critical for the penetration testing lifecycle because collaboration is essential for identifying and managing vulnerabilities. Reporting is especially important for complying with regulations.

5.0 Tools and Code Analysis
Includes updated concepts of identifying scripts in software deployments, analyzing a script or code sample and explaining use cases of pen test tools (Note: Scripting and coding is not required)
Exposure to different scripts and code samples provides an expanded toolbox to help pen testers progress through their career. Pen testers work with scripting more as they advance in their careers.

How to Train for CompTIA PenTest+
It may seem like CompTIA PenTest+ covers a lot of ground, but don’t worry, we’ve got your back. CompTIA offers training solutions, including study guides, online self-study tools and instructor-led courses that are designed to cover what you need to know for your CompTIA exam. No other content library covers all the exam objectives for all certifications.

CompTIA training solutions help you prepare for your CompTIA certification exam with confidence. Whether you are just starting to prepare and need comprehensive training with CompTIA CertMaster Learn, want to apply your knowledge hands-on with CompTIA Labs or need a final review with CompTIA CertMaster Practice, CompTIA's online training tools have you covered.

QUESTION 1
Which of the following commands will allow a penetration tester to permit a shell script to be executed by the file owner?

A. chmod u+x script.sh
B. chmod u+e script.sh
C. chmod o+e script.sh
D. chmod o+x script.sh

Answer: A

QUESTION 2
A penetration tester gains access to a system and establishes persistence, and then run the following commands:
Which of the following actions is the tester MOST likely performing?

A. Redirecting Bash history to /dev/null
B. Making a copy of the user’s Bash history to further enumeration
C. Covering tracks by clearing the Bash history
D. Making decoy files on the system to confuse incident responders

Answer: C

QUESTION 3
A compliance-based penetration test is primarily concerned with:

A. obtaining PII from the protected network.
B. bypassing protection on edge devices.
C. determining the efficacy of a specific set of security standards.
D. obtaining specific information from the protected network.

Answer: C

QUESTION 4
A penetration tester is explaining the MITRE ATT&CK framework to a company’s chief legal counsel.
Which of the following would the tester MOST likely describe as a benefit of the framework?

A. Understanding the tactics of a security intrusion can help disrupt them.
B. Scripts that are part of the framework can be imported directly into SIEM tools.
C. The methodology can be used to estimate the cost of an incident better.
D. The framework is static and ensures stability of a security program over time.

Answer: A

Examkingdom CompTIA PT0-002 Exam pdf, Certkingdom CompTIA PT0-002 PDF

Best CompTIA PT0-002 Certification, CompTIA PT0-002 Training at certkingdom.com

CIS-PPM Certified Implementation Specialist - Project Portfolio Management (PPM) Exam

 

Introduction
The ServiceNow Certified Implementation Specialist – Project Portfolio Management (PPM) Exam Specification defines the purpose, audience, testing options, exam content coverage, test framework, and prerequisites to become a ServiceNow Certified PPM Implementation Specialist.

Exam Purpose
The ServiceNow Certified Implementation Specialist – Project Portfolio Management (PPM) exam certifies that a successful candidate has the skills and essential knowledge to contribute to the configuration, implementation, and maintenance of ServiceNow PPM applications.

Exam Audience
The ServiceNow Certified Implementation Specialist Project Portfolio Management (PPM) exam is available to ServiceNow customers, partners, employees, and others interested in becoming a ServiceNow PPM Certified Implementation Specialist.

Exam Preparation
Exam questions are based on official ServiceNow training materials, the ServiceNow documentation site, and the ServiceNow developer site. Study materials posted elsewhere online are not official and should not be used to prepare for the examination.

Prerequisite ServiceNow Training Path
ServiceNow requires the completion of the following prerequisite training course(s) in preparation for the Certified Implementation Specialist – Project Portfolio Management exam. Information provided in the following ServiceNow training course(s) contain source material for the exam.
• ServiceNow Fundamentals (ILT)
• ServiceNow Get Started with Now Create (On Demand)
• ServiceNow Platform Implementation (ILT)
• Get Started with Innovation Management
• Project Portfolio Management (PPM) Fundamentals
• Performance Analytics (PA) Essentials
• Project Portfolio Management (PPM) Implementation Simulator
• ServiceNow Project Portfolio Management (PPM) Implementation - *Upon completion, the candidate will be eligible to collect a voucher for the Certified Implementation Specialist – Project Portfolio Management exam. Voucher may require payment.

