How to Pass Both CEH and eJPT on the same Day
How to Pass Both CEH and eJPT on the same Day
To make one thing clear right in the beginning. This is not about getting these certs IN one day. I do not think this is humanly possible. Unless maybe, you already are deep in the IT security field. I was not, and I’m still far away from it.
Also, this is not a review of these programs. It’s my practical opinion about what helped me and might also help you pass these exams.
Learning is important. But to pass, specific preparation for the test is key. Of course, I studied and exercised quite some time. Until I was fortunate enough to pass them both on November 24 2021. Here’s what I did.
TLDR
It’s not rocket science, but it will ll take quite some preparation.
CEH
- active recall with legally sound practice questions
- Matt Walker’s AIO book
eJPT
- INE PTS course — it really is sufficient
- do the labs on your own, don’t peek at the solutions
- before the exam, redo the “Black-box Penetration Tests”
You want more Details? Here you go.
My Background
My educational background lies in the natural sciences with a focus on data science. IT security-wise, I did a certificate of advanced studies in “Cyber Security” lately. Apart from enjoying a lot of hands-on material of IT security fails during the last years on my job, that was it.
So I was and still am far from being an expert.
If I can do this, you can too!
CEH
Advice Number 1: Do NOT pay the full Price.
I bought the Cyber Monday package. This included the iLearn package for 1 year with labs for 6 months, the CEH exam prep and one exam voucher, also valid for 1 year. There have been multiple discount offers for me and I took the one that came at the right time for me.
Contact EC-Council and stay in the loop for special offers. Just be patient, opportunities will come.
Advice Number 2: Buy Matt Walker’s AIO Book.
If you’re enrolled in the CEH and do not have this book, stop right now. Go order the book. Back already? Did you order it? No? Stop. Go buy it!
I’m serious. This was the best study source for me by a big margin. It’s valuable. It’s fun. I can recommend the bundle that includes a whole practice question book with valuable explanations. I cannot recommend it enough:
CEH Certified Ethical Hacker Bundle, Fourth Edition
(No, this is not an affiliate link, it’s honest advice. You can buy it wherever you like.)
BTW, AIO stands for all-in-one. But Matt Walker stresses that reading this book will not guarantee you to pass. After going through the process, I tend to agree. For more on this, read the next crucial advice.
Advice Number 3: iLearn won’t teach to the test ⇾ Go learn to the test yourself.
The way to succeed is by training as you fight.
The learning material you get on iClass and via Bookshelf will help you grasp the concepts. The iLabs will let you practice some of the concepts. But this will probably not get you through the exam:
Will the test consist of material that was not covered in the training or courseware that was used to study?
All learning materials related to exams including EC-Council official courseware and trainings are developed independently of exam content. This is because the exams are created to assess competence when using the skills and knowledge, not the effectiveness of a specific courseware or training.EC-Council strives to make available preparation material for topics measured in an exam. However candidates are required to check the exam blueprint and objectives prior to registering for the exam.
Note: Official courseware is recommended but not mandatory for an EC-Council exam and it does not guarantee that you will pass the exam.
– https://cert.eccouncil.org/faq.html
This means that will need to memorize a lot. A good way to do this is by practicing with exam-like questions.
There seems to be myriads of free exam question banks on the internet. From what I read about it, quality will vary, explanations being mostly non-existent. Reddit is full of links to pages like that. But beware. Your CPU fans might kick while browsing some of those, so you might just help somebody mine Monero while doing your studies. There is almost always some caveat when someone offers you something of value for free on the internet.
But that is not even the worst part of it. If you’re not aware of it already, I want to bring your attention to the following section of the EC-Council FAQs:
Are “Brain Dumps” considered an accepted method to prepare for the test?
Usage of any material including websites that publish “brain dumps” that is obtained fraudulently is considered a violation of ethics. “Brain dump” providers are in violation of EC-Council’s intellectual property rights and non-disclosure agreements. If EC-Council learns that a candidate used a “brain dump” site to prepare for an exam, this candidate will be permanently banned from taking any future EC-Council Certification exams. In addition, test scores and certifications, if applicable, may be revoked. These actions may be taken even if the candidate did not intend to defraud the EC-Council Certification Program.
If you think you have discovered a “brain dump” site with EC-Council content, please send an email message to audit@eccouncil.org.
So as not to cheat, you need legally sound sources of training material.
Or in other words, you require an ethical way to train for your ethical hacking certification. One simply has to love irony.
Here’s a list of what I did:
Daily, On the Go: https://study.pocketprep.com
- They offer a really awesome platform not only for CEH (1200 questions) but for many other certs.
- There’s also a polished app for your phone that provides active recall training on the train, in the supermarket, on the toilet…
- The questions did not represent the actual questions on the test, but they sure helped memorizing facts by leveraging active recall. They also explicitly state they do not use brain dumps:
Before explaining where our content comes from, it’s important to understand where it doesn’t come from:
We never use content found freely online
We never utilize or approve of brain dumps
We never plagiarize or hijack the works of others
Our exact prep content will never appear on an official exam
– https://help.pocketprep.com/en/articles/3697276-where-do-your-practice-questions-come-from
Daily, Before Bedtime: Matt Walker’s Practice Exams (see book in Advice Number 2, useful free online tool included as well)
Shortly and Right Before the Test: Official Exam Prep
- https://cyberq.eccouncil.org/examprep/ExamPreps/
- This came closest to the real questions by far. So close, I’m not sure if I didn’t actually see some of those questions in the real test.
