Embedded Files
ISMS LA Batch 23rd, 24th, 29th, 30th, 31st May 2026.
On-Demand Sessions on LMS for one year
Learn at your own pace
Access to exhaustive mock exams and documentation
Certification exam
Skills You will Learn
✓ Identify various types of threats, attacks, and vulnerabilities, including malware, social engineering, and application attacks.
✓ Utilize security technologies and tools, such as firewalls, intrusion detection systems, and endpoint security, to protect systems.
✓ Design secure network architectures, implement secure systems, and apply secure protocols for architecture and design.
✓ Manage identity and access concepts, including authentication, authorization, and accounting, to ensure secure access control.
✓ Assess and manage risk through risk analysis, mitigation strategies, and business continuity planning.
✓ Apply cryptography concepts, including encryption algorithms, public key infrastructure (PKI), and digital signatures, to secure data.
✓ Implement compliance and operational security measures, including security policies, procedures, and best practices.
Course Outline
Engagement management (13%)
Planning and scoping: defining rules of engagement, testing windows, and target selection.
Legal and ethical compliance: ensuring authorization letters, mandatory reporting, and adherence to regulations.
Collaboration and communication: aligning with stakeholders through peer reviews, escalation paths, and risk articulation.
Penetration test reports: creating reports with executive summaries, findings, and remediation recommendations.
Reconnaissance and enumeration (21%)
Active and passive reconnaissance: gathering information using open-source intelligence (OSINT), network sniffing, and protocol scanning.
Enumeration techniques: performing DNS enumeration, service discovery, and directory enumeration.
Reconnaissance tools: using tools like Nmap, Wireshark, and Shodan for information gathering.
Script modification: customizing Python, PowerShell, and Bash scripts for reconnaissance and enumeration.
Vulnerability discovery and analysis (17%)
Vulnerability scans: conducting authenticated, unauthenticated, static application security testing (SAST) and dynamic application security testing (DAST).
Result analysis: validating findings, troubleshooting configurations, and identifying false positives.
Discovery tools: using tools like Nessus, Nikto, and OpenVAS for vulnerability discovery.
Attacks and exploits (35%)
Network attacks: performing VLAN hopping, on-path attacks, and service exploitation.
Authentication attacks: executing brute-force attacks, pass-the-hash, and credential stuffing.
Host-based attacks: conducting privilege escalation, process injection, and credential dumping.
Web application attacks: performing SQL injection, cross-site scripting (XSS), and directory traversal.
Cloud-based attacks: exploiting container escapes, metadata service attacks, and identity and access management (IAM) misconfiguration.
AI attacks: explaining prompt injection and model manipulation against artificial intelligence systems.
Post-exploitation and lateral movement (14%)
Post-exploitation activities: establishing persistence, performing lateral movement, and cleaning up artifacts.
Documentation: creating attack narratives and providing remediation recommendations.
Exam Details
Exam version: V3
Exam series code: PT0-003
Launch date: December 17, 2024
Number of questions: maximum of 90, including multiple-choice and performance-based questions
Length of test: 165 minutes
Passing score: 750 (on a scale of 100–900)
Recommended experience: 3–4 years in a penetration tester job role, with Network+ and Security+ or equivalent knowledge
Languages: English on release; other languages TBD
Retirement of the previous exam: June 17, 2025
Retirement: Usually three years after launch(estimated 2027)
Report abuse