Click here to explore the learning path.
Recommended Knowledge & Education

ServiceNow recommends completion of the following Training Course(s) and Certification(s) in preparation for the exam.
• ServiceNow Product Documentation Site
• ServiceNow Fundamentals
• ServiceNow Platform Implementation

Additional Recommended Experience
• General familiarity with general industry terminology, acronyms, and initialisms
• Six months field experience participating in ServiceNow deployment projects or maintaining ServiceNow instances

Exam Scope
Exam content is divided into Learning Domains that correspond to key topics and activities typically encountered during ServiceNow implementations. In each Learning Domain, specific learning objectives have been identified and are tested in the exam.

The following table shows the learning domains, weightings, and sub-skills measured by this exam and the percentage of questions represented in each domain. The listed sub-skills should NOT be considered an all-inclusive list of exam content.

1 PPM Implementation Overview 2%
• Overview of PPM
• PPM Business Outcome Model
• PPM Personas
• Now Create Methodology

2 PPM Application Overview 22%
• Plugins
• Tables & Data Models
• Properties & Preferences
• User & Role Administration
• Group Administration

3 Idea & Demand Configuration 21%
• Configuring Idea
• Idea to Task Process Flow
• Idea to Demand
• Defining Stakeholders
• Assessments
• Demand Visualization Capabilities

4 Project Configuration 21%
• Project Templates
• Project Workspace
• Planning Console
• Investment Portal
• Status Reports
• RIDAC

5 PPM Teamspace Configuration 2%
• Architecture
• Roles & Tables
• Teamspace Configuration

6 Resource Management Configuration 17%
• Resource Allocation Workbench
• State, Schedules, Calendars & Reports

7 PPM Financials 8%
• Cost Types & Fiscal Calendar
• Financial Baseline & Planning Grid
• Multi-Currency
• Rate Model
• Investment Funding

8 Time Tracking Configuration 5%
• Generate a Time Card
• Categories & Policies
• Rate Types

9 PPM Performance Analytics, Reporting & Dashboards 2%
• Performance Analytics
• Reporting
• Dashboards

---

QUESTION 1
Which of the following checks to see if the assessable record exists for the demand and creates an assessable record if none exists?

A. Validate Assessment Metrics for Demand
B. Auto Business Rule for Assessments
C. Update Demand State
D. Create OnDemand Assessment

Answer: D
Section: (none)
Explanation
Explanation/Reference:
 

---

QUESTION 2
Projects and which other artifact can be linked to either a program, a portfolio, both, or neither.

A. Demands
B. Test Cases
C. Resources
D. Stories

Answer: A
Section: (none)
Explanation
Explanation/Reference:
 

---

QUESTION 3
If Scenario Planning for PPM is installed, a portfolio manager can access the Portfolio Planning Workbench by
navigating to which of the following? (Choose two.)

A. Project module
B. Program Workbench
C. Portfolio Planning related link
D. Portfolio Planning Workbench module

Answer: C,D

Examkingdom ServiceNow CIS-PPM  Exam pdf, Certkingdom ServiceNow CIS-PPM  PDF

Best ServiceNow CIS-PPM  Certification, ServiceNow CIS-PPM  Training at certkingdom.com

Google Looker Business Analyst Exam

Looker Business Analyst
A Looker Business Analyst uses Looker daily to create and curate content, develop reports, and use visualizations to represent data. A Business Analyst should be able to use Looker to query data and create actionable metrics, validate data accuracy, and apply procedural concepts to identify error sources. A Business Analyst can build Looker dashboards to meet business requirements, deliver reports for data consumers, and use appropriate visualizations to meet analysis requirements. A Business Analyst can apply procedural concepts to curate content for intuitive navigation and control it for security.

The Looker Business Analyst exam assesses your knowledge of:
Scheduling and sharing Looks and dashboards
Table calculations and Looker expressions
Customize and advanced filters
The impacts of pivoting
Best practices around designing dashboards
The fundamentals of caching


About this certification exam
Length: 100 minutes
Registration fee: $250
Languages: English
Exam format: Multiple choice and multiple select taken remotely or in person at a test center. Locate a test center near you.

Exam delivery method:
1. Take the online-proctored exam from a remote location, review the online testing requirements.
2. Take the onsite-proctored exam at a testing center, locate a test center near you.

Prerequisites: None
Recommended experience: Business analysts with 5+ months of experience using Looker for report development, data visualization, and dashboard best practices.

Exam overview

Step 1: Understand what's on the exam
The exam guide contains a complete list of topics that may be included on the exam. Review the exam guide to determine if your knowledge aligns with the topics on the exam.

