GIAC Practice Tests

coffeeguycoffeeguy Registered Users Posts: 4 ■□□□□□□□□□
Does anyone have any GCIA practice tests available? I am getting ready to take my exam next week and used both of mine, barely passed the second and have been studying like crazy (taking two days off before the exam). Hoping someone has one they didn't use that I could use to get one final practice in before I sit for the exam.

I took the course and have been studying the SANS books, the IDS rules, Advanced IDS concepts and Tcpdump have been my hardest areas so I have been reviewing the exercises and have it running on my home network.

Thanks in Advance, Back to studying


  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    It might be helpful to mention which specific test you are talking about. Once that is sorted out you could tell us what your study plan has been like as well as scores you got in those two practice tests.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    The GCIA is a stressful one for many people. Which areas are you the weakest in, given the GIAC-provided scoring feedback at the end of each practice exam? The GCIA has a lower passing score than others that I've seen. It's a good test though.
    Hopefully-useful stuff I've written:
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    Agreed. I'm currently doing the GSE track (currently challenging GCIA this quarter) and was surprised to find that it was more difficult than I expected (given how easy GCIH was).

    I also have consumed both of my practice tests. I don't know if its any help, but while prepping I've been doing a series of blogs on packet structure analysis with Scapy...

    IP Protocol Analysis (Hex-**** Packet Analysis with Scapy Part 1) | Shortbus Ninja Security
    ICMP Protocol Analysis (Hex-**** Packet Analysis with Scapy Part 2) | Shortbus Ninja Security
  • coffeeguycoffeeguy Registered Users Posts: 4 ■□□□□□□□□□
    GCIA has been giving me lots of problems (but its good to dig in deep to the material), thanks for the Scapy links I will look them over.
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    No problem man. There really isn't much Scapy to it. I just used Scapy to generate preconfigured packets to polish my packet structure hex-**** analysis (which when I took my practice tests, seemed like a very large part of the exam).
  • Khaos1911Khaos1911 Member Posts: 366
    I hear you guys. These GCIA studies are kicking my butt. I find it hard to focus on reading the material. I breezed through the GSEC studies, I know that pales in comparison, but I even opened up Book 1 of GCIH and was really comfortable with what I saw. So, I feel I will murder that exam after putting in some time with books and tools. But this GCIA is a whole other monster, but the material isn't hard for me to understand, just boring as heck to read and really absorb.
  • coffeeguycoffeeguy Registered Users Posts: 4 ■□□□□□□□□□
    You have any good references for IPv6?

  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    Seriously doubt there will be any IPv6 questions on the exam. If there won't be more than 1 or 2. Personally, I'd rather just take the hit on those two questions than learn the material. Like most IT guys, I fully intend to continue to stick my head in the sand, in regard to IPv6, until I absolutely have no other choice but to learn it.
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    I've already told people at my job, that if I ever get contracted to perform a PenTest on a client that is exclusively running IPv6 in their internal environment, I'm going to walk out right then and tell the client that they win.
  • calliclescallicles Member Posts: 13 ■□□□□□□□□□
    I do not have a spare test, but I know your stress. I will be taking the GCIA in 2 weeks. If anything, take a look at Network Intrusion Detection by Stephen Northcutt. The book runs nearly parallel to SANS books from the course, but provides a little more detail on the topics, which really helped me. Concentrate on the basic theories of the topics. If you understand how its happening, you'll be able to analyze your way through the questions.

    Hope that offers some help, good luck!
    Passed: GCIA, GWAPT, GCIH Goals: GCFE, GCFA
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    The key thing about taking the GCIA is understanding protocol behavior (IP, TCP, UDP, ICMP), knowing their header structures, and recognizing patterns. Interpreting header values (and being able to convert between decimal and hex) as well as knowing how they fit into the behavioral scheme of the protocols is really at the heart of it all because that's the basis of "seeing/feeling/being" the traffic. Once you can do that, you can start seeing the anomalies and thus intrusions.

    503 was probably one of the most important (and perhaps "fun") SANS courses I've taken, and it has fundamentally affected my approach as well as influenced my abilities as a network security professional. The GCIA was also the exam which I completed in the least amount of time (about an hour and forty-five minutes or so, if I recall) while still managing a decent passing score.

    I dare say 503 is one of the cornerstones of SANS' set of training offerings.
    Hopefully-useful stuff I've written:
  • n8236n8236 Member Posts: 20 ■□□□□□□□□□
    Agreed. The key is knowing how to read headers and output. You need to be able to recognize it.

    What I mean by that is, u need to know how to read it, convert it and implement it in other tools.

    The hex/decimal conversion part u can use a **** sheet for.

    Worthy cert! Good luck!
  • Khaos1911Khaos1911 Member Posts: 366
    Question directed at no one in particular...I see you guys saying mostly focus on the headers, protocols, hex to decimal and such....But what about the stuff that's in Book 4, all this snort installation stuff? Are we really going to be tested on that. Do I really have to go through that stuff with a fine tooth comb? I know we should know snort rules and how to write and understand them. But all this config/installation stuff is soooo tedious, just want to make sure I'm not wasting my time/indexing.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    There are probably at least several questions on IDS (using Snort obviously), so while it's probably not in-depth, you might need to recognize what a rule is attempting to detect. It's been a few years since I've taken the exam, but my impression is that there will be some Snort-oriented questions (although not config/install-related unless it's covered in the updated versions of the course).
    Hopefully-useful stuff I've written:
  • chaser7783chaser7783 Member Posts: 154
    Yes, you should know how snort logs, where it pulls config file from, how to change it, as well as the different modes it can be run in. You should learn how snort uses library to load rules or other config files, and also know the pre processors and what they do, and any dependencies they have have on others(i.e HTTP inspect needs Stream5). Know how to create snort rules(Rule header and options) and know the different rule option types(content,uricontent,pcre, offset, depth etc).
  • Ferdiaz8Ferdiaz8 Registered Users Posts: 1 ■□□□□□□□□□
    I took the course "SEC505: Securing Windows and PowerShell Automation (B02_01_4867)" and I will present the GIAC2HR, I already taken the 2 practice tests. Does somebody know where can I get more practice or some other practice tests?
  • JDMurrayJDMurray Admin Posts: 13,025 Admin
    You can, of course, buy more practice exams from GIAC:

    GIAC also allows exam candidates to gift or trade their unused GIAC practice exams to other people. You need to find a place where GIAC exam candidates hang out (TechExams.NET, Reddit, advisory-board-open mailing list) and ask if anyone has an unused GCWN practice exam to give away.
Sign In or Register to comment.