Passed GCIA
Recently passed the GCIA exam and I must admit, it was a tough exam. I finished with less than 10 mins to spare. By far the most difficult exam I've prepared for and taken. I didn't have much of a background in deep level packet analysis, but I had a year of experience being one of two architects/admins for the IPS at my company. Which surprisingly, didn't help me much on this exam (lol), but I was very comfortable after putting in 3 months of studying for this bad boy. I used the self study method, where I have the official books and the course software/labs. No MP3's, but there is just no way I would have listen to them all anyway.
My study method (probably horrible, but this worked for me): I read the books while highlighting and indexing, once I finished the 1st read through of all books, I re-read the books and made my own notes on subjects I wasn't quite grasping and little tid-bits of things I had a feeling would be on the test. I admit, I didn't do many of the labs. Maybe half of them. I honestly didn't know what to expect from the test until I took my first practice test (where I scored a whopping 58%) but in my defense, I didn't use my index or notes on the first practice exam, I really wanted to see what I knew on my own first. Took the second practice exam a week later after additional studying and utilizing my index/notes and I scored...*drum roll please* A rousing 66%, I failed...AGAIN. LOL, needless to say I was kinda freaking out because the real exam was scheduled for two days later.
Needless to say, I buckled down and really locked into the areas I was having troubles with. I must admit, the most valuable study tool for me was the practice exams, they really do a great job of helping you focus on what your trouble areas are and the little things you don't know about a topic, but once you go back and study them they really click. I like to copy the actual questions that I miss from the practice exam along with the explanation and go through all those to really enforce what I didn't understand or know about a topic. Those practice test are so incredibly valuable.
On the real test I ended up scoring an 85. I wouldn't say that the real exam is easier than the practice exams, it's just that the practice exams helped me focus on those trouble areas and knowing different subject backwards and forwards so by the time I got to the real test, I was very confident in most areas. I also brought various **** sheets such as IP header, TCP header, wireshark, IPv6, the list goes on and on. I had a stack of papers with me and I utilized every piece of paper at some during that exam.
A few tips for anyone studying for this exam:
Get extremely comfortable with dissecting packets, counting offsets, and knowing where your protocol headers end and begin.
Know how to convert from hex to decimal (and binary) and vice versa. You'll be doing plenty of this.
Know some Wireshark (protocol hiearchy, conversations, summary, follow tcp/udp stream) and how to write display filters
Know DNS like the back of your hand (who really pays attention to the back of their hands?!?!?)
Know your Snort! Rule structure, rule header/options, logging of files, and command switches.
Know some Bro and Silk: (I had never heard of these tool until I began preparations for this exam)
Know your ICMP messages and codes.
Next up GCIH, hopefully I can knock this one out before the year is up. I think the last and final cert I will attain will be next year and that's CISSP. After that I think I'm done with certs and will just focus on maintaining the ones I have and continue to seek infosec knowledge, but without the testing, lol. (Though GCFE does look interesting...Maybe). Going to put all of my energy next year into CISSP and starting a MS in Cyber Security.
My study method (probably horrible, but this worked for me): I read the books while highlighting and indexing, once I finished the 1st read through of all books, I re-read the books and made my own notes on subjects I wasn't quite grasping and little tid-bits of things I had a feeling would be on the test. I admit, I didn't do many of the labs. Maybe half of them. I honestly didn't know what to expect from the test until I took my first practice test (where I scored a whopping 58%) but in my defense, I didn't use my index or notes on the first practice exam, I really wanted to see what I knew on my own first. Took the second practice exam a week later after additional studying and utilizing my index/notes and I scored...*drum roll please* A rousing 66%, I failed...AGAIN. LOL, needless to say I was kinda freaking out because the real exam was scheduled for two days later.
Needless to say, I buckled down and really locked into the areas I was having troubles with. I must admit, the most valuable study tool for me was the practice exams, they really do a great job of helping you focus on what your trouble areas are and the little things you don't know about a topic, but once you go back and study them they really click. I like to copy the actual questions that I miss from the practice exam along with the explanation and go through all those to really enforce what I didn't understand or know about a topic. Those practice test are so incredibly valuable.