Looker Business Analyst

Certification exam guide
A Looker Business Analyst uses Looker daily to create and curate content, develop reports, and use visualizations to represent data. A Business Analyst should be able to use Looker to query data and create actionable metrics, validate data accuracy, and apply procedural concepts to identify error sources. A Business Analyst can build Looker dashboards to meet business requirements, deliver reports for data consumers, and use appropriate visualizations to meet analysis requirements. A Business Analyst can apply procedural concepts to curate content for intuitive navigation, and control it for security.

Section 1: Analyze

1.1 Use Looker Explores to query data and create actionable metrics in a given scenario. For example:
Utilize requirements and create queries using fields (e.g., dimensions, measures, filters, pivots)
Determine additional metrics needed and construct custom metrics using table calculations
Determine how to utilize filters (e.g., standard filters, matches advanced filters, and custom filters)
Determine which fields to use merge results for joining across different Explores and data sources

1.2 Use Looker to validate data accuracy in a given scenario. For example:
Investigate data results to determine accuracy (e.g., using SQL, drilling, A/B testing, comparisons)
Investigate discrepancies by viewing row-level data using Explores (e.g., review individual dimension values that make up the result of a measure)

1.3 Apply procedural concepts to identify error sources. For example:
Utilize Looker's features to determine the cause of the error (e.g., read error message to get context)
Interpret error message to identify the source (e.g., caused by the database, query, LookML code, permissions, visualizations)

Section 2: Build
2.1 Build dashboards to meet business requirements. For example:

Construct dashboards to meet requirements (e.g., using dashboard filters, merged results)
Apply procedural concepts to design impactful dashboards (e.g., storytelling, tile organization, use of text tiles, amount of data per dashboard)

2.2 Deliver reports for data consumers. For example:
Determine appropriate report delivery methods (e.g., file format, destination, delivery cadence, recipients, scheduling, sending, downloading, test delivery)
Determine appropriate download configurations (e.g., no option for unlimited downloads, table calculations, pivots, lack of permissions, database limitations)

2.3 Use visualization types to meet analysis requirements in a given scenario. For example:
Select appropriate visualizations to illustrate data results (e.g., bar, line, scatter, column, pie)
Determine which visualization settings to use (e.g., conditional formatting, subtotals, double axis, value label format using spreadsheet functions, grouping)

Section 3: Curate

3.1 Apply procedural concepts to curate content for intuitive navigation. For example:
Determine appropriate setups for folders and boards (e.g., structures, subfolders, hierarchy)
Apply naming conventions to identify folders, boards, or other content for users (e.g., clear titles, description fields, naming folders, content, and conventions)

3.2 Apply procedural concepts to control content access for security. For example:
Utilize appropriate Explores based on audience to prevent data leak (e.g., restricting sensitive data to specific users)
Assign folders and boards permissions to organize content based on user groups

Examkingdom Google Looker Business Analyst Exam pdf, Certkingdom Google Looker Business Analyst PDF

Best Google Looker Business Analyst Certification, Google Looker Business Analyst Training at certkingdom.com

 

MS-101 Microsoft 365 Mobility and Security Exam updated on November 24, 2021

 

The content of this exam was updated on November 24, 2021. Please download the skills measured document below to see what changed.

Exam MS-101: Microsoft 365 Mobility and Security
Languages: English, Japanese
Retirement date: none

This exam measures your ability to accomplish the following technical tasks: implement modern device services; implement Microsoft 365 security and threat management; and manage Microsoft 365 governance and compliance.

Skills measured
The content of this exam was updated on November 24, 2021. Please download the exam skills outline below to see what changed.
Implement modern device services (40-45%)
Implement Microsoft 365 security and threat management (20-25%)
Manage Microsoft 365 governance and compliance (35-40%)

Audience Profile
Candidates for this exam are Microsoft 365 Enterprise Administrators who take part in evaluating, planning, migrating, deploying, and managing Microsoft 365 services. They perform Microsoft 365 tenant management tasks for an enterprise, including its identities, security, compliance, and supporting technologies.

Candidates have a working knowledge of Microsoft 365 workloads and should have been an administrator for at least Exchange, SharePoint, Teams, Windows 10 deployment. Candidates also have a working knowledge of networking, server administration, and IT fundamentals such as DNS, Active Directory, and PowerShell.

Skills Measured
NOTE: The bullets that follow each of the skills measured are intended to illustrate how we are assessing that skill. This list is NOT definitive or exhaustive.
NOTE: Most questions cover features that are General Availability (GA). The exam may contain questions on Preview features if those features are commonly used.

