GIAC — TechExams Community Thu, 21 Mar 2019 08:28:47 +0000 en GIAC — TechExams Community SEC511: GMON | Self Study Sun, 17 Mar 2019 08:14:06 +0000 GIAC arthedain_brandywine 135098@/discussions Thank you,

SANS GNFA Certification Accomplished Mon, 18 Mar 2019 16:49:35 +0000 GIAC gabeaaa 135107@/discussions The DFIR area has been foreign to me but I have learned a bunch from this class and exam! The exam encompassed the evaluation of logging choke-points within a network architecture, protocol analysis, postmortem network artifacts, drawing conclusions on NetFlow, SMB, HTTP, etc protocol data and much more. 
SANS Orlando - Work Study Wed, 20 Feb 2019 14:00:26 +0000 GIAC LWB250 134935@/discussions GCIA Sun, 17 Mar 2019 16:11:47 +0000 GIAC jataiy 135101@/discussions ]]> GCFA Fri, 15 Mar 2019 13:45:57 +0000 GIAC hac51 135086@/discussions ]]> Take GCFA exam on end of this months Wed, 13 Mar 2019 16:31:21 +0000 GIAC dwin87 135073@/discussions Passed GCIH Sun, 10 Mar 2019 07:29:13 +0000 GIAC Dtrack 135057@/discussions Deleted discussion Tue, 12 Mar 2019 17:37:20 +0000 GIAC quogue66 135068@/discussions ]]> GMON Passed Sun, 10 Mar 2019 02:12:13 +0000 GIAC mjs1104 135056@/discussions Passed GSEC! Mon, 25 Feb 2019 17:26:30 +0000 GIAC VictorVictor5 134978@/discussions
  It's been a minute, but I passed my GSEC exam last week! Received an 87%, to which I'm a little bummed because I was shooting for advisory board. I'll get it next time.

  Not too sure the next time I'll take a GIAC cert, but it is good training. I think next on the horizon is PMP and my PE Exam. All while in law school!

GMON/SEC511 Any Advice? Sun, 17 Feb 2019 20:28:36 +0000 GIAC markulous 134911@/discussions Self study for GSEC Thu, 07 Mar 2019 00:21:36 +0000 GIAC belledern 135037@/discussions
I am aiming to get the GSEC later this year, but am planning to challenge the exam, as neither my employer nor I can fund the SANS course or SANS self-study materials. I know Work Study is an option, and have applied for it, but don't believe I will be offered a facilitator role.

Looking through the forums, it appears that it is possible by doing a range of things including:
- study material from SSCP, Sec+, Net+, Linux+
- study material from older SEC401 courses (this one may not be so helpful since specifics within the course and exam content changes frequently)
- use learning platforms like Cybrary, ImmersiveLabs etc.

I do not have much technical IT experience, and this will be my first exam attempt and certification. I know that this will make what I'm doing sound quite ambitious, but I believe I can do it. If anyone's got any further tips, or has experience with challenging exams without using SANS material please let me know about what you did and how you went.

GIAC GCFE Practice Test Request Wed, 06 Mar 2019 18:43:10 +0000 GIAC tbark397 135035@/discussions
I was wondering if any has an extra practice test for the GCFE I could have?

Thank you in advance for your help!]]>
GCIH Practice Questions Sat, 02 Mar 2019 20:25:36 +0000 GIAC Kiyori 135011@/discussions I was wondering if there were any legitimate practice questions/exams I could use to prepare for the GCIH?  I do not have the funds to pay for the GIAC Practice Exams, and am going to attempt to Challenge the exam by self-studying other resources and relying on experience.

Any recommendations would be appreciated!

