Glen E. Clarke

Glen E. Clarke, A+, Network+, Security+, is an independent trainer and consultant.

Articles & Books From Glen E. Clarke

CompTIA PenTest+ Certification For Dummies
Advance your existing career, or build a new one, with the PenTest+ certificationLooking for some hands-on help achieving one of the tech industry's leading new certifications? Complete with an online test bank to help you prep for the exam, CompTIA PenTest+ Certification For Dummies, 2nd Edition guides you through every competency tested by the exam.
Article / Updated 03-22-2021
Social engineering from a security standpoint refers to the deliberate use of deception to try to trick a user into compromising system security through social contact such as an email message, a text message, or a phone call. Social engineering attacks are a common way to test the effectiveness of a company’s security education program.
Article / Updated 03-23-2021
The second category of pentesting tools that appears in the CompTIA PenTest+ objectives is credential testing tools. Credential testing tools help you crack passwords for user accounts on a system. There are a number of password cracking tools out there, but these are the tools the PenTest+ exam wants you to be familiar with.
Article / Updated 03-22-2021
Active information gathering for a pentest involves polling the target systems to find out about the systems that are up and running, the ports that are open, and the software being used. This involves communicating with the systems and potentially being detected. For the PenTest+ certification exam, remember the difference between active and passive information gathering.
Article / Updated 03-23-2021
The first category of tools that appears in the CompTIA PenTest+ objectives is scanners. A number of different types of scanners exist—some scanners will scan for open ports, while other scanners are designed to find vulnerabilities within a system. Nmap Nmap is a common network scanner used by pentesters to locate systems on the network and determine the ports that are open on those systems.
Article / Updated 03-22-2021
When you are conducting a penetration test, it is important to take a methodological approach to information gathering and divide the task up into two parts: passive information gathering and active information gathering. Passive information gathering should come first. It involves collecting public information from the internet about the company being assessed — without invoking any kind of communication with the target systems.
Article / Updated 03-22-2021
Take a look at some penetration testing terminology you need to be familiar with for the CompTIA PenTest+ certification exam. Types of assessments The CompTIA PenTest+ certification objectives reference some key terms in regard to the different types of assessments that can be performed. The following are some common types of pentest assessments: Goals-based/objectives-based: This type of assessment is focused on a specific purpose.
Article / Updated 03-22-2021
For the PenTest+ certification exam, you are expected to have an understanding of the basics of pentest report writing, including familiarity with the different sections of the report, what goes into the report, and how to securely store and transmit the report.At the completion of a pentest, the pentest report is a valuable asset for a business.
Article / Updated 03-22-2021
Penetration testing, also known as ethical hacking, involves an information technology (IT) professional using the techniques a hacker uses to bypass the security controls of a network and its system. A security control is a protection element, such as permissions or a firewall, that is designed to keep unauthorized individuals out of a system or network.
Article / Updated 03-22-2021
Physical security plays an important role in any organization’s security program and defensive posture, and you need to know some basics about attacks on physical security to pass the CompTIA PenTest+ exam. Physical security involves controlling who has physical access to the facility, the servers, network equipment, and end-user devices.