- These were also the most frustrating for me, since I was initially performing pretty poorly on them.
Advice Number 4: Do not overthink it. This is not real life.
There might be a difference between the answer options that have relevance in the real life and the answer options you need to choose in the test. Matt Walker’s book helped me a lot to take these discrepancies with humor.
e.g. about the felt non-passiveness of dumpster diving…
Advice Number 5: Stay calm and do your own Research.
In your practice questions, there will be errors. I don’t even want to get started about bad spelling or semantics. You will sure have to swallow those. I mean, you’re just reading an article from a non-native speaker, and you’re still alive, right?
I’m talking about weird answers or answer options that do not even fit the question at all. You will see those in the official exam prep.
I’m sad I have to break it to you, but some of those arguably “illogical”, “unfair”, “irrelevant”, insertAdjectiveOfChoice” questions will also make it into your test. So what can you do about it?
In the prep phase, do your own research, stay calm and focused. We’re all in the same boat. At least some of these “wrong” questions might even turn out to be not so wrong after having done your research…
During the test, take a deep breath and smile. Then go on. You got this. These questions will not make you fail if you got most of the other ones right.
Advice Number 6: During the exam, use the question review function to your advantage.
For the setup, just follow the instructions given by EC-Council. They’re very clear. No distractions, no people in the room other than you, no notes, only one screen, mic and camera on all the time, a pan around the room with the cam in the beginning…
The process with the proctor to get started took about 15 minutes. The proctor was really nice and friendly. She had a calm way of leading through the process so I was really satisfied with that.
You have the possibility to go through all the questions, jump back and forth and so on. Use this. I did so, too. You might find a piece of information in one question that provides some clarity for another one.
It’s 125 MC questions and you have 4 hours of time, which is more than enough. Most of it is reading. It took me something between 1 and 2 hours — probably closer to 1 hour — to finish.
eJPT
Advice Number 1: Take the free course and pay for the cert later.
Go to INE and register for the Starter Pass:
Take the Learning Path called PTS (Penetration Testing Student) consisting of the following three parts:
- Penetration Testing Prerequisites
- Penetration Testing: Preliminary Skills & Programming
- Penetration Testing Basics
Take your time there. INE is really generous. Unlimited LAB time for free. If you realize it’s not for you, you didn’t waste a penny.
If you’re not a programmer, don’t rush through the second part. It’s not needed for the exam, but you will hugely profit from some programming skills in the future. Automating recurrent steps can also boost your eJPT exam experience a lot.
Advice Number 2: Try to solve the labs yourself.
Do not rush through the labs. Play around with alternative tools, different flags, output formats and compare the results and possibilities.
Do not use the provided solutions like a cooking recipe. You may be finished more quickly but, if your brain works somewhat like mine, you will not learn a lot in the process.
Advice Number 3: Make a lab journal and create your personal “eJPT Cheat Sheet”.
In the more freestyle-like labs, you can quickly become disoriented. You might end up dumping a SQL database here, enumerate two different web servers there, all whilst manually reading some source code. You don’t want to come back to a dozen terminal windows, not even remembering what you opened them for.
Start documenting your commands, the corresponding output and the decisions you derive from them, ideas for later… It’s not only good practice for the future, it also helps you to proceed with a plan. This way you stay focused and make sure you do not forget anything.
And big, big plus: You can use your “eJPT cheat sheet” for the test. It’s going to be useful, trust me on that. Big time and hassle saver!
Advice Number 4: Repeat the black-box labs before the exam
For me, these labs were really challenging when I did them for the first time, especially the second lab. They’re good preparation for the exam. Do not skip those. I even did some parts a second time before the exam.
Compared to these, the exam felt more straightforward to me.
Advice Number 5: They give you additional material for a reason.
Read the Letter of Engagement carefully. Extract the crucial information from it.
I don’t know if it’s the same for every one or different ones. In my case, they provided additional material. It’s easy to forget about it once you’re deeply immersed in the testing phase.
So if you, like me, find yourself using half of the test time battering one “stubborn” machine and feel like poking around in the dark, you might want to go back to the material from the beginning. They give it to you for a reason…
Advice Number 6: Use the questions to guide you.
Yes, it’s a black box testing. But if you use the questions to your advantage, you can make it a quite some more gray!
Read the questions in the beginning. Go over them again and again. It will help, trust me. Most of all it will help you to determine, when you’re done.
Advice Number 5: In the exam, start slow and then take your time.
“I’m taking a 72-hour exam!” This can sound quite cool but intimidating at the same time. At least that’s what it did to me, when I first heard about it. But I do not think that the intimidating part is what eLearnSecurity wants to achieve with it.
I feel they just want you to know that you got loads of time to show what you learned.
Trust me, you do not have to rush it. I took more than an hour to carefully analyze the material handed out. Then I started the lab to generate the OVPN file.
All in all — after subtracting a good long lunch break — it took me about 6 hours from downloading the Letter of Engagement to pressing the “Submit Exam” button.
What was it like? Which one shall I take?
This article was only about what I did to pass. Maybe you want to know more about the experience I got from it? Or you’re thinking about doing one of the two certs and are not sure which one to go for?
Stay tuned, I’m in the process of writing that one and will link it here when it’s finished.
Edit 2022–01–15: Here you go: CEH vs. eJPT — Which One Should You Go For?