GIAC Exams Score Sun, 24 Feb 2019 16:55:18 +0000 GIAC Dtrack 134970@/discussions SANS SEC566/GCCC Fri, 11 Jan 2019 17:23:49 +0000 GIAC E Double U 134629@/discussions Passed GPYC (SANS573/ Python Coder) Sun, 24 Feb 2019 17:47:55 +0000 GIAC MalwareMike 134973@/discussions

*3 books (Book 1 covered days 1-2, book 2 covered days 3-5, book 3 covered day 6)
*PyWars: 50+ python exercises  (30+ problems for book 1 and 20+ problems for book 2)

Days 1 and 2 (Python Fundamentals I and II)

If you have a decent amount of Python experience, you will fly through book 1 because it's all about the basics (functions, flow control, data structures, etc). If you're new to Python, Book 1 will be informative and fun. Below are some helpful resources if you are new to Python

Learn Python the Hard Way:
Full Stack Python:

Days 3,4, and 5 (Defensive, Forensics, and Offensive)

Book 2 is where most of the fun takes place. Day 3 deals with working with files, regex, log parsing, and packet analysis (make sure you know regex, there were a ton of questions on the exam regarding it). Day 4 covered acquiring images from disk, SQL, and communicating with the web (requests/urllib2). Day 5 goes into using Python for pen-testing tasks (backdoors, process execution, network socket operations, and Python objects).

Make sure you have a firm grasp on the following Python modules

I think this class would be very helpful for new Python coders because it covers the basics, has infosec related Python problems, and  provides ideas on how to use Python in the information security field. For intermediate and above coders, I don't recommend this course. Instead, I would review the modules above and then look at other SANS courses where you could use your Python knowledge.

Looking for an extra GNFA practice exam Sun, 24 Feb 2019 20:20:21 +0000 GIAC Blucodex 134975@/discussions

Passed GCCC 93% Fri, 22 Feb 2019 01:17:37 +0000 GIAC markmorow 134952@/discussions
I also felt my index was the hardest to make for this exam as it felt like the content was sort of spread out and things can be in multiple spots so I dont really rely on it all too much in the exam. 

Practice test 1-80%
Practice test 2-94%

Up next is the FOR578 and GCTI! ]]>
Passed GCIA (SEC503) Thu, 24 Jan 2019 22:09:24 +0000 GIAC MalwareMike 134737@/discussions
I have to say I really enjoyed this course after I started to actually absorb the information. Going through book 1 and 2 the first time was mentally draining but after the 3rd go around, everything started to come together. So for anyone taking this class in the future, don't get overwhelmed with the first two books, give it time and you'll start absorbing the concepts. Once you grasp the information in the first two books, I believe books 3,4, and 5 are cake...just understand how to use tcpdump, tshark, wireshark, snort, and bro (run through the labs 2-3 times and you'll be a good spot).

Tips for the exam:
**Bring the following with you**
1) A chart that shows you the conversion between decimal/hex/binary (very useful, you dont' want to be converting hex during the exam if you don't have to)
2) Print out a few IP and TCP headers in hex format and label each field...doing this alone helped me solve 8-10 problems
3) Print out all of the ICMP codes (I used this:
4) Print out a list of examples for: tcpdump commands, wireshark commands, tshark commands, snort rules, bro scripts, silk commands
SANS provides a book with tcpdump and wireshark commands but I found my personal list to help more
5) The practice exams will tell you where you stand...I received a 87% on my second practice exam and received an 87% on my actual test
6) Great website to test your skills during and after the class:

FOR500 (GCFE) Thu, 07 Feb 2019 22:35:37 +0000 GIAC tboe 134854@/discussions Passed GSTRT Tue, 04 Sep 2018 15:20:22 +0000 GIAC cyberguypr 133541@/discussions
So the exam was pretty much inline with what I expected. I used my trusty index preapared exactly as the previous ones. Question wording was very similar to the practice test.

What's next? Maybe CISM.]]>
Anyone taking the GREM and need an extra practice exam? Thu, 31 Jan 2019 03:13:52 +0000 GIAC supasecuritybro 134779@/discussions ]]> Passed GNFA Wed, 11 Apr 2018 07:46:24 +0000 GIAC GeekySteve 131903@/discussions
I passed the GNFA exam today with a score of 74 percent. Really happy as the exam was really tough. I would totally recommend doing the FOR572 course together with the exam. Wish you all the best if you are going for it!

