Looking to obtain your eJPT certification? As part of INE's Cyber Security Week, check out Cyber Security newcomer Lily Clark's experience with preparation and taking on the exam, as well as tips for making the most out of your studying. 

After a year of on-again-off-again studying, I finally did it. I earned my eLearnSecurity Junior Penetration Tester (eJPT) certification. To be quite frank, I had so much doubt in my abilities, I didn’t think I’d ever get it. With the materials offered by INE and a bit of perseverance, you have all the tools you need to pass the exam and become a certified eJPT too.

KEY TAKEAWAYS

• Everything you need to pass the eJPT exam is covered in the Penetration Testing Student (PTS) learning path on INE, which is part of the free Starter Pass
  
  
• You have 72 hours to complete your exam and 1 free retake if you fail
  
  
• The exam is hands-on and has 20 multiple choice questions based on your findings
  
  
• PTS Training for Free
  
  
• Because the PTS training is free, you’ll only have to pay for the $200 eJPT voucher to get certified. 

BACKGROUND

I do not come from a technical background. Admittedly, anything to do with computers was a huge gap in my knowledge previously. I knew what an IP address looked like, but I didn’t know much further than that. I’m a firm believer in lifelong learning, so when I first saw a job opening at INE, I felt like I needed to go for it. I knew this was a platform with the same ideals I have and is a product I can truly get behind. INE took a chance on me as a Client Success Representative working for eLearnSecurity. I wanted to do my job the best that I could, and I believed the best way to do that is by understanding the client’s experience as a student. 

WHAT I USED THEN VS. WHAT I WOULD USE NOW

I originally started studying on the eLearnSecurity platform. I focused my energy on the Penetration Testing Basics & Penetration Testing Prerequisites sections. The programming section is not required to pass the exam. My study materials were taken care of since I worked for eLS, but if that wasn’t the case, it would have cost $599 for the Elite version, 3 black box labs, and unlimited lab time.

Since then, eLS has placed all learning material on the INE platform. This is far better for beginners looking to join since it is free (including unlimited lab time and the 3 black box labs). You can get the INE Starter Pass for yourself here.

HOW I STUDIED PTS AT FIRST - LESSONS LEARNED

Excited to learn something brand new, I dove right into PTS. I started studying networking and I hit a wall. This is hard stuff. My best recommendation when things get difficult in this course is to keep going. Don’t get stuck on a single concept you don’t understand. I read all of the slides first. Then I watched all the videos. Then I attempted labs. I did this because I was intimidated by the labs and not for any strategic reasoning. I think it’s extremely important to understand the theory, but because of my intimidation, I spent way too much time on it. Looking back, I understand why I would get stuck - I didn’t practice the theory I learned or understand fully why I was learning it. I could have saved so much time if I had done the labs along with it. 

PTS TRAINING STUDY RECOMMENDATIONS

I don’t recommend studying in the same order I did, but hey, you live and you learn. I recommend starting with the goal of completing the labs. Let’s be clear. If you are studying this, it is either to learn cyber security or to get that shiny eJPT certification. You cannot do either without hands-on experience. You will need to spend a considerable amount of time in the lab environment in order to prepare yourself for the exam. If you have the goal of completing a lab, you will pay better attention to the slides and videos leading up to it.

WRITE LAB REPORTS. I cannot stress this enough. For each lab you do, create a report for yourself that includes common commands for the tool or technique you are learning, which commands you needed to complete the report, and any screenshots you have so you may replicate the outcome later. Do this for every lab.

FINDING A STUDY SCHEDULE THAT WORKS

At first, everything took much longer than expected. I tried to create a schedule that was quite aggressive and unrealistic. It didn’t account for the stressors of 2020 that took me away from my studies. Make sure when you’re goal setting, to create SMART goals. My original goals were not realistically attainable. 

How much time you dedicate to each section is up to your own discretion, but I have created a Google Sheets template for you to organize your time. 

Feel free to copy this template and make it your own. Add checkboxes for completion, add work deadlines and personal commitments, and add in some breaks. You don’t want to overwhelm yourself.

WHAT YOU CAN EXPECT FROM THE EJPT EXAM

The exam is entirely hands-on. You can expect lessons from many of your labs coming in handy (and this is why you’ll want to create those reports). The Programming prerequisites section will not be directly tested. This module has great knowledge within it and can help you automate tasks, however, you can easily pass the exam without this section. eJPT is eLearnSecurity’s only red team exam that is multiple choice. What this means is that you are not required to write an official report to submit for grading. You will have to complete a pentest in order to get your answers for the exam. The benefit here is that you will receive your results instantaneously. If you don’t pass on your first try, don’t worry. All eLearnSecurity certification exams include 1 free retake. This free retake came in handy for me.

Don’t make the same silly mistake I did though that requires a retake. Since this was my first pentest experience, it took me a lot longer than others. I started my exam on a Friday night and just enumerated, scanned for vulnerabilities, and explored. Saturday was when the real fun began as I started exploitation. I wasn’t rigid on my schedule, took many breaks, and let inspiration come to me. Around 1 AM, I had 15 questions answered. Since 15/20 would be a passing score, I decided to press my luck and hit “Submit”. I got a failing score of 14/20 and I knew exactly which question I got wrong at that moment. 

I started my retake immediately to find the questions changed. I opted for a good night’s sleep at this point. I spent about 1 hour Sunday morning retaking my exam with plenty of help from my notes I had taken throughout the exam. After the 1 hour, I submitted and passed with a 17/20.

Overall, what they say is true. This eJPT exam is a lot of fun and you will learn something new during it. 10/10 I would recommend the eJPT certification to everyone - especially those new to cyber.

Other resources I used, but not necessary to pass:

• TryHackMe
  • Cost is free (or $10/mo which I pay for now but didn’t at first)
  • Can reinforce skills and tools learned in PTS such as Nmap, BurpSuite, and Metasploit
• John Hammond Youtube videos
  • Cost is nothing
  • John makes hacking and CTFs look easy. He has a wealth of knowledge
  • I enjoyed watching his videos because I had no experience in a Linux environment and watching someone else’s workflow helped me realize how simple it can be if I know the right shortcuts and commands

FINAL WORDS OF ENCOURAGEMENT

• We’re here for you and want you to succeed.
• You have a whole community of people rooting for you.
• If I can do it, why not you?