On the real test I ended up scoring an 85. I wouldn't say that the real exam is easier than the practice exams, it's just that the practice exams helped me focus on those trouble areas and knowing different subject backwards and forwards so by the time I got to the real test, I was very confident in most areas. I also brought various **** sheets such as IP header, TCP header, wireshark, IPv6, the list goes on and on. I had a stack of papers with me and I utilized every piece of paper at some during that exam.
A few tips for anyone studying for this exam:
Get extremely comfortable with dissecting packets, counting offsets, and knowing where your protocol headers end and begin.
Know how to convert from hex to decimal (and binary) and vice versa. You'll be doing plenty of this.
Know some Wireshark (protocol hiearchy, conversations, summary, follow tcp/udp stream) and how to write display filters
Know DNS like the back of your hand (who really pays attention to the back of their hands?!?!?)
Know your Snort! Rule structure, rule header/options, logging of files, and command switches.
Know some Bro and Silk: (I had never heard of these tool until I began preparations for this exam)
Know your ICMP messages and codes.
Next up GCIH, hopefully I can knock this one out before the year is up. I think the last and final cert I will attain will be next year and that's CISSP. After that I think I'm done with certs and will just focus on maintaining the ones I have and continue to seek infosec knowledge, but without the testing, lol. (Though GCFE does look interesting...Maybe). Going to put all of my energy next year into CISSP and starting a MS in Cyber Security.
Comments
-
docrice Member Posts: 1,706 ■■■■■■■■■■Yup, the GCIA is not an easy one, but passing it comes with a sigh of relief and a solid feeling of gratification. Being able to think at the bit-level is fundamentally important in network security. Far too many admins think about tools and less about the protocols, data, their interpretation by commercial devices, and the types of attacks which try to sneak past them. 503 (and subsequently the GCIA exam experience) helps hone a good mindset.
Many commercial vendors create products that base their detection and alerting on a lot of assumptions and it's up to us, the actual engineers and analysts, to see their limitations and devise additional countermeasures as needed.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
JoJoCal19 Mod Posts: 2,835 ModCongrats on the pass!Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
Khaos1911 Member Posts: 366Thanks to you all! Gosh, that was a tough exam and a tough experience in general. Good luck to everyone pursuing that cert. I know how much work it takes to obtain it.
-
JasminLandry Member Posts: 601 ■■■□□□□□□□Congrats on the pass! I'm looking to get into the GIAC certs but I'm wondering, do you guys pay for the training yourselves or your company pays it all or at least a good part of it?
-
j.petrov Member Posts: 282Congrats on the pass! I'm hoping to do a SEC503 workstudy in March of next year... hopefully I get selected.
-
ITHokie Member Posts: 158 ■■■■□□□□□□Congrats! If I can manage to hold off finishing my degree a little longer, GCIA is next up for me.
-
SephStorm Member Posts: 1,731 ■■■■■■■□□□Congrats and thanks for the good review.I'm looking to get into the GIAC certs but I'm wondering, do you guys pay for the training yourselves or your company pays it all or at least a good part of it?
Me personally, i've paid for something like 99% of my certs/training out of pocket. I've got some reimbursement through my employers though for the cost of the exam, almost never for the cost of training. -
veritas_libertas Member Posts: 5,746 ■■■■■■■■■■Congratz! From what I have heard this a difficult exam.
-
Khaos1911 Member Posts: 366Employer paid for GSEC exam and GSEC bootcamp, the rest I got all on my own.
-
callicles Member Posts: 13 ■□□□□□□□□□Congratulations, Khaos!! Happy to hear the good news and tyvm for your recap - it was helpful to read!Passed: GCIA, GWAPT, GCIH Goals: GCFE, GCFA
-
impelse Member Posts: 1,237 ■■■■□□□□□□Congrats, some day I will do one Sans certification, I applied for San Antonio work study and I was not able to get it.Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
It is your personal IPS to stop the attack. -
Khaos1911 Member Posts: 366You know what's crazy, Impelse. I was offered the SANS work study position for San Antonio, but I turned it down because of a major project at work....Then again, I think that was for the GCIH class.
-
impelse Member Posts: 1,237 ■■■■□□□□□□LOL, this is killing me.... I will wait for another one. We never get anything in Houston.Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
It is your personal IPS to stop the attack.