GIAC Practice Tests

coffeeguy · August 2014

Does anyone have any GCIA practice tests available? I am getting ready to take my exam next week and used both of mine, barely passed the second and have been studying like crazy (taking two days off before the exam). Hoping someone has one they didn't use that I could use to get one final practice in before I sit for the exam.

I took the course and have been studying the SANS books, the IDS rules, Advanced IDS concepts and Tcpdump have been my hardest areas so I have been reviewing the exercises and have it running on my home network.

Thanks in Advance, Back to studying

cyberguypr · August 2014

It might be helpful to mention which specific test you are talking about. Once that is sorted out you could tell us what your study plan has been like as well as scores you got in those two practice tests.

docrice · August 2014

The GCIA is a stressful one for many people. Which areas are you the weakest in, given the GIAC-provided scoring feedback at the end of each practice exam? The GCIA has a lower passing score than others that I've seen. It's a good test though.

NovaHax · August 2014

Agreed. I'm currently doing the GSE track (currently challenging GCIA this quarter) and was surprised to find that it was more difficult than I expected (given how easy GCIH was).

I also have consumed both of my practice tests. I don't know if its any help, but while prepping I've been doing a series of blogs on packet structure analysis with Scapy...

IP Protocol Analysis (Hex-**** Packet Analysis with Scapy Part 1) | Shortbus Ninja Security
ICMP Protocol Analysis (Hex-**** Packet Analysis with Scapy Part 2) | Shortbus Ninja Security

coffeeguy · August 2014

GCIA has been giving me lots of problems (but its good to dig in deep to the material), thanks for the Scapy links I will look them over.

NovaHax · August 2014

No problem man. There really isn't much Scapy to it. I just used Scapy to generate preconfigured packets to polish my packet structure hex-**** analysis (which when I took my practice tests, seemed like a very large part of the exam).

Khaos1911 · August 2014

I hear you guys. These GCIA studies are kicking my butt. I find it hard to focus on reading the material. I breezed through the GSEC studies, I know that pales in comparison, but I even opened up Book 1 of GCIH and was really comfortable with what I saw. So, I feel I will murder that exam after putting in some time with books and tools. But this GCIA is a whole other monster, but the material isn't hard for me to understand, just boring as heck to read and really absorb.

coffeeguy · August 2014

You have any good references for IPv6?

Thanks

NovaHax · August 2014

Seriously doubt there will be any IPv6 questions on the exam. If there are...it won't be more than 1 or 2. Personally, I'd rather just take the hit on those two questions than learn the material. Like most IT guys, I fully intend to continue to stick my head in the sand, in regard to IPv6, until I absolutely have no other choice but to learn it.

NovaHax · August 2014

I've already told people at my job, that if I ever get contracted to perform a PenTest on a client that is exclusively running IPv6 in their internal environment, I'm going to walk out right then and tell the client that they win.

callicles · August 2014

I do not have a spare test, but I know your stress. I will be taking the GCIA in 2 weeks. If anything, take a look at Network Intrusion Detection by Stephen Northcutt. The book runs nearly parallel to SANS books from the course, but provides a little more detail on the topics, which really helped me. Concentrate on the basic theories of the topics. If you understand how its happening, you'll be able to analyze your way through the questions.

Hope that offers some help, good luck!

docrice · August 2014

The key thing about taking the GCIA is understanding protocol behavior (IP, TCP, UDP, ICMP), knowing their header structures, and recognizing patterns. Interpreting header values (and being able to convert between decimal and hex) as well as knowing how they fit into the behavioral scheme of the protocols is really at the heart of it all because that's the basis of "seeing/feeling/being" the traffic. Once you can do that, you can start seeing the anomalies and thus intrusions.

503 was probably one of the most important (and perhaps "fun") SANS courses I've taken, and it has fundamentally affected my approach as well as influenced my abilities as a network security professional. The GCIA was also the exam which I completed in the least amount of time (about an hour and forty-five minutes or so, if I recall) while still managing a decent passing score.

I dare say 503 is one of the cornerstones of SANS' set of training offerings.

n8236 · September 2014

Agreed. The key is knowing how to read headers and output. You need to be able to recognize it.

What I mean by that is, u need to know how to read it, convert it and implement it in other tools.

The hex/decimal conversion part u can use a **** sheet for.

Worthy cert! Good luck!

Khaos1911 · September 2014

Question directed at no one in particular...I see you guys saying mostly focus on the headers, protocols, hex to decimal and such....But what about the stuff that's in Book 4, all this snort installation stuff? Are we really going to be tested on that. Do I really have to go through that stuff with a fine tooth comb? I know we should know snort rules and how to write and understand them. But all this config/installation stuff is soooo tedious, just want to make sure I'm not wasting my time/indexing.

docrice · September 2014

There are probably at least several questions on IDS (using Snort obviously), so while it's probably not in-depth, you might need to recognize what a rule is attempting to detect. It's been a few years since I've taken the exam, but my impression is that there will be some Snort-oriented questions (although not config/install-related unless it's covered in the updated versions of the course).

chaser7783 · September 2014

Yes, you should know how snort logs, where it pulls config file from, how to change it, as well as the different modes it can be run in. You should learn how snort uses library to load rules or other config files, and also know the pre processors and what they do, and any dependencies they have have on others(i.e HTTP inspect needs Stream5). Know how to create snort rules(Rule header and options) and know the different rule option types(content,uricontent,pcre, offset, depth etc).

Ferdiaz8 · December 2017

I took the course "SEC505: Securing Windows and PowerShell Automation (B02_01_4867)" and I will present the GIAC2HR, I already taken the 2 practice tests. Does somebody know where can I get more practice or some other practice tests?

JDMurray · December 2017

You can, of course, buy more practice exams from GIAC: https://www.giac.org/exams/preparation#practice

GIAC also allows exam candidates to gift or trade their unused GIAC practice exams to other people. You need to find a place where GIAC exam candidates hang out (TechExams.NET, Reddit, advisory-board-open mailing list) and ask if anyone has an unused GCWN practice exam to give away.

GIAC Practice Tests

Comments