Failed GCIA - 503: Help and Extra Practice Exams

calliclescallicles Member Posts: 13 ■□□□□□□□□□
Coming out of 'lurking-mood' and requesting any help and if anyone has extra practice exams.

My biggest take away from failing the exam was time. I performed okay-to-good on the practice exams, 70% and 80%. However, when I got to the real deal - I realized I was not prepared on time-scheduling. The real exam was definitely harder than the practice exams. By the half-way mark around question 70, I was at 71% and had 40minutes to answer 80 questions. In the end, I ended up missing the minimum 67% by 13 questions.

Secondly, would anyone have advice on how to study for the following Topics:
Advanced IDS Concepts
Network Traffic Analysis and Forensic
Packet Engineering

Lastly, any extra practice exams would be greatly appreciated.

Thank you all very much.

*Studying Procedure:
Highlighted the SANS books
Table of Content style Index (Main concepts, Tools, Types of Attacks)
Used sticky tabs to highlight the main pages/concepts and theories
Study time - (solid) 3 weeks


  • doverdover Member Posts: 184 ■■■■□□□□□□

    Sorry about the fail. That's a tough one. Before I go spouting off recommendations for study materials can I ask if you challenged the exam or did you take the SANS training course?

    I took the SANS OnDemand 503 course and it was by far the best class I've ever had.

    Let me know if you challenged and I can put together some study materials for you.

  • Khaos1911Khaos1911 Member Posts: 366
    Sorry to hear that. I hope this isn't a bad omen for me, I've been stressing over the last couple months with the official study material and I just booked my exam for today.
  • laughing_manlaughing_man Member Posts: 84 ■■□□□□□□□□
    I routinely hear the GCIA is one of the tougher 500 level SANS courses. I know that is not much consolation, but do not get disheartened.

    I will echo what dover said: did you challenge the exam or do you have the SANS course books? If you have the course books, they will have all the study material you need. Plus you should have the print out displaying your results for each topic on the test. I would use that as my guide and re-study any area 3 stars and under.
  • azmattazmatt Member Posts: 114
    503 and 508 are both tough so there's zero shame in struggling with either.

    It sounds like you had a good index for your course books so if time was an issue was it the hex level packet analysis taking up a lot of time? For that exam you need to be very comfortable with packet headers and walking through the packet's hex field by field, recognizing one packet inside of another etc. Once I got comfortable that it helped out quite a bit.

    On the other topics, the books will have all of the info you need. When I do my index making read through I go page by page and ask if I could explain the content to some someone tech savvy. My rule of thumb is I don't need to be an expert but I need to understand it good enough to explain it and answer basic questions. I would focus on a re-read with slight googling of questionable topics as opposed to grabbing other books.

    Head up and good luck!

  • calliclescallicles Member Posts: 13 ■□□□□□□□□□
    Thank you all for the support. A week away from it all certainly got me out of the depression and back into the game.

    Dover: I did not challenge the course. My work sent me to the Sans course. As much as I enjoyed Mike Poor, I found the class did not benefit my learning abilities. It wasn't a large class 45-50 students, and I was able to grasp the labs we'll enough to finish them. Most of my knowledge and experience comes from on-the-job. Perhaps I just missed the "3-foot stomp" signals of things that we're absolutely going to be on the exam.

    I did find during the paratice exams all of the information is indeed in the Sans provided books (paragraphs and slides). Besides the Sans course books I also had "Network Intrusion Detection" by Northcutt & Novak with me which I referenced throughout the exam.

    Laughing_Man: I do have that print out and firgured it would be a good starting point. However, my concern is I did better on sections I felt weak on and failed the sections I thought I had a good grasp on. For example, what azmatt brought up, packet reading. I had both confidence and packet header **** sheets, and didn't score as well as I expected. But, what I struggled on during the test and seemed to have a lot more questions on was tcpdump and wireshark filters - I had 4 stars.

    Thank you all again. And Khoas1911, hope you passed - no bad omens. Please privde any pointers from your experience, if you have any.
    Passed: GCIA, GWAPT, GCIH Goals: GCFE, GCFA
  • Khaos1911Khaos1911 Member Posts: 366
    Will do, Callicles. My GCIA is scheduled for the end of the month, Oct 27. icon_study.gif
Sign In or Register to comment.