SEC511 - GMON - Prep

I took the course less then a month ago and want to gear up to take the exam. I have an index (since they provide one for the course due to the amount of information) and I did fairly well in the class. I was thinking of taking one of the practice exams and based on that seeing whether I wait two weeks or a month for the test. Other then that, how does one typically prepare? Should I re-read all the manuals?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

cyberguypr

I'm not a fan of pre-made indexes. I make my own which gives me the opportunity to go through the books one more time and identify areas that need attention. This method has worked well for all my GIAC certs.

636-555-3226

Do a practice test and see how well you can do without the index or books. After all, part of learning the material is actually learning the material. Otherwise you're just spending 5k to put some letters behind your name. If that goes well, just review the index afterward to see if it would have helped. If it's good, then go take the second test just to confirm you're good. If the first practice test goes poorly or you need to use your index a lot, skim through the books again, bump up the index quality if necessary, and rock on the time go-around.

zxbane

OP,

I passed this exam a couple of months back. I didn't get provided an Index and as others have stated I prefer to make my own as a way to ensure I understand/remember the content. I did a pass through each of the books and made my own Index and I felt thoroughly prepared for the exam. I took both practice exams as well as a way to prepare.

the_Grinch

Excellent! Thanks for the info guys I will do the practice test and then go about making my own index.

bsjj27

I'm in the process of taking SEC511 on demand, almost through the course. I've never taken a SANS test before. When I create my index do I include content from the lab book also? For instance would I need to know things such as grep switches for the test. Thanks for any assistance

TechGromit

bsjj27 wrote: »

When I create my index do I include content from the lab book also?

My instructor told me that anything except the labs are testable, but I do look over the labs and if there is any material of interest, I add that to my index as well.

cyberguypr wrote: »

I'm not a fan of pre-made indexes. I make my own which gives me the opportunity to go through the books one more time and identify areas that need attention. This method has worked well for all my GIAC certs.

I wouldn't trust a pre-made index either. I look at as using someone else's index, you better off creating your own. My co-worker let me look at his older set of there SANS 401 books, and they had a glossary and definitions in the back of one of the books, I referred to them for my first practice test and they were completely useless.

GT82

I just sat and passed this exam. I created my own index and I sat the practice tests they supplied. This worked well for me. I agree the index that I had in the workbooks didn't really line up well and having my own index allowed me to find things quickly.

kiki162

If anyone has a GMON practice exam available that they would be willing to transfer before the end of this week, send me a PM please and I'll send you the appropriate info. Thanks!

the_Grinch

Exam is scheduled for July 11th! Going to be nice to juggle to graduate school courses and study for this as well. Taking my first practice exam (with no notes) on Saturday and will go from there.

zxbane

Good luck Grinch! What is your goal with getting a MS in legal? Getting into cyber law or something similar?

the_Grinch

I work in a regulatory and investigatory capacity for a law enforcement agency so I wanted to get some legal training to be better at my job. Somedays I will be working solely on regulatory violations, other days it might be some form of criminal fraud and on other days it could be a cyber investigation. Also I deal in the security assessments and incident response of those who fall under our jurisdiction. All of that requires knowledge of the legal system, laws and being able to write up investigations in a proper way. With all that said, I've done pretty well and might be looking at law school which this will help with as well as I am getting the same courses in two years as a law student would get in their first year of law school. The class I am currently in (Cybercrime) is an actual law school course that they allowed students in my program take. So out of 9 students in the class, 8 are JD students and the professor is a Drexel Law School professor.

Jinverar

I am writing the GMON on July 11th also......

good luck to you

chanakyajupudi

I need to write mine around that time too. Best of luck to us!

the_Grinch

Yes good luck to everyone!

Jinverar

I'm not sure if it helps but I found this guide on indexing for SANS exams. this guide was posted to the GCIH linkedin alumni group.

How to Guide for making a SANS / GIAC Index with Pictures | Digital Forensics Tips

the_Grinch

I took my first practice exam today without using any of the books and scored a 76%! Wish it was higher, but still pretty good considering I took the course months ago and haven't cracked a book since May!

iBrokeIT

That's a nice score for that long of gap!

I recommend installing ScreenHunter, taking a screenshot of the question and then answer for review later that way you can focus on taking the test. After you are done, you can go through the questions again and update your index with any areas that are lacking.

chanakyajupudi

I pushed mine out to the end of July. Ended up being put on a Redhat Openshift course for Partners. Just put over 100 hours worth of training outside of office hours as a prerequisite!

the_Grinch

Sucks that you had to push it! I only have until Wednesday to take it so have to jump on it stat.

TechGromit

You can always pay to extend the exam date. I took my GCIH the same time you took your course Grinch and I hit the books pretty much as soon as I got back to work. I took my exam with a month to spare, like to get things out of the way early, then wait and get caught unprepared.

the_Grinch

Yeah I wish I hadn't waited, but my grad school break was shorter then I thought. But the thought of spending an additional $350 just doesn't sit right. Pretty sure I'll be ready since my boss took it last week and did well. We took the course together, have similar experience, and do the same job (though I do it more on a daily basis).

resin17

Hello everyone,
I am wondering if you can help. I am looking to do GMON cert/exam on a self-prep basis. Is there such an option? I have spent a bit of time trying tyo find an answer to my question, but all I found was the On Demand option. I am not sure it can be used given I am not taking any class. I do not have a sponsor to pay SANS/GIAC $5k tuition fee, hence the self-study is the only option I consider...
Thank you for your help.

the_Grinch

It definitely would be really tough to take the exam without the course. The following should help, but I'd seriously think about whether you're willing to risk $1200 on an exam.

https://www.amazon.com/Practice-Network-Security-Monitoring-Understanding/dp/1593275099/ref=sr_1_1?ie=UTF8&qid=1468950027&sr=8-1&keywords=security+onion

https://www.amazon.com/Applied-Network-Security-Monitoring-Collection/dp/0124172083/ref=sr_1_2?ie=UTF8&qid=1468950027&sr=8-2&keywords=security+onion

https://www.amazon.com/Malware-Forensics-Field-Windows-Systems/dp/1597494720/ref=sr_1_10?ie=UTF8&qid=1468950196&sr=8-10&keywords=windows+security+monitoring

kiki162

@resin17 If you have a week to spare, you can always take the Work Study option from SANS.

https://www.sans.org/work-study

Prices for SANS courses will go up in December, so work study will be your best bet. The GMON exam is something you should NOT attempt to do on your own without have extensive experience. You can probably go for GSEC as a self-study option instead.

resin17

Thank you very much, guys. Your answers have helped a lot.

gkhan

Hi all
It’s my first SANS course - On Demand. I have completed the course including all labs and now I am preparing for Exam and doing revision of the course martial and working on Index.
I looking an advice form exam point of view, is it important to revise the labs and do I need to Index the work book.
Thanks in advance