Sans gcih

Hello,

So im planning to study for the GCIH test in the future from what I read its a Open book test and you are allowed to index the information that being said I find it hard to fail with a open book. so my question to you guys is how was your experince with this test and how hard or essy was it?

Also which book would you recomend?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

cyberguypr

Are you challenging the test instead of taking the training? The thing is that GIAC certs take content directly from the SANS courses. If you challenge it you will definitely be at a disadvantage. It's been done before, even by some people here so make sure you look for those threads. It is definitely an uphill battle if you ask me. For me to bet the $1,149 for challenging the test, I would have to be 90%+ sure that I can pass. Possible books that would help include Incident Response & Computer Forensics, Counter Hack Reloaded, Blue Team Handbook, and of course NIST SP 800-61.

Having said that, as a blue teamer, this cert and class have been my absolute favorite. Not sure if you know but SANS has a Work Study program where you get to take the class, get the OnDemand version, and one attempt at the cert for a few hundred dollars less than the standalone test (I think $1,100 is the latest). This is very YMMV as it depends on you getting accepted into the program, but many of us have been selected multiple times so it is doable.

Clm

I was thinking of self studying cause every class or bootcamp I've gone to have been a waste of time. I will look into this work study program. How do you feel about the on demand material

TechGromit

Well the nice thing about SANS exams is you pretty much know if your going to pass or fail based on your practice test scores. Got a 76% on my first Practice test and just took my 2nd practice test today and scored an 80%. I think I may have done slightly better if my co-workers were not talking so loud and laughing half the test. Scheduled my exam for June 16th, I should pass, just don't know by how much.

ramrunner800

The best part about SANS is the training itself. It's not like other bootcamps where you go cram in a bunch of information to pass a test. I know folks who go to the training itself, but don't take the test, and you're really cheating yourself if you don't go to the training itself. That said, the training is extremely expensive. If you decide to self-study, unfortunately there is no one book that you can go to for all the material. The exams are based on what is taught in the courses, and the courses are updated several times yearly. Each course has 4-5 books, and they probably total close to 1000 pages of material combined. To self study the only reliable route to follow will be to identify the exam objectives, and find your own material to master each of them. This will be somewhat challenging, as you will need to master the specific tools and techniques SANS specifies in their courses. This will be tremendously more difficult than if you took the course itself.

I know some folks who have taken the On Demand courses, and for some of the earlier courses in the curriculum they seem to be fine, but I have seen some struggle with some of the later courses, like FOR 508 and 610. I personally have a strong preference for the in person training.

TechGromit

ramrunner800 wrote: »

To self study the only reliable route to follow will be to identify the exam objectives, and find your own material to master each of them.

If you could get your hands on a good index from someone, it will useless without the books, but it tell you pretty much exactly what you need to study for.

ramrunner800

TechGromit wrote: »

If you could get your hands on a good index from someone, it will useless without the books, but it tell you pretty much exactly what you need to study for.

You know, that probably would be effective, though I don't know anyone who shares their indexes. What are the ethics surrounding index sharing? In my office everyone does 1-2 classes per year, and lots of study tips get shared, but straight up index sharing is considered out of bounds.

_nessie_

ramrunner800 wrote: »

You know, that probably would be effective, though I don't know anyone who shares their indexes. What are the ethics surrounding index sharing? In my office everyone does 1-2 classes per year, and lots of study tips get shared, but straight up index sharing is considered out of bounds.

Eh, sharing indexes wouldn't be an issue. After all, someone made the index and if that person is willing to share ...
Mind you though, using an index someone else made, may not be suitable for yourself as you might deploy another manner of logic, looking up things, requiring hints, explanation and so on .. in that same index.
You discover whether your index suits you during your practice exam. (at least I did, and even was able to tweak my index *after* the cert attempt

)
cheers

TechGromit

ramrunner800 wrote: »

You know, that probably would be effective, though I don't know anyone who shares their indexes. What are the ethics surrounding index sharing? In my office everyone does 1-2 classes per year, and lots of study tips get shared, but straight up index sharing is considered out of bounds.

I don't see why, I wouldn't share / loan any of my books, since SANS has strict policy against this, but the index is something you make, SANS even encourages you do make one. Using a good index as a study guide would tell you exactly what you need to know for the test. I would be more than happy to share mine with anyone who asks.

Now that I think about it, some of the conceptual topics are not part of my index, I understand them so there is no need for me to index them. You would be in trouble if you had to look them up during a test. So I'm modifying my position, using a good index as a study guide will give you a good 80% of the material you should know for the test.

LionelTeo

Counter Hack reloaded is a 2005 book but still can cover many of the stuff that don't change within this 10 years. I would just a latest version of hacking exposed, counter hack reloaded and blue team handbook. Take the 2 free practice test that comes with the buying the exam and google up any questions that you have unheard of. Print it out and you should be good.

BillHoo

I second that. Counterhack Reloaded.

Also go to SANS.org and download all the free command line cheatsheets for Linux, Metasploit, and Windows.

I also found these today that could have been used on the practice exam I took yesterday.

https://www.sans.org/security-resources/sec560/netcat_****_sheet_v1.pdf

https://scadahacker.com/library/Documents/****_Sheets/Hacking%20-%20CEH%20Cheat%20Sheet%20Exercises.pdf

http://www.secguru.com/files/**********/nessusNMAPcheatSheet.pdf

dig – Linux DNS Lookup utility **** sheet

This white paper posted in SANS is also a good (quick) read to get a condensed view of Incident Handling. The author printed a good Unix command line **** sheet at the end.

https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901

I'm going to tab them and bring with me to the exam.

BillHoo

I'm also printing out this Windows command line index/**** sheet because I cannot find the 'more' command in any of the SANS Windows Cheatsheets. "More" came up in my practice test. I'm not big on windows command-line stuff, and I'd never heard of it before now. Makes me wonder what else is not on the sheets that will pop up in the exam.

I don't want to manually index every command from the book into my index. So here's the link. I just copied and pasted the alphabetical index of windows commands and pasted it into word.

An A-Z Index of the Windows CMD command line | SS64.com

I'll be taking that into the exam with me along with a copy of Security+: Get Certified, Get Ahead, by Darril Gibson. Some overlap of Sec 504 concepts in there. And it's well indexed for quick reference.