EJPT Cheat Sheet 2026
The 30 highest-yield EJPT facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.
35 questions
2880 min time limit
70% to pass
- What is the eJPT certification? → An online penetration testing certification
- What is the primary purpose of analyzing ICMP traffic during a penetration test? → Host discovery and network mapping
- Which of the following is the PRIMARY purpose of the Common Vulnerability Scoring System (CVSS)? → To offer a standardized framework for rating the severity of vulnerabilities.
- What tool can you use to document your work during the exam? → CherryTree
- Which 802.11 management frame type is commonly spoofed to forcibly disconnect wireless clients from an access point? → Deauthentication frame
- What tool does the course focus on using efficiently? → nmap
- Which wireless encryption protocol is considered completely broken due to its weak IV implementation and can be cracked within minutes? → WEP
- What is the purpose of the CVSS score in penetration testing reports? → To standardize the severity rating of vulnerabilities on a numeric scale
- During an eJPT exam, which notation is used to describe an IP address with its subnet mask in CIDR format? → 192.168.1.1/24
- When aircrack-ng fails to crack a captured WPA2 handshake with a standard wordlist, what is the most effective next step? → Use hashcat with rule-based mangling against the converted hash file
- What is the correct order of phases in a standard penetration testing methodology? → Reconnaissance → Scanning → Exploitation → Post-Exploitation → Reporting
- What should you do during the eJPT exam to keep track of your progress? → Take screenshots and save all scan outputs
- What is the main goal of a penetration test compared to a vulnerability assessment? → Actively exploit vulnerabilities to demonstrate real-world impact
- What is the purpose of a subnet mask in networking? → Identify the network and host portions of an IP address
- What type of wireless attack creates a fake access point with the same SSID as a legitimate network to intercept client traffic? → Evil Twin attack
- Which protocol does DNS use by default for standard queries on port 53? → UDP
- Which correct airodump-ng command syntax captures only traffic from a specific access point with MAC aa:bb:cc:dd:ee:ff on channel 11? → airodump-ng -c 11 --bssid aa:bb:cc:dd:ee:ff wlan0mon
- During traffic analysis, what does a large number of SYN packets without corresponding SYN-ACK responses typically indicate? → A SYN flood denial-of-service attack
- Which aireplay-ng attack mode number sends deauthentication packets to disconnect wireless clients? → Mode 0
- What tool is commonly used to capture network packets on a Linux system from the command line? → tcpdump
- Which protocol is responsible for translating domain names to IP addresses? → DNS
- Which frequency band does the 802.11a wireless standard exclusively operate on? → 5 GHz
- Which environment is the eJPT exam conducted in? → A fully hands-on virtual lab with real target machines
- A penetration tester runs an Nmap scan with the command `nmap -sS 192.168.1.10`. What is the primary characteristic of this type of scan? → It is a stealth scan that does not complete the TCP three-way handshake.
- In a TCP three-way handshake, what is the correct sequence of flags? → SYN, SYN-ACK, ACK
- What term describes the reconnaissance technique of driving around with a wireless-enabled device to discover and map nearby Wi-Fi networks? → War driving
- What does ARP stand for in networking? → Address Resolution Protocol
- Which Kali Linux tool provides an all-in-one framework for rogue AP creation, wireless MITM attacks, and traffic interception? → Bettercap
- What is the cost of purchasing an exam voucher from eLearnSecurity for eJPT exam? → 200 US dollars
- What is the recommended first step when you gain access to a new network segment during an eJPT lab? → Enumerate the new segment by scanning for live hosts and services
Turn these facts into recall: