Andrew Roderos

Networking and Security

eJPTv2 Beta Exam

by Leave a Comment

Today, I submitted my eJPTv2 beta exam for review. Per INE, it will take about two to three months to review everyone’s exam submission. During this time, they will also decide if they want to tweak the exam based on the feedback.

Related: Passed eJPTv2
eJPTv2

Exam format

For obvious reasons, I cannot disclose any of the questions I saw on the exam. I can, however, discuss whatever is public knowledge. Without further ado, here is some information about the exam:

  • 35 questions
  • 50 hours to complete
  • Dynamic exam
  • Hands-on exam

Course difference

The course is massive compared to the previous one. According to the course page, it has over 140 hours of content. Though, I feel like they could have shortened it because some of the contents were a repeat from another section.

The course’s main sections are the following:

  • Assessment Methodologies
  • Host and Network Penetration Testing
  • Host and Network Auditing
  • Web Application Penetration Testing

The previous Penetration Testing Student (PTS) course was death by PowerPoint. This new version is death by videos. I rushed through the content because we only had about 30 days to take the beta exam before they closed it.

There were overlaps between the old and new PTS. The new PTS is an improvement since they explained more details about the concepts. These foundational concepts are always vital in any job, so knowing more about them is key to one’s successful career.

I did learn new tools from this course, which I thought were a valuable addition to one’s toolset as a penetration tester, I would imagine. Also, I learned more about post-exploitation concepts and methodologies. These are helpful in privilege escalation scenarios.

Exam difference

As you might probably know, I passed eJPT last year and talked about it here. I thought the exam was, in a lot of ways, similar. While the new version has more questions, getting the answers will require the same steps.

As you may have noticed, they shortened the amount of time you can spend on the exam from three to two days. I think two days is a good amount to spend on this exam. I believe that one would not feel pressed for time. Then again, this is coming from someone who has some CTF experience and has taken offensive security-related courses and exams.

Related: Passed eJPTv2

I believe the exam’s level of difficulty increased. Though, I do not think it is at the same level as the black-box penetration test labs. In the previous exam, I took less than six hours to finish the exam. This time around, it took me about 44 hours, officially. I say “officially” because I could’ve ended it sooner, but I wanted to verify my answers in the morning and also leave feedback.

Some questions have dynamic answers. Essentially, it means that every time you start the lab, the virtual machines generate a different flag each time. In theory, nobody can have the same answers to these questions. I assume this is to counter cheating. In my opinion, it is not a perfect solution.

Exam experience

I have mixed feelings about my exam experience. The bad experience revolves around the attacker’s machine and how the exam detects lab activity.

With the old exam, you connect to the lab environment via VPN. The advantage of this method is that you can customize your machine. With the new exam, you are stuck with whatever they installed on it. Since it has no Internet connectivity, you cannot install the tools you want.

eJPTv2 exam has been released!

Get your exam voucher with 3 months of INE Fundamentals Monthly for free!

Buy eJPTv2 voucher

I do not understand the lab activity detection they put in place. Sometimes, my machine is in the middle of an attack, but the exam will “stop” the lab. The lab environment does not really stop, but the exam thinks it is. I believe this disconnect will affect your dynamic answers, but I have no proof.

Since the exam detected no lab activity and “stopped” the lab environment, I did not trust some of the information I collected and had to redo it again. Eventually, I noticed they were the same, so I did not need to redo the information gathering steps again. Though, it was frustrating to redo them.

Exam questions

As previously mentioned, I cannot discuss the specific exam questions. However, I want to point out that the exam is essentially the summary of all the labs included in the PTSv2 course. If you understood and did all the labs, you should be able to answer the eJPTv2 exam questions.

Final thoughts

INE addressed some of the things I mentioned in my eJPT post. They refreshed the content, reduced the hours allotted for the exam, and even made it a bit harder. Overall, I think the changes are positive.

The one thing they still have not addressed, and I believe folks would want, as well, is the digital badges from Credly. I think folks would welcome this change. While not necessary, having all your digital badges in one place is good.

You might like to read

Passed eJPTv2
Passed eJPT
Passed GCIH

BUY ME COFFEE ☕

Did you find this content useful? If so, show your appreciation by buying me a coffee!


About Andrew Roderos

I am a network security engineer with a passion for networking and security. Follow me on Twitter, LinkedIn, and Instagram.