EJPT Cheat Sheet 2026

The 30 highest-yield EJPT facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

35 questions
2880 min time limit
70% to pass
  1. What is the eJPT certification? An online penetration testing certification
  2. What is the primary purpose of analyzing ICMP traffic during a penetration test? Host discovery and network mapping
  3. Which of the following is the PRIMARY purpose of the Common Vulnerability Scoring System (CVSS)? To offer a standardized framework for rating the severity of vulnerabilities.
  4. What tool can you use to document your work during the exam? CherryTree
  5. Which 802.11 management frame type is commonly spoofed to forcibly disconnect wireless clients from an access point? Deauthentication frame
  6. What tool does the course focus on using efficiently? nmap
  7. Which wireless encryption protocol is considered completely broken due to its weak IV implementation and can be cracked within minutes? WEP
  8. What is the purpose of the CVSS score in penetration testing reports? To standardize the severity rating of vulnerabilities on a numeric scale
  9. During an eJPT exam, which notation is used to describe an IP address with its subnet mask in CIDR format? 192.168.1.1/24
  10. When aircrack-ng fails to crack a captured WPA2 handshake with a standard wordlist, what is the most effective next step? Use hashcat with rule-based mangling against the converted hash file
  11. What is the correct order of phases in a standard penetration testing methodology? Reconnaissance → Scanning → Exploitation → Post-Exploitation → Reporting
  12. What should you do during the eJPT exam to keep track of your progress? Take screenshots and save all scan outputs
  13. What is the main goal of a penetration test compared to a vulnerability assessment? Actively exploit vulnerabilities to demonstrate real-world impact
  14. What is the purpose of a subnet mask in networking? Identify the network and host portions of an IP address
  15. What type of wireless attack creates a fake access point with the same SSID as a legitimate network to intercept client traffic? Evil Twin attack
  16. Which protocol does DNS use by default for standard queries on port 53? UDP
  17. Which correct airodump-ng command syntax captures only traffic from a specific access point with MAC aa:bb:cc:dd:ee:ff on channel 11? airodump-ng -c 11 --bssid aa:bb:cc:dd:ee:ff wlan0mon
  18. During traffic analysis, what does a large number of SYN packets without corresponding SYN-ACK responses typically indicate? A SYN flood denial-of-service attack
  19. Which aireplay-ng attack mode number sends deauthentication packets to disconnect wireless clients? Mode 0
  20. What tool is commonly used to capture network packets on a Linux system from the command line? tcpdump
  21. Which protocol is responsible for translating domain names to IP addresses? DNS
  22. Which frequency band does the 802.11a wireless standard exclusively operate on? 5 GHz
  23. Which environment is the eJPT exam conducted in? A fully hands-on virtual lab with real target machines
  24. A penetration tester runs an Nmap scan with the command `nmap -sS 192.168.1.10`. What is the primary characteristic of this type of scan? It is a stealth scan that does not complete the TCP three-way handshake.
  25. In a TCP three-way handshake, what is the correct sequence of flags? SYN, SYN-ACK, ACK
  26. What term describes the reconnaissance technique of driving around with a wireless-enabled device to discover and map nearby Wi-Fi networks? War driving
  27. What does ARP stand for in networking? Address Resolution Protocol
  28. Which Kali Linux tool provides an all-in-one framework for rogue AP creation, wireless MITM attacks, and traffic interception? Bettercap
  29. What is the cost of purchasing an exam voucher from eLearnSecurity for eJPT exam? 200 US dollars
  30. What is the recommended first step when you gain access to a new network segment during an eJPT lab? Enumerate the new segment by scanning for live hosts and services
Turn these facts into recall: