GMON passed

docricedocrice Posts: 1,706Member
Passed today with a 92. The GMON is my tenth GIAC cert. Took about 1.5 hours and sort of jetted through the questions in the name of getting through as quickly as I could. Likely could've scored higher but had to balance out the need to get back to work and get stuff done. The practice exam was very similar to the real one. Referenced the book a few times during the exam, the index helped a couple of times. At each checkpoint, I floated between 87 - 94%.

There were a few fruitcake questions but the majority I felt were pretty good and simulated real-world scenarios. However, you have to bear in mind the context of how the questions are framed. There's the exam-correct answer considering what the class material is trying to convey, but in the real world you can easily have been in situations where it isn't necessarily the case. I found myself weighing between these two ends. I imagine the CISSP exam being like this. Some of the questions also felt a bit vague and prone to misinterpretation. GIAC is usually good about this, or maybe I just didn't know the material well enough in specific areas.

I took the class back in May in San Diego. Finally got around to my final exam prep in the last couple of weeks. The class provides you an index, and normally I make my own but this time I made a very abbreviated one since a good bulk of the course was common sense for me. For the last few GIAC exams, I've relied extremely little on an index and went for the books directly.

SANS SEC511 was a fun course, but as someone who's been doing this sort of work for some time now the majority of the material was semi-review for me. So in my case, this exam was a bit easier than others I've taken. Your mileage may vary depending on your past professional work experience.

Have a spare GMON practice exam to anyone that wants it. Inbox me with your SANS portal account ID.
Hopefully-useful stuff I've written:


  • IristheangelIristheangel ABL - Always Be Labbin' Pasadena, CAPosts: 4,098Mod Mod
    Congrats :)
    BS, MS, and CCIE #50931
    Bonus TE Fun: Nerd Photos
  • zxbanezxbane Posts: 739Member
  • cyberguyprcyberguypr Senior Member Posts: 6,636Mod Mod
    Congrats on the pass! Happy to see you get a GIAC cert since you don't have any icon_smile.gif LOL.
  • NetworkNewbNetworkNewb They are watching you Posts: 3,132Member ■■■■■■■■□□
  • chanakyajupudichanakyajupudi Posts: 712Member
    Congrats! Fingers crossed for my exam. Have it in 3 weeks.
    Work In Progress - RHCA [ ] Certified Cloud Security Professional [ ] GMON/GWAPT if Work Study is accepted [ ]

  • the_Grinchthe_Grinch Posts: 4,123Member ■■■■■■■■■■
    Congrats!! Have to agree with everything you said!
  • cgrimaldocgrimaldo Posts: 439Member ■■■■□□□□□□
  • DAVIS NGUYENDAVIS NGUYEN Posts: 1,472Member ■■■□□□□□□□
  • docricedocrice Posts: 1,706Member
    They're pretty quick about shipping these things.

    I don't opt for the wooden plaque anymore since I just chuck these into a file folder. The GIAC site updates your profile right after you finish the exam.
    Hopefully-useful stuff I've written:
  • JoJoCal19JoJoCal19 California Kid Posts: 2,735Mod Mod
    Congrats on the pass! That's got to be a pain to keep up with recertifying 10 GIAC certs. You going to do the GSE (one cert to rule them all)?
    Currently Working On: eJPT, Learning: Linux/CLI, Git, Python, Pentesting
    Next Up:​ eJPT, eCPPTv2, OSCP
    Studying:​ Code Academy (CLI, Git, Python), eLearnSecurity PTSv3
  • cgrimaldocgrimaldo Posts: 439Member ■■■■□□□□□□
    docrice wrote: »
    They're pretty quick about shipping these things.

    I don't opt for the wooden plaque anymore since I just chuck these into a file folder. The GIAC site updates your profile right after you finish the exam.

    very nice!
  • docricedocrice Posts: 1,706Member
    JoJoCal19 wrote: »
    That's got to be a pain to keep up with recertifying 10 GIAC certs. You going to do the GSE (one cert to rule them all)?

