It happened. After a 20-year win streak, I failed my first exam. I just failed the CompTIA PenTest+ PT0-001 exam. I take full responsibility for this, as I underestimated the exam’s breadth and didn’t fully prepare as much as I should have.
Since I failed, I can no longer use this exam to update my current CE cycle for all other certifications. I won’t have time to retake it before the new cycle, so I will retake it after PT0-002 has been released.
Table of Contents
About CompTIA PenTest+
The PenTest+ certification aims to provide a vital piece to the overall cybersecurity strategy. While the CompTIA Cybersecurity Analyst (CySA+) tests defensive skills and knowledge, the CompTIA PenTest+ tests attack skills and knowledge. Security pros use both methodologies to defend against attacks and successfully cover vulnerabilities.
Study Materials Used
TryHackMe CompTIA Pentest+ Path
This quality walkthrough was great. Unfortunately, I ran out of time and didn’t finish the path. They also updated the modules within the path. I plan to run back through it when I’m ready to take the exam again.
CompTIA PenTest+ by Jason Dion
This course was pretty good except for the list of tools part, which was, well, a list of tools. Jason will re-record the lectures to match the updated exam objectives when the new exam version is released. I’m looking forward to the next release.
Lessons Learned
There are probably a couple of reasons why I failed, but the main two are that I ran out of time and didn’t adequately prepare for the exam.
When it comes time to re-take the PenTest+, I will give it a little more than a month and dedicate more quality learning time. Furthermore, I will finish all study materials, including practice exams.
Then, I will approach the new exam version with fresh eyes within the next 2 years.
Renewing CompTIA CEs
So you’re probably wondering, “If you didn’t pass the exam and were at the end of your 3 year CE cycle, how did you renew your other certifications?”
Great question. First, I had to pay the renewal fee (my first time). Then, I entered proof that I passed the CISSP exam to cover my CEUs. Now, I’m taken care of for the next 3 years.
The Negatives of Failing
It’s kind of funny. The last two exams I passed were the CISSP and the CompTIA CySA+. These exams were much harder than the CompTIA PenTest+, but I passed them on the first try without issue.
This means I’ll revisit the PenTest+ at a future date.
So, what did I actually lose here? I lost some time, $370 for the exam voucher, and roughly $200 in study materials. Does it sting a little? Yes. Does it set me back at all? No. I still renewed my other CompTIA certifications and learned what I need to shore up for the next time around.
I WILL PASS THE PENTEST+.
If you are in the same boat, try not to dwell on it. Surely, you have wasted time and lost a little money before along your life path. If you passed the PenTest+ or failed, let me know how you feel in the comments below.
I passed PenTest+ on my first try.
Skills Learned
Products available for Networking such as
Virtual Network,
Load Balancer,
VPN Gateway,
Application Gateway and
Content Delivery Network
Azure Networking
Connect cloud and on-premises
On-premise networking functionality
Azure Virtual Network
Logically isolated networking components
Segmented into one or more subnets
Subnets are discrete sections
Enable communication of resources with each-other, internet and on-premises
Scoped to a single region
VNet peering allow cross region communication
Isolation, Segmentation, Communication, Filtering, Routing
Azure Load Balancer
Even traffic distribution
Supports both inbound and outbound scenarios
High-availability scenarios
Both TCP (transmission control protocol) and UDP (user datagram protocol) applications
Internal and External traffic
Port Forwarding
High scale with up to millions of flows
VPN Gateway
Specific type of virtual network gateway for on-premises to azure traffic over the public internet
Application Gateway
Web traffic load balancer
Web application firewall
Redirection
Session affinity
URL Routing
SSL termination
Content Delivery Network
Define content
Minimize latency
POP (points of presence) with many locations
Azure Networking
Connect cloud and on-premises
On-premise networking functionality
Azure Virtual Network
Logically isolated networking components
Segmented into one or more subnets
Subnets are discrete sections
Enable communication of resources with each-other, internet and on-premises
Scoped to a single region
VNet peering allow cross region communication
Isolation, Segmentation, Communication, Filtering, Routing
Azure Load Balancer
Even traffic distribution
Supports both inbound and outbound scenarios
High-availability scenarios
Both TCP (transmission control protocol) and UDP (user datagram protocol) applications
Internal and External traffic
Port Forwarding
High scale with up to millions of flows
VPN Gateway
Specific type of virtual network gateway for on-premises to azure traffic over the public internet
Application Gateway
Web traffic load balancer
Web application firewall
Redirection
Session affinity
URL Routing
SSL termination
Content Delivery Network
Define content
Minimize latency
POP (points of presence) with many locations
SQL Database
Relational database service in the cloud (PaaS) (DBaaS – Database as a Service)
Structured data service defined using schema and relationships
Rich Query Capabilities (SQL)
High-performance, reliable, fully managed and secure database for building – applications
Although MySQL and PostgreSQL share many of the same features and functions, there are crucial differences between these two relational database management systems (RDBMS) that cannot be ignored.