Implement modern device services (40-45%)

Plan device management
 plan device monitoring
 plan Microsoft Endpoint Manager implementation and integration with Azure AD
 plan co-management between Endpoint Configuration Manager and Intune
 plan for configuration profiles

Manage device compliance
 plan for device compliance
 plan for attack surface reduction
 configure security baselines
 configure device compliance policy
 plan and configure conditional access policies

Plan for apps
 create and configure Microsoft Store for Business
 plan app deployment
 plan for mobile application management (MAM)

Plan Windows 10 deployment
 plan for Windows as a Service (WaaS)
 plan for managing Windows quality and feature updates
 plan Windows 10 Enterprise deployment methods
 analyze upgrade readiness for Windows 10 by using services such as Desktop Analytics
 evaluate and deploy additional Windows 10 Enterprise security features

Enroll devices
 plan for device join or device registration to Azure Active Directory (Azure AD)
 plan for manual and automated device enrollment into Intune
 enable device enrollment into Intune

Implement Microsoft 365 security and threat management (20-25%)

Manage security reports and alerts
 evaluate and manage Microsoft Office 365 tenant security by using Secure Score
 manage incident investigation
 review and manage Microsoft 365 security alerts

Plan and implement threat protection with Microsoft 365 Defender
 plan Microsoft Defender for Endpoint
 design Microsoft Defender for Office 365 policies
 implement Microsoft Defender for Identity

Plan Microsoft Cloud App Security
 plan information protection by using Cloud App Security
 plan policies to manage access to cloud apps
 plan for application connectors
 configure Cloud App Security policies
 review and respond to Cloud App Security alerts
 monitor for unauthorized cloud applications

Manage Microsoft 365 governance and compliance (35-40%)

Plan for compliance requirements
 plan compliance solutions
 assess compliance
 plan for and implement privileged access management
 plan for legislative and regional or industry requirements and drive implementation

Manage information governance
 plan data classification
 plan for classification labeling
 plan for restoring deleted content
 implement records management
 design data retention labels and policies in Microsoft 365

Implement Information protection
 plan an information protection solution
 plan and implement sensitivity labels and policies
 monitor label alerts and analytics
 deploy Azure Information Protection unified labels clients
 configure Information Rights Management (IRM) for workloads
 plan for Windows information Protection (WIP) implementation

Plan and implement data loss prevention (DLP)
 plan for DLP
 configure DLP policies
 monitor DLP

Manage search and investigation
 plan and configure auditing
 plan and configure eDiscovery
 implement and manage insider risk management
 design a Content Search solution

QUESTION 1
Note: This question is part of a series of questions that present the same scenario. Each question in
the series contains a unique solution that might meet the stated goals. Some question sets might have
more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You are deploying Microsoft Endpoint Manager.
You successfully enroll Windows 10 devices in Endpoint Manager.
When you try to enroll an iOS device in Endpoint Manager, you get an error.
You need to ensure that you can enroll the iOS device in Endpoint Manager.
Solution: You add your user account as a device enrollment manager.
Does this meet the goal?

A. Yes
B. No

Answer: B

QUESTION 2
Note: This question is part of a series of questions that present the same scenario. Each question in
the series contains a unique solution that might meet the stated goals. Some question sets might have
more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You are deploying Microsoft Endpoint Manager.
You successfully enroll Windows 10 devices in Endpoint Manager.
When you try to enroll an iOS device in Endpoint Manager, you get an error.
You need to ensure that you can enroll the iOS device in Endpoint Manager.
Solution: You configure the Apple MDM Push certificate.
Does this meet the goal?

A. Yes
B. No

Answer: A

QUESTION 3
Note: This question is part of a series of questions that present the same scenario. Each question in
the series contains a unique solution that might meet the stated goals. Some question sets might have
more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
You are deploying Microsoft Endpoint Manager.
You successfully enroll Windows 10 devices in Endpoint Manager.
When you try to enroll an iOS device in Endpoint Manager, you get an error.
You need to ensure that you can enroll the iOS device in Endpoint Manager.
Solution: You create an Apple Configurator enrollment profile.
Does this meet the goal?

A. Yes
B. No

Answer: B

QUESTION 4
Note: This question is part of a series of questions that present the same scenario. Each question in
the series contains a unique solution that might meet the stated goals. Some question sets might have
more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure
Active Directory (Azure AD).
You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).
You configure pilot co-management.
You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.
You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.
Solution: You create a device configuration profile from the Device Management admin center.
Does this meet the goal?

A. Yes
B. No

Answer: B

Examkingdom Microsoft MS-101 Exam pdf, Certkingdom Microsoft MS-101 PDF

Best Microsoft MS-101 Certification, Microsoft MS-101 Training at certkingdom.com