Passed GCIA
Recently passed the GCIA exam and I must admit, it was a tough exam. I finished with less than 10 mins to spare. By far the most difficult exam I've prepared for and taken. I didn't have much of a background in deep level packet analysis, but I had a year of experience being one of two architects/admins for the IPS at my company. Which surprisingly, didn't help me much on this exam (lol), but I was very comfortable after putting in 3 months of studying for this bad boy. I used the self study method, where I have the official books and the course software/labs. No MP3's, but there is just no way I would have listen to them all anyway.
My study method (probably horrible, but this worked for me): I read the books while highlighting and indexing, once I finished the 1st read through of all books, I re-read the books and made my own notes on subjects I wasn't quite grasping and little tid-bits of things I had a feeling would be on the test. I admit, I didn't do many of the labs. Maybe half of them. I honestly didn't know what to expect from the test until I took my first practice test (where I scored a whopping 58%) but in my defense, I didn't use my index or notes on the first practice exam, I really wanted to see what I knew on my own first. Took the second practice exam a week later after additional studying and utilizing my index/notes and I scored...*drum roll please* A rousing 66%, I failed...AGAIN. LOL, needless to say I was kinda freaking out because the real exam was scheduled for two days later.
Needless to say, I buckled down and really locked into the areas I was having troubles with. I must admit, the most valuable study tool for me was the practice exams, they really do a great job of helping you focus on what your trouble areas are and the little things you don't know about a topic, but once you go back and study them they really click. I like to copy the actual questions that I miss from the practice exam along with the explanation and go through all those to really enforce what I didn't understand or know about a topic. Those practice test are so incredibly valuable.
On the real test I ended up scoring an 85. I wouldn't say that the real exam is easier than the practice exams, it's just that the practice exams helped me focus on those trouble areas and knowing different subject backwards and forwards so by the time I got to the real test, I was very confident in most areas. I also brought various **** sheets such as IP header, TCP header, wireshark, IPv6, the list goes on and on. I had a stack of papers with me and I utilized every piece of paper at some during that exam.
A few tips for anyone studying for this exam:
Get extremely comfortable with dissecting packets, counting offsets, and knowing where your protocol headers end and begin.
Know how to convert from hex to decimal (and binary) and vice versa. You'll be doing plenty of this.
Know some Wireshark (protocol hiearchy, conversations, summary, follow tcp/udp stream) and how to write display filters
Know DNS like the back of your hand (who really pays attention to the back of their hands?!?!?)
Know your Snort! Rule structure, rule header/options, logging of files, and command switches.
Know some Bro and Silk: (I had never heard of these tool until I began preparations for this exam)
Know your ICMP messages and codes.
Next up GCIH, hopefully I can knock this one out before the year is up. I think the last and final cert I will attain will be next year and that's CISSP. After that I think I'm done with certs and will just focus on maintaining the ones I have and continue to seek infosec knowledge, but without the testing, lol. (Though GCFE does look interesting...Maybe). Going to put all of my energy next year into CISSP and starting a MS in Cyber Security.