SANS Cybertalent Assessment Fri, 02 Nov 2018 12:22:00 +0000 GIAC spiderjericho 134043@/discussions
As part of Cybersecurity Month, I was able to finagle a free assessment from SANS. I just wanted to see the output of the results.]]>
Which GIAC exams have labs? Wed, 12 Dec 2018 18:30:23 +0000 GIAC JGS 134414@/discussions I know GCIA and GWAPT require doing labs on the GIAC exam.  What other courses do people know of which also have labs?  I am particularly wondering about GMON, but am curious as to any others.
Passed GPYC - Any questions? Tue, 18 Sep 2018 11:53:12 +0000 GIAC ITHokie 133664@/discussions
SEC573: Automating Information Security with Python was solid. Days 1 and 2 were a Python primer, Days 3 - 5 were dedicated to Defensive, Forensics and Offensive Python respectively. As usual, the training incorporated a nice balance of conceptual and pragmatic learning. I found it very useful and was pleasantly surprised by the concise section on Regex.

The exam wasn't very challenging, but I came in with some familiarity with scripting. Additionally, my last GIAC exam was GXPN which was pretty difficult. That may have skewed my impression. Either way, I spent less time studying for this as I did other GIAC exams. No code writing, just standard multiple choice.

I should point out that my purpose was almost entirely to strengthen my scripting skills, and I found the training very valuable in that regard. Taking the exam was more about showing immediate value to my employer.]]>
Passed GCFE Tue, 25 Dec 2018 00:41:56 +0000 GIAC Donklander 134496@/discussions
Definitely had to prepare for this one differently, as most of my background was network related or high level concepts on systems.  This is actually the first time for anything SANS I had to go go through OnDemand or the books more than once.  However, I did learn quite a bit about how which interactions will create or modify artifacts.

Onto writing a whitepaper, which I've been dreading more than any class.]]>
Passed GSTRT 87% Thu, 07 Feb 2019 02:00:54 +0000 GIAC uksteveinus 134841@/discussions Index is the key. 
There were a couple of dubious questions in the exam. 
You have 3 hrs for this exam, which is enough to look up each answer in the book. You just need to have read the material, that's all.
First practice test is key. Don't waste it. only take it when ready. I scored 87% in the first practice test and 90% in the second. I scored 87% in the real thing.

Passed GCIH Sat, 02 Feb 2019 07:54:48 +0000 GIAC snowchick7669 134801@/discussions
I took the SEC504 course late last year at the London SANS event. I was lucky enough to get selected for the work study program which was an amazing experience! Would highly recommend - although you work hard during the week, you get to see a lot behind the scenes and meet some brilliant people.

Over the next few months I took the following approach;

1) Read through all the books again whilst putting together my exam index
2) Tabbed my books for easy access
3) Went through all the labs from the workbook again
4) Sat my first practice exam to gauge my weak areas and the strength of my index
5) Went back and studied my weak areas using the OnDemand course
6) Amended my index to include any of the points that were missing or any areas that needed to be more detailed
7) Sat my second practice exam and amended my index again
8) Read through my index and highlighted important bits (multiple times!)


My index was around 30 A3 pages long and had 4 sections (Main, Tools, Windows commands, Linux commands). I kept updating this and made sure I had enough detail to understand the keyword and any significant points about it. I made sure I was familiar with my index so I knew which section certain topics were, etc.

The A3 size worked for my because I had a good font size and wasn't struggling in a sea of text during the exam.

Practice Exams

The practice exams were pretty similar in difficulty to the real exam. I would suggest treating them like the real thing as it will be a good way to gauge where you're at. I ensured I had explanations on for both right and wrong answers in case I had missed anything in my index/study. I scored the following on my tests;

1st practice exam: 83%
2nd practice exam: 88%
Exam: 89%


My tips for the exam are as follows;

  • Take your time to read the question & the answers (then re-read the question). Some questions are wordy, so take your time on these and some are straight forward so you don't need to waste time. I'd say 30% of the questions I knew the answer to without referring to my index or at least had a very solid idea of the answer. I only used my books for a handful of questions, the rest came from my index. You definitely don't have to rush, but you also don't have time to look everything up in your books (hence the importance of your index!)
  • You should be well versed with the timings of the exam if you did both practice exams
  • Flag/skip questions that you are taking too long on and come back to them
  • My index had enough detail so I could answer the majority of the questions straight from this & I used my books as a backup when I wasn't 100% sure or the question was asking for something very specific
  • Ensure you have done the labs and know what the tools actually do! (important!). Some of the questions tested my experience with tools and their intended operation/output
Overall it was a great experience and I loved achieving this certification. The course was brilliant and the material is relevant. For technical courses, this was definitely up there as one of the better ones I've taken, if not the best.