100+ Free eJPT Practice Questions

Pass your eLearnSecurity Junior Penetration Tester (eJPT v2) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately

~75-85% Pass Rate

100+ Questions

100% Free

1 / 100

Question 1

Score: 0/0

What is the difference between a black box and a white box penetration test?

Black box tests only check external systems; white box tests only check internal

Black box tests are illegal; white box tests are legal

There is no practical difference between the two

In black box, the tester has no prior knowledge of the target; in white box, the tester has full knowledge including source code and architecture

to track

2026 Statistics

Key Facts: eJPT Exam

~80%

Estimated Pass Rate

Community estimate

70%

Passing Score

INE Security

40-70 hrs

Study Time

Recommended

48 hrs

Exam Duration

INE Security

$249

Exam Voucher

INE Security

Hands-On

Exam Format

Live lab environment

The eJPT v2 is a hands-on penetration testing certification with 35 practical questions completed in a 48-hour live lab environment. The passing score is 70%. The four domains are Host and Network Penetration Testing (35%), Assessment Methodologies (25%), Host and Networking Auditing (25%), and Web Application Penetration Testing (15%). The exam costs $249 for a standalone voucher or is included with a $299/year INE subscription. INE's annual subscription includes one free retake. Community pass rates are estimated at 75-85% for candidates who complete the INE PTS course.

Sample eJPT Practice Questions

Try these sample questions to test your eJPT exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1During a penetration test, you discover a host at 192.168.1.10 with port 445 open. Which protocol is typically associated with this port?

A.HTTP

B.SMB (Server Message Block)

C.SSH

D.DNS

Explanation: Port 445 is used by SMB (Server Message Block) for file sharing, printer sharing, and remote administration on Windows systems. SMB is a prime target during penetration tests because it can expose sensitive shared files and may be vulnerable to exploits like EternalBlue (MS17-010). HTTP uses port 80/443, SSH uses port 22, and DNS uses port 53. Exam tip: SMB on port 445 is one of the most commonly exploited services in internal network penetration tests.

2Which Nmap scan type sends SYN packets and does not complete the TCP three-way handshake?

A.TCP Connect scan (-sT)

B.SYN scan (-sS)

C.UDP scan (-sU)

D.ACK scan (-sA)

Explanation: The SYN scan (-sS), also called a 'half-open' or 'stealth' scan, sends SYN packets but does not complete the three-way handshake. If a port responds with SYN-ACK, it is open; if RST, it is closed. This is faster and less likely to be logged than a full TCP Connect scan (-sT) which completes the handshake. The SYN scan is the default scan type when running Nmap with root/sudo privileges. Exam tip: SYN scan (-sS) is the go-to scan for most penetration testing scenarios — fast, reliable, and relatively stealthy.

3What is the purpose of the 'auxiliary/scanner/smb/smb_version' module in Metasploit?

A.To exploit SMB vulnerabilities

B.To enumerate the SMB version running on a target

C.To crack SMB passwords

D.To create SMB shares on the target

Explanation: The auxiliary/scanner/smb/smb_version module in Metasploit is used to enumerate the SMB version and operating system information of a target. Knowing the SMB version helps identify potential vulnerabilities — for example, SMBv1 is vulnerable to EternalBlue. Auxiliary modules are for scanning and enumeration, not exploitation. Exploit modules are used for actual exploitation, and there are separate modules for password attacks. Exam tip: Always enumerate service versions before attempting exploitation — the version determines which exploits are applicable.

4Which tool is commonly used for brute-forcing login credentials on services like SSH, FTP, and HTTP?

A.Nmap

B.Hydra

C.Wireshark

D.Netcat

Explanation: Hydra (THC-Hydra) is a fast, parallelized network login brute-forcer that supports numerous protocols including SSH, FTP, HTTP, SMB, MySQL, RDP, and many more. It allows you to specify wordlists for usernames and passwords and attempts all combinations against the target service. Nmap is for scanning, Wireshark is for packet analysis, and Netcat is for network connections. Exam tip: Hydra syntax: hydra -l username -P /path/to/wordlist.txt target_ip service (e.g., hydra -l admin -P passwords.txt 10.0.0.1 ssh).

5During network reconnaissance, you need to discover all live hosts on the 10.10.10.0/24 subnet. Which Nmap option performs a host discovery scan without port scanning?