MySQL is better suited for managing read-only commands;
PostgreSQL is better suited to manage read-write operations, large data sets, and complex queries; PostgreSQL is better suited to manage read-write operations and complex queries, but not read-only operations.
MySQL offers fewer features than PostgreSQL, but this makes MySQL lighter, more stable, and faster.
PostgreSQL was built to be ACID compliant from the start and is best suited when concurrent transactions (MVCC) are required, but it is slow and unstable for read-only operations.
MySQL is highly compatible with many different types of data storage engines. PostgreSQL, on the other hand, is highly compatible with many different NoSQL formats.
Big Data Typically Has One of the Following Characteristics
Velocity – how fast the data is coming in or how fast we are processing it
Batch
Periodic
Near Real Time
Real Time
Volume – how much data we are processing
Megabytes
Gigabyte
Terabytes
Petabytes
Variety – how structured/complex the data is
Tables
Databases
Photo, Audio
Video, Social Media
Azure Synapse Analytics
Big data analytics platform (PaaS)
Multiple components
Spark
Synapse SQL
SQL pools (dedicated – pay for provisioned performance)
SQL on-demand (ad-hoc – pay for TB processed)
Synapse Pipelines (Data Factory – ETL)
Studio (unified experience)
Azure HDInsight
Flexible multi-purpose big data platform (PaaS)
Multiple technologies supported (Hadoop, Spark, Kafka, HBase, Hive, Storm, Machine Learning)
Azure Databricks
Big data collaboration platform (PaaS)
Unified workspace for notebook, cluster, data, access management and collaboration
Based on Apache Spark
Integrates very well with common Azure data services
Azure Machine Learning
Cloud-based platform for creating, managing and publishing machine learning models
Platform as a Service (PaaS)
Machine Learning Workspace – top level resource
Machine Learning Studio – web portal for end-2-end development
Features
Notebooks – using Python and R
Automated ML – run multiple algorithms/parameters combinations, choose the best model
Designer – graphical interface for no-code development
Data & Compute – management of storage and compute resources
Pipelines – orchestrate model training, deployment and management tasks
Azure DevOps
Collection of services for building solutions using DevOps practices
Services included
Boards – tracking work
Pipelines – building CI/CD workflows (build, test and deploy apps)
Repos – code collaboration and versioning with Git
Test Plans – manual and exploratory testing
Artifacts – manage project deliverables
Extensible with Marketplace – over 1000 of available apps
Evolved from TFS (Team Foundation Server), through VSTS (Visual Studio Team Services)
Azure Cloud Shell
Cloud-based scripting environment
Multiple client interfaces
Azure Portal integration (portal.azure.com)
Shell Portal (shell.azure.com)
Visual Studio Code Extension
Windows Terminal
Azure Mobile App
Microsoft Docs integration
Azure Advisor
Cost (SKU sizes, idle services, reserved instances, etc.)
Security (MFA settings, vulnerability settings, agent installations, etc.)
Reliability (redundancy settings, soft delete on blobs, etc.)
Performance (SKU sizes, SDK versions, IO throttling, etc.)
Operational Excellence (service health, subscription limits, etc.)
Azure DDoS Protection
DDoS protection service in Azure
Designed to
Detect malicious traffic and block it while allowing legitimate users to connect
Prevent additional costs for auto-scaling environments
Two tiers
Basic – automatically enabled for Azure platform
Standard – additional mitigation & monitoring capabilities for Azure Virtual Network resources
Standard tier uses machine learning to analyze traffic patterns for better accuracy
Identity
A user with a username and password.
Also applications or other servers with secret keys or certificates.
The fact of being something or someone.
Authentication
The process of verification/assertion of identity
Authorization
The process of ensuring that only authenticated identities get access to the resources for which they have been granted access.
Access Management
The process of controlling, verifying, tracking and managing access to authorized users and applications.
Azure Active Directory
Identity and Access Management service in Azure
Identities management – users, groups, applications
Access management – subscriptions, resource groups, roles, role assignments, authentication & authorization settings, etc.
Used by multiple Microsoft cloud platforms
Azure
Microsoft 365
Office 365
Live.com services (Skype, OneDrive, etc.)
Multi-factor Authentication (MFA)
Process of authentication using more than one factor (evidence) to prove identity
Factor types
Knowledge Factor – “Something you know”, ex. password, pin
Possession Factor – “Something you have”, ex. phone, token, card, key
Physical Characteristic Factor – “Something you are”, ex. fingerprint, voice, face, eye iris
Location Factor – “Somewhere you are”, ex. GPS location
Supported by Azure AD by default (simple on-off switch)
Identity
Centralized/unified infrastructure and platform security management service
Natively embedded in Azure services
Integrated with Azure Advisor
Two tiers
Free (Azure Defender OFF) – included in all Azure services, provides continuous assessments, security score, and actionable security recommendations
Paid (Azure Defender ON) – hybrid security, threat protection alerts, vulnerability scanning, just in time (JIT) VM access, etc.
Azure Key Vault
Managed service for securing sensitive information (application/platform) (PaaS)
Secure storage service for
Keys,
Secrets and
Certificates
Highly integrated with other Azure services (VMs, Logic Apps, Data Factory, Web Apps, etc.)
Centralization
Access monitoring and logging
Azure Role-based Access Control (RBAC)
Authorization system built on Azure Resource Manager (ARM)
Designed for fine-grained access management of Azure Resources
Role assignment is combination of
Role definition – list of permissions like create VM, delete SQL, assign permissions, etc.
Security Principal – user, group, service principal and managed identity and
Scope – resource, resource groups, subscription, management group
Hierarchical
Management Groups > Subscriptions > Resource Groups > Resources
Built-in and Custom roles are supported
Only Owner and User Access Administrator roles can manage locks (built-in roles)
Typical tagging strategies
Functional – mark by function ( ex: environment = production )
Classification – mark by policies used ( ex: classification = restricted )
Finance/Accounting – mark for billing purposes ( ex: department = finance )
Partnership – mark by association of users/groups ( ex: owner = adam )
Applicable for resources, resource groups and subscriptions
NOT inherited by default
Azure Policy
Designed to help with resource governance, security, compliance, cost management, etc.
Policies focus on resource properties (RBAC focused on user actions)
Policy definition – Defines what should happen
Define the condition (if/else) and the effect (deny, audit, append, modify, etc.)
Examples include allowed resource types, allowed locations, allowed SKUs, inherit resource tags
Built-in and custom policies are supported
Policy initiative – a group of policy definitions
Policy assignment – assignment of a policy definition/initiative to a scope
Scopes can be assigned to
management groups,
subscriptions,
resource groups, and
resources
Policies allow for exclusions of scopes
Checked during resource creation or updates and existing ones with remediation tasks
Cloud Adoption Framework
Cloud Adoption Framework for Azure is a set of tools, best practices, guidelines and documentation prepared by Microsoft to help companies with their cloud adoption journey.
Strategy
1. Understand your motivation
Answer the question WHY MOVE?
Common Motivation Triggers include
Migration
Cost Savings on infrastructure
Reduction in complexity
Operation optimization
Increased business agility
Innovation
Reaching a global scale
Customer experience improvements
Transformation of products or services
Market disruption
2. Business Outcome
Answer the question WHAT TO MEASURE?
Defined, concise and observable outcome captured by a specific measure, for example
Increase in revenue
Increase in profit
Cost reduction
Global access to customers
Reaching new markets
3. Business Justification
Answer the question WHAT’S MY RETURN ON INVESTMENT?
Develop a business case to validate the financial model that supports your motivations and outcomes
Tools that support this process are
Azure TCO (Total Cost of Ownership) calculator – estimate current on-prem costs
Azure Pricing Calculator – estimate future Azure costs
Azure Cost Management – see current Azure costs
Plan
Digital Estate (INVENTORY OF ASSETS)
Review current landscape and list all projects/solutions (digital assets)
Choose one of the five (5) R’s of rationalization
Rehost – move as is; typically into containers or IaaS (virtual machines)
Refactor – make small code changes and move to PaaS (ex. Azure SQL, Azure App Service, etc.)
Rearchitect – make complex code changes to introduce new features or fix incompatible apps
Rebuild – create a new application using cloud first design
Replace – review available SaaS solutions and replace legacy or unneeded applications
Initial Organization Alignment
Align people so they will support your adoption plan
Map people to capabilities
Skills Readiness Plan
Review current skills and address the gaps
Cloud Adoption Plan – combine everything from steps 1 to 3 into a single cloud adoption plan
Ready
Azure Setup Guide – Review the Azure setup guide to become familiar with the tools and approaches you need to use to create a landing zone.
Azure Landing Zone – Choose an appropriate Azure Subscription type that best suits your needs and establish an initial Azure environment.
Extend Landing Zone – Expand the initial landing zone to fit your business needs.
Best Practices – Review everything and ensure best practices are followed.
Adopt
Migrate
First Migration – migrate your first application to familiarize yourself with the cloud, guidelines and tools
Migration Scenarios – review and prepare migration scenarios/guidelines for your company
Virtual Machines – Linux, Windows, etc.
Apps – Java, .NET, NodeJS web apps, etc.
Data – SQL Server, PostreSQL, File Servers, etc.
Other – VMware, Azure Stack, etc.
Best Practices – address common migration needs through the application of consistent best practices.
Process Improvements – important part of this porcess heavy activity is to identify bottlenecks and improve with every migration
Innovate
Business Value Consensus (VALUE TO STRATEGY)
Create hypothetical customer need
Decide on solution that solves it
Map this to your strategy
Innovation Guide (TOOLS) – choose available Azure tools that will help your build this application
Best Practices – verify that best practices are followed for all tools in the toolchain
Process Improvements – gather feedback from the users and the customers to improve architectural decisions and future products
Govern & Manage
Define governance solutions – Choose solutions to maintain compliance, security and ensure total control of the environment.
Those solutions should focus to
Address Business Needs
Provide Agility
Control Risks
Manage cloud environment (CLOUD OPERATIONS) – Hand over solutions and environment to cloud operations team for maintenance. Team should ensure that stability and costs are always in perfect balance to meet business commitments. Team should allow environment to grow, evolve and adapt to changing business needs.
Organize
Ensure that everyone knows what to do and when to do it for every stage in this process. One of the ways to achieve this is via RACI (Responsible, Accountable, Consulted, and Informed) matrix.
Azure Sovereign Regions
Azure Sovereign Regions provide Azure services in markets with very strict regulatory requirements
Azure Government designed for the US government
Separate instance of Azure (lifecycle, services, portal, etc.)
Physically isolated from other Azure regions
Only autorized scanned personel can get access
Azure China designed for the Chinese market
Separate instance of Azure (lifecycle, services, portal, etc.)
Physically isolated from other Azure regions
Operated by a Chinese telecom company called 21Vianet
Cost Affecting Factors
Base Cost
Resource Types – All Azure services (resources) have resource-specific pricing models. Typically consisting of one or more metrics.
Services – Azure specific offers (Enterprise, Web Direct, CSP, etc.) have different cost and billing components like prepaids, billing cycles, – discounts, etc.
Location – running Azure services vary between Azure regions
Bandwidth – network traffic when uploading (inbound/ingress) data to Azure or downloading (outbound/egress) from Azure
Savings
Reserved Instances
Hybrid Benefits
Azure Reservations
Purchase Azure services for 1 or 3 years in advance with a significant discounts
Reserved instances – Azure Virtual Machines
Reserved capacity – Azure Storage, SQL Database vCores, Databricks DBUs, Cosmos DB RUs
Software plans – Red Hat, Red Hat OpenShift, SUSE Linux, etc.
Reservations are made for 1 or 3 years
Azure Spot VMs
Purchase unused Virtual Machine capacity for significant discount.
How it works
Significant dicount for Azure VMs
Capacity can be taken away at any time
Customer can set maximum price after discount to keep or evict the machine
Best for interruptible workloads (batch processing, dev/test environments, large compute workloads, non-critical tasks, etc.)
Hybrid use Benefit
Use existing licenses in the cloud
Use existing licenses in the Azure
Windows Server
Azure VM
RedHat
Azure VM
SUSE Linux
Azure VM
SQL Server
Azure SQL Database
Azure SQL Managed Instance
Azure SQL Server on VM
Azure Data Factory SQL Server Integration Services
Minimizing Costs in Azure
Azure Pricing Calculator to choose the low-cost region
Good latency
All required services are available
Data sovereignty/compliance requirements
Hybrid use benefit and Azure Reservations
Azure Cost Management monitoring, budgets, alerts and recommendations
Understand service lifecycle and automate environments
Use autoscaling features to your advantage
Azure Monitor to find and scale down underutilized resources
Use tags & policies for effective governance
Public Preview Key Info
No SLA
Some services have no support coverage
Limited region availability
Limited functionality
Pricing changes
Direction changes
Azure Portal Previews
Hi Marczak, and wow, what a list for part 2. Thanks for following through and sharing your additional points of study!
I passed PenTest+ on my first try.
My motto is Try Harder!
What I studied:
ssh username@ipadrdess
ssh -Y -C
nautilus command
root vs sudo
sudo -i or sudo su
grep -r “targetword” /home/docs/
() | ? * + . $ each has a meaning of,,,
-i means [ignore case]
sudo apt install vim (Debian; Ubuntu)
dnf install vim (Red Hat; CentOS)
:WQ
/ ; search mode
Directory in Linux means File in Windows
pwd
ls means List Segments
ls -l for minute listing
To be continued…
Hi Marczak, I completely agree! In fact, I tried harder and passed on the second attempt with exam PT0-002 back in September!
Thanks for your study tips as well! We’ll keep an eye out for your part 2.