    Recertifying existing certs hasn't been that tough, actually. As long as I take a class each year and do the exam it seems to cover it. They're starting to add up though. The GSE is too much of a mental commitment right now. Even going through a class and exam is inconvenient since it takes a lot of time away from work.
    Hopefully-useful stuff I've written:
  • oprimeoprime Posts: 2Registered Users ■□□□□□□□□□
    Congrats. I am taking my exam in a little over a month. Do you still have an extra practice test?
  • cavijayancavijayan Posts: 14Member ■□□□□□□□□□
    Congrats ! You seems to have alot of GIAC Certs. Maybe should go for GSE ?
  • docricedocrice Posts: 1,706Member
    oprime wrote: »
    Do you still have an extra practice test?

    Sorry, it was given away within moments of me posting about it.
    cavijayan wrote: »
    Maybe should go for GSE ?

    As mentioned a couple of posts ago, I don't have the bandwidth.
    Hopefully-useful stuff I've written:
  • rgstrdnnyrgstrdnny Posts: 4Registered Users ■□□□□□□□□□
    Happy to say I passed it today too!!! Yey to us!
  • g33k3rg33k3r Posts: 249Member
    Congrats! Out of curiosity, being this is a relatively new cert, have people seen employers requesting this in job posts more often?
  • the_Grinchthe_Grinch Posts: 4,123Member ■■■■■■■■■■
    Congrats! I have seen increases in job postings for GMON, but have yet to be asked about it.
  • cyberguyprcyberguypr Senior Member Posts: 6,636Mod Mod
    I've seen it slowly made its way into postings here in Chicago.
  • docricedocrice Posts: 1,706Member
    I'm surprised employers are listing the GMON in their job postings as it's a rather new certification. That said, a hopeful sign of things to come. Seems many organizations equate information security as "buying/deploying new cyber gear" rather than in-depth investigative work, so if employers are getting more serious about acquiring talent to do real work then kudos to them.
    Hopefully-useful stuff I've written:
  • vvimal9vvimal9 Posts: 1Registered Users ■□□□□□□□□□
    Have today cleared GMON with 79%. What a great relief!!!

    The context for the exam questions and practice test are entirely different. While the practice test is focused towards Course Materials, the real exam is on real world scenario.

    My 2c for clearing

    Prepare well using the course materials
    Do a little more deep dive into relevant topics since the course materials wont bother too much or assume you ought to be knowing those.
    Index ..Index..Index of what is referenced where so it will be easier while taking exams for referencing.
    Read the question very carefully to check if its the detective/preventive thats being asked.
  • NetworkNewbNetworkNewb They are watching you Posts: 3,132Member ■■■■■■■■□□
    Grats vvimal9. Looks like an interesting course.
  • TechGromitTechGromit Completely Clueless Ontario, NY Posts: 1,843Member ■■■■■■■□□□
    I was wondering how closely the SANS GMON compares to the BlackHat Network Forensics: Continuous Monitoring and Instrumentation course. The authors of the Network Forensics: Continuous Monitoring originally developed the course for SANS, but they were not happy with the money SANS offered for the course, Black Hat offered a better deal. SANS went on to develop there own course. the book is available from Amazon, it's a far cheaper alternative to paying for a SANS course. I took the course from blackhat, and while good, a 5 day course doesn't begin to touch on all the 576 pages of material in the hardcover text book. When I have time to study the book, I'll order a SANS practice test and see how I do.
    Still searching for the corner in a round room.
  • supasecuritybrosupasecuritybro Posts: 205Member ■■■■□□□□□□
    Just found out I am going to Baltimore for this course in April. I am so excited to take it. Its my first SANS course/exam. I am a Security Engineer with a taste for PenTesting. I have also really been involved in SIEM integration and development. I believe this course is a great compliment for my path at this time. I am looking forward to the challenge. Any advice is openly welcomed.
    Completed: CISSP, GPEN, GWAPT, eJPT, CySA+, M.S. Information Security
    Current Goal: GREM
    Continuous Education Plan:​ eCTHP (paused), eCPPT (paused), CISM, OSCP, AWS
    Book/CBT/Study Material:​ FOR610 & Practical Malware Analysis
  • gkhangkhan Posts: 2Registered Users ■□□□□□□□□□
    Hi all
    It’s my first SANS course - On Demand. I have completed the course including all labs and now I am preparing for Exam and doing revision of the course martial and working on Index.
    I looking an advice form exam point of view, is it important to revise the labs and do I need to Index the work book.
    Thanks in advance
Sign In or Register to comment.