A.-sS

B.-sn

C.-sV

D.-O

Explanation: The -sn option (previously -sP) performs a ping sweep to discover live hosts without scanning any ports. On local networks, it uses ARP requests; on remote networks, it uses ICMP echo, TCP SYN to port 443, TCP ACK to port 80, and ICMP timestamp. -sS is a SYN port scan, -sV detects service versions, and -O detects operating systems. Exam tip: Start with -sn to find live hosts, then perform targeted port scans on discovered hosts to save time.

6What is the primary purpose of pivoting in a penetration test?

A.To rotate between different exploitation tools

B.To use a compromised host to access other networks or hosts that are not directly reachable from the attacker's machine

C.To switch from one vulnerability scanner to another

D.To change the IP address of the attacker's machine

Explanation: Pivoting is the technique of using a compromised host as a relay to access other network segments or systems that are not directly reachable from the attacker's machine. For example, after compromising a dual-homed host connected to both an external and internal network, you can route traffic through it to reach internal hosts. In Metasploit, this is done using route add or autoroute. Exam tip: Pivoting is a critical eJPT skill — practice adding routes in Metasploit and using port forwarding to access internal networks.

7Which file on a Linux system contains hashed user passwords?

A./etc/passwd

B./etc/shadow

C./etc/hosts

D./etc/group

Explanation: /etc/shadow stores the hashed passwords for user accounts on Linux systems. This file is readable only by root, unlike /etc/passwd which is world-readable but no longer stores password hashes. To crack passwords, you need both files — /etc/passwd for usernames and /etc/shadow for hashes. The unshadow utility from John the Ripper combines them for cracking. Exam tip: Always check if you can read /etc/shadow after gaining access — the hashes can be cracked offline with John the Ripper or Hashcat.

8A web application returns different error messages for 'invalid username' and 'invalid password.' What vulnerability does this represent?

A.SQL injection

B.Username enumeration

C.Cross-site scripting

D.Insecure direct object reference

Explanation: When a web application returns different error messages for invalid usernames versus invalid passwords, it allows attackers to enumerate valid usernames. An attacker can determine which usernames exist by observing the different responses. This information aids in brute-force attacks because the attacker only needs to guess passwords for confirmed usernames. Applications should return the same generic error message for both cases. Exam tip: Check login forms for username enumeration — different error messages, response times, or HTTP status codes can all leak username validity.

9Which Metasploit command is used to set the target IP address for an exploit module?

A.set LHOST

B.set RHOST

C.set TARGET

D.set PAYLOAD

Explanation: The 'set RHOST' (or RHOSTS for multiple targets) command sets the remote target IP address for an exploit or auxiliary module. RHOST = Remote Host (the target). LHOST = Local Host (the attacker's IP, used for reverse connections). TARGET selects the specific exploit target configuration (OS version, architecture). PAYLOAD sets the payload to deliver after exploitation. Exam tip: RHOST = target machine; LHOST = your machine. Getting these mixed up is a common mistake in the exam lab.

10What type of SQL injection payload would an attacker use to bypass a login form that checks: SELECT * FROM users WHERE username='[input]' AND password='[input]'?

A.admin'; DROP TABLE users;--

B.admin' OR '1'='1'--

C.admin AND 1=1

D.'; EXEC xp_cmdshell('whoami');--

Explanation: The payload admin' OR '1'='1'-- bypasses authentication by injecting a condition that is always true. The single quote closes the username string, OR '1'='1' makes the entire WHERE clause true, and -- comments out the rest of the query (including the password check). This results in the query returning all users, typically logging in as the first user. The other payloads serve different purposes: data destruction, blind SQLi testing, and command execution. Exam tip: Try basic auth bypass payloads like ' OR 1=1-- and admin'-- before attempting more complex injection techniques.

About the eJPT Exam

The eJPT (eLearnSecurity Junior Penetration Tester) is an entry-level, hands-on penetration testing certification administered by INE Security. Unlike traditional multiple-choice exams, the eJPT requires candidates to perform real penetration testing in a live lab environment over 48 hours. Covering network scanning, exploitation with Metasploit, web application attacks, pivoting, and host auditing, it validates practical skills that directly apply to junior penetration testing roles.

Questions

35 scored questions

Time Limit

48 hours

Passing Score

70%

Exam Fee

$249 (voucher) or included with INE annual subscription ($299/year) (INE Security (formerly eLearnSecurity))

eJPT Exam Content Outline

35%

Host and Network Penetration Testing

Metasploit exploitation, pivoting, brute-force attacks, hash cracking, Meterpreter, post-exploitation

25%

Assessment Methodologies

Nmap scanning, OSINT, service enumeration, vulnerability identification, network fundamentals

25%

Host and Networking Auditing

Linux/Windows enumeration, file permissions, user accounts, network configuration, privilege escalation

15%

Web Application Penetration Testing

SQL injection, XSS, directory brute-forcing, web reconnaissance, Burp Suite, command injection

How to Pass the eJPT Exam

What You Need to Know

Passing score: 70%
Exam length: 35 questions
Time limit: 48 hours
Exam fee: $249 (voucher) or included with INE annual subscription ($299/year)

Keys to Passing

Complete 500+ practice questions
Score 80%+ consistently before scheduling
Focus on highest-weighted sections
Use our AI tutor for tough concepts

eJPT Study Tips from Top Performers

1Focus on Host and Network Penetration Testing (35%) — master Metasploit, Meterpreter, pivoting, and hash cracking as they are the core of the exam

2Practice pivoting extensively — adding routes in Metasploit and using port forwarding is a make-or-break skill for the eJPT

3Build a systematic methodology: host discovery → port scan → service enumeration → vulnerability identification → exploitation → post-exploitation

4Complete hands-on labs on TryHackMe and HackTheBox — the eJPT tests practical skills that can only be learned through practice

5Document everything during the exam — take screenshots, save command outputs, and maintain organized notes for answering questions

Frequently Asked Questions

What is the eJPT pass rate?

INE Security does not publish official pass rates. Community estimates suggest around 75-85% of candidates who complete the INE Penetration Testing Student (PTS) course pass on their first attempt. The exam requires a 70% score on 35 practical questions. Candidates with hands-on lab experience (TryHackMe, HackTheBox) in addition to the PTS course tend to perform best. The 48-hour time limit is generous — most candidates complete it in 10-20 hours of active work.

How is the eJPT exam different from other certifications?

The eJPT is entirely hands-on and practical — no multiple-choice theory questions. You are given a live lab environment with real machines to hack, and the 35 questions require you to demonstrate actual penetration testing skills. You must scan networks, exploit vulnerabilities, pivot through systems, and gather specific information to answer the questions. This format tests real-world skills rather than memorization, making it one of the most respected entry-level security certifications.

What tools should I know for the eJPT exam?

Essential tools include: Nmap (port scanning, service detection, NSE scripts), Metasploit (exploitation, Meterpreter, pivoting, payloads), Hydra (brute-force attacks), John the Ripper (password hash cracking), Gobuster/Dirb (web directory brute-forcing), Burp Suite (web application testing), Netcat (reverse shells, file transfer), SQLMap (SQL injection), enum4linux/smbclient (SMB enumeration), and theHarvester (OSINT). Focus most on Nmap and Metasploit — they are used in nearly every eJPT scenario.

How long should I study for the eJPT?

Most candidates study for 4-8 weeks. If you have networking/security experience, 2-4 weeks may suffice. Beginners should plan for 6-8 weeks including: 1) Complete the INE PTS learning path or equivalent, 2) Practice on TryHackMe (Complete Beginner path) and HackTheBox easy machines, 3) Focus on Nmap scanning, Metasploit exploitation, and pivoting, 4) Build a methodology for systematic enumeration and exploitation. Hands-on lab practice is far more important than reading documentation.

Is the eJPT worth it for beginners?

Absolutely — the eJPT is widely considered the best entry-level penetration testing certification. Benefits include: 1) Hands-on format tests real skills, not memorization, 2) Excellent stepping stone to eCPPT and OSCP, 3) Affordable at $249-$299 compared to OSCP ($1,749+), 4) 48-hour time limit reduces exam pressure, 5) Practical skills directly applicable to junior pentester roles, 6) Well-recognized in the cybersecurity community. It bridges the gap between CTF challenges and real penetration testing.

What is pivoting and why is it important for the eJPT?

Pivoting is using a compromised host to access other networks or systems that are not directly reachable from your attack machine. It is one of the most critical skills tested on the eJPT. In the exam, you will likely need to: 1) Compromise an initial host, 2) Discover additional network interfaces on that host, 3) Add routes in Metasploit to reach the internal network, 4) Scan and exploit systems on the internal network through the pivot. Practice this extensively using Metasploit's autoroute and portfwd features.

Can I use the internet during the eJPT exam?

Yes. The eJPT exam allows you to use any external resources including documentation, notes, search engines, and tool manuals. The exam is open-book and tests your ability to apply knowledge in a practical setting, not your ability to memorize commands. Use this advantage — have your notes, cheat sheets, and tool references ready. The exam environment provides pre-installed tools on the exam instance, but you can install additional tools if needed.