eJPT (eLearnSecurity Junior Penetration Tester) Certification
Practice Exam (100 Questions)
1. During the reconnaissance phase, which tool would be MOST appropriate for identifying
live hosts on a network?
A) Nmap
B) John the Ripper
C) Wireshark
D) Metasploit
**ANSWER: A**
**EXPLANATION:** Nmap is the standard tool for host discovery and network scanning,
using techniques like ICMP echo requests, TCP SYN scans, and ARP discovery to identify
live hosts.
2. What does the "-sS" flag indicate when running an Nmap scan?
A) Service version detection
B) TCP SYN stealth scan
C) UDP scan
D) OS fingerprinting
**ANSWER: B**
**EXPLANATION:** The "-sS" flag in Nmap performs a TCP SYN scan, also known as a half-
open scan, which sends SYN packets and analyzes responses to determine port status
without completing the TCP handshake.
3. Which HTTP method is typically used to retrieve data from a web server?
A) POST
B) GET
,C) PUT
D) DELETE
**ANSWER: B**
**EXPLANATION:** The GET method is used to request data from a specified resource and
should only retrieve data without causing side effects on the server.
4. During a penetration test, you discover a web application with a URL parameter:
`http://target.com/view.php?id=45`. What type of vulnerability should you test for FIRST?
A) Cross-Site Scripting (XSS)
B) SQL Injection
C) Directory Traversal
D) File Inclusion
**ANSWER: B**
**EXPLANATION:** The "id" parameter in the URL suggests database interaction, making
SQL Injection the most likely vulnerability to test for initially.
5. What is the primary purpose of a reverse shell?
A) To establish an encrypted tunnel
B) To bypass firewall restrictions by having the target connect back to the attacker
C) To escalate privileges on the local system
D) To sniff network traffic
**ANSWER: B**
**EXPLANATION:** A reverse shell initiates a connection from the compromised system
back to the attacker's machine, often bypassing outbound firewall restrictions that might
block incoming connections.
6. Which command would you use to save the output of an Nmap scan to a file in XML
format?
,A) `nmap -oX scan.xml target`
B) `nmap -oN scan.txt target`
C) `nmap -oS scan.txt target`
D) `nmap --output scan.xml target`
**ANSWER: A**
**EXPLANATION:** The `-oX` flag in Nmap outputs results in XML format, which can be
parsed by other tools or imported into vulnerability management systems.
7. When analyzing a packet capture in Wireshark, what filter would show only HTTP traffic?
A) `tcp.port == 80`
B) `http`
C) `tcp.port == 443`
D) Both A and B
**ANSWER: D**
**EXPLANATION:** Both `tcp.port == 80` (standard HTTP port) and the `http` display filter
will show HTTP traffic in Wireshark.
8. What does the following Nmap command do? `nmap -sV -O 192.168.1.0/24`
A) Performs a SYN scan on the network range
B) Performs service version detection and OS fingerprinting on the entire subnet
C) Scans only UDP ports on the network
D) Performs a ping sweep only
**ANSWER: B**
**EXPLANATION:** The `-sV` flag enables service/version detection, `-O` enables OS
detection, and `192.168.1.0/24` specifies the entire Class C subnet.
9. Which of the following is a characteristic of a successful TCP three-way handshake?
, A) SYN → SYN-ACK → ACK
B) SYN → ACK → SYN-ACK
C) ACK → SYN → SYN-ACK
D) SYN → RST → ACK
**ANSWER: A**
**EXPLANATION:** A proper TCP three-way handshake consists of: 1) Client sends SYN, 2)
Server responds with SYN-ACK, 3) Client sends ACK.
10. During information gathering, you use `whois` on a domain. What type of information
are you MOST likely to obtain?
A) Open ports on the domain's servers
B) Domain registration details and contact information
C) Subdomains associated with the domain
D) Web application vulnerabilities
**ANSWER: B**
**EXPLANATION:** The `whois` command queries domain registration databases to
obtain information about domain owners, registration dates, contact details, and name
servers.
11. What is the purpose of using `nc -lvp 4444` during a penetration test?
A) To scan for open ports
B) To set up a netcat listener on port 4444
C) To connect to a remote host on port 4444
D) To capture network traffic
**ANSWER: B**
**EXPLANATION:** `nc -lvp 4444` starts netcat in listen mode (`-l`), verbose mode (`-v`),
on port 4444 (`-p 4444`), waiting for incoming connections, commonly used for reverse
shells.
Practice Exam (100 Questions)
1. During the reconnaissance phase, which tool would be MOST appropriate for identifying
live hosts on a network?
A) Nmap
B) John the Ripper
C) Wireshark
D) Metasploit
**ANSWER: A**
**EXPLANATION:** Nmap is the standard tool for host discovery and network scanning,
using techniques like ICMP echo requests, TCP SYN scans, and ARP discovery to identify
live hosts.
2. What does the "-sS" flag indicate when running an Nmap scan?
A) Service version detection
B) TCP SYN stealth scan
C) UDP scan
D) OS fingerprinting
**ANSWER: B**
**EXPLANATION:** The "-sS" flag in Nmap performs a TCP SYN scan, also known as a half-
open scan, which sends SYN packets and analyzes responses to determine port status
without completing the TCP handshake.
3. Which HTTP method is typically used to retrieve data from a web server?
A) POST
B) GET
,C) PUT
D) DELETE
**ANSWER: B**
**EXPLANATION:** The GET method is used to request data from a specified resource and
should only retrieve data without causing side effects on the server.
4. During a penetration test, you discover a web application with a URL parameter:
`http://target.com/view.php?id=45`. What type of vulnerability should you test for FIRST?
A) Cross-Site Scripting (XSS)
B) SQL Injection
C) Directory Traversal
D) File Inclusion
**ANSWER: B**
**EXPLANATION:** The "id" parameter in the URL suggests database interaction, making
SQL Injection the most likely vulnerability to test for initially.
5. What is the primary purpose of a reverse shell?
A) To establish an encrypted tunnel
B) To bypass firewall restrictions by having the target connect back to the attacker
C) To escalate privileges on the local system
D) To sniff network traffic
**ANSWER: B**
**EXPLANATION:** A reverse shell initiates a connection from the compromised system
back to the attacker's machine, often bypassing outbound firewall restrictions that might
block incoming connections.
6. Which command would you use to save the output of an Nmap scan to a file in XML
format?
,A) `nmap -oX scan.xml target`
B) `nmap -oN scan.txt target`
C) `nmap -oS scan.txt target`
D) `nmap --output scan.xml target`
**ANSWER: A**
**EXPLANATION:** The `-oX` flag in Nmap outputs results in XML format, which can be
parsed by other tools or imported into vulnerability management systems.
7. When analyzing a packet capture in Wireshark, what filter would show only HTTP traffic?
A) `tcp.port == 80`
B) `http`
C) `tcp.port == 443`
D) Both A and B
**ANSWER: D**
**EXPLANATION:** Both `tcp.port == 80` (standard HTTP port) and the `http` display filter
will show HTTP traffic in Wireshark.
8. What does the following Nmap command do? `nmap -sV -O 192.168.1.0/24`
A) Performs a SYN scan on the network range
B) Performs service version detection and OS fingerprinting on the entire subnet
C) Scans only UDP ports on the network
D) Performs a ping sweep only
**ANSWER: B**
**EXPLANATION:** The `-sV` flag enables service/version detection, `-O` enables OS
detection, and `192.168.1.0/24` specifies the entire Class C subnet.
9. Which of the following is a characteristic of a successful TCP three-way handshake?
, A) SYN → SYN-ACK → ACK
B) SYN → ACK → SYN-ACK
C) ACK → SYN → SYN-ACK
D) SYN → RST → ACK
**ANSWER: A**
**EXPLANATION:** A proper TCP three-way handshake consists of: 1) Client sends SYN, 2)
Server responds with SYN-ACK, 3) Client sends ACK.
10. During information gathering, you use `whois` on a domain. What type of information
are you MOST likely to obtain?
A) Open ports on the domain's servers
B) Domain registration details and contact information
C) Subdomains associated with the domain
D) Web application vulnerabilities
**ANSWER: B**
**EXPLANATION:** The `whois` command queries domain registration databases to
obtain information about domain owners, registration dates, contact details, and name
servers.
11. What is the purpose of using `nc -lvp 4444` during a penetration test?
A) To scan for open ports
B) To set up a netcat listener on port 4444
C) To connect to a remote host on port 4444
D) To capture network traffic
**ANSWER: B**
**EXPLANATION:** `nc -lvp 4444` starts netcat in listen mode (`-l`), verbose mode (`-v`),
on port 4444 (`-p 4444`), waiting for incoming connections, commonly used for reverse
shells.
