Study GCIH

zhaddad92zhaddad92 Registered Users Posts: 2 ■□□□□□□□□□
Hi All,

I have took the GCIH (504) training 3 years ago,unfortunately didn't take the examicon_cry.gif,is it possible to study the old course material (2013) and pass the exam now ?

Appreciate your help and advise.

Comments

  • clintoniaclintonia Member Posts: 41 ■■□□□□□□□□
    I'm sure they change/renew the information at least yearly (or so I've heard) so there should be some changes to the study material, but I would imagine that about 60-70% of the old study material is still good.

    What I would suggest is that you buy a practice test for $130 and use your study material to see if you can pass the practice test with your material. If you get a 70% or above, your study material should be good enough and you can manually print out all the new information that isn't in your book.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    clintonia wrote: »
    I'm sure they change/renew the information at least yearly (or so I've heard) so there should be some changes to the study material, but I would imagine that about 60-70% of the old study material is still good.

    Sounds to me the the perfect recipe for failure. Assuming you know the material you have in your existing books forward, backwards and sideways and got a perfect 100% on that content, and only 60% of the material is the same, the highest possible score you could get would be 60%, that leaves you guessing for the other 40% of the material you do not have, Assuming an average of 4 answers per question, and a correct guess rate of 25%, that gives you a total score of 70%, which is a failing.
    clintonia wrote: »
    ... you can manually print out all the new information that isn't in your book.

    er, print out from where? Where is he suppose to obtain the new material that is not in his outdated books?

    It's it possible to pass a certification exam with three years outdated material? Yes, but it's going to be much more difficult than if you would have just taken the exam within 6 months of taking your course. My suggestion is to ask for someone's index that recently took the exam and try to study things in the index that are not in your books from other sources (your going to have to pick up some Incident response books from Amazon, try "Blue Team Handbook: Incident Response Edition" Try to get more recently published books, don't waste your money on any GCIH books, they will suffer the same problems as your existing books, hopelessly outdated. ) . To study the material that is in your SANS books and know it forward, backwards, sideways and upside down and make a good index of your SANS books (don't try to use the index you are given, they will not remotely match up), than there's a fair chance you can pass the exam. I give you 50/50 odds at best.
    Still searching for the corner in a round room.
  • E Double UE Double U Member Posts: 2,238 ■■■■■■■■■■
    zhaddad92 wrote: »
    is it possible to study the old course material (2013) and pass the exam now?

    Not sure, but would love to see you give it a try and report back to us. :)

    What type of work have you been doing the past 3 years? I assume the course material would be identical in some ways (incident handling, attack steps), but maybe a few different tools. These are the labs that I had when I took the course in May 2015:

    John The Ripper
    Nessus
    InSSIDER
    Metasploit
    Netcat
    Nmap
    Redline
    Rpcclient
    Volatility
    SQL injection
    Shell history
    Cross site scripting
    Alternate data streams
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • JustFredJustFred Member Posts: 678 ■■■□□□□□□□
    Where did you take the course D?
    [h=2]"After a time, you may find that having is not so pleasing a thing, after all, as wanting. It is not logical, but it is often true." Spock[/h]
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    Yes its possible to pass, FYI about 10% new materials is added every 4 years.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    LionelTeo wrote: »
    Yes its possible to pass, FYI about 10% new materials is added every 4 years.

    Seems low, what is your source to draw this conclusion.
    Still searching for the corner in a round room.
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    Cause I had new books when I renew certifications; and had chat with colleagues who were sent for courses. I had passed several GIAC without official course books, I dont see why a slightly outdated coursebook would not be viable to use.
  • clintoniaclintonia Member Posts: 41 ■■□□□□□□□□
    TechGromit wrote: »
    Sounds to me the the perfect recipe for failure. Assuming you know the material you have in your existing books forward, backwards and sideways and got a perfect 100% on that content, and only 60% of the material is the same, the highest possible score you could get would be 60%, that leaves you guessing for the other 40% of the material you do not have, Assuming an average of 4 answers per question, and a correct guess rate of 25%, that gives you a total score of 70%, which is a failing.

    Your scenario implies that OP's study material is the ONLY tool they use to attempt the test, which I never suggested.

    TechGromit wrote: »
    er, print out from where? Where is he suppose to obtain the new material that is not in his outdated books?

    OP can Google missing information and print it out...You're allowed to print anything you want and bring it into the exam with you. Or OP can buy IR/IH books to supplement the official material they have. Not to mention, if you look at the training schedule for each day, you can get a good idea of what tools SANS covers and what you need to learn. There will be some specifics missing, but that's what practice questions will help with.

    People challenge this cert a lot and from eyeballing this forum, I'd even venture to guess it's SANS most challenged cert. I could be wrong on that, but either way, OP would probably be about 60% of the way to passing with the official (albeit dated) material, which would put them in a better position that people who challenge the cert and pass without any official material.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    clintonia wrote: »
    OP can Google missing information and print it out...You're allowed to print anything you want and bring it into the exam with you.

    True, but my point was how would he know what new material (and what he had to study) was added to the books without access to updated books? If LionelTeo assessment is correct and there's only a 10% delta between three year old material and current exam content, it's less of a concern. I had a co-worker that took the GCIH three years ago and was able to look at his books before I took my course. I felt the material was closer to 20% different, but I didn't do a page by page comparison.
    Still searching for the corner in a round room.
  • clintoniaclintonia Member Posts: 41 ■■□□□□□□□□
    TechGromit wrote: »
    True, but my point was how would he know what new material (and what he had to study) was added to the books without access to updated books?

    By taking a practice test (that I mentioned earlier) and marking down what topics/tools appeared on the practice exam but aren't in outdated material. From there, you'll know where your knowledge gaps are and print out reference material for the topics/tools that you don't know. That, in combination with reviewing the day by day breakdown of the training should give insight on what is missing from the dated books.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    clintonia wrote: »
    By taking a practice test (that I mentioned earlier) and marking down what topics/tools appeared on the practice exam but aren't in outdated material.

    That would suggest that the practice tests cover all areas of the material that you will be tested on. While I completely agree that some questions on the practice exams ARE on the Exam, the practice exams are not a complete study maternal review of what is in the books and what you will be tested on, on the exam.
    Still searching for the corner in a round room.
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    You can look at the day by day breakdown of the course material (go into the course from a specific event page and not the SANS.org courselist page) and compare the list of topics as well as labs. I just did this for the SEC401 and SEC503 courses I took and it should match up pretty well. Additionally and probably most importantly, go to the GIAC.org page and look at the exam test subjects and make sure they are covered in that course content page somewhere. If not, you'll know a topic you need to pursue outside sources for.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • clintoniaclintonia Member Posts: 41 ■■□□□□□□□□
    TechGromit wrote: »
    That would suggest that the practice tests cover all areas of the material that you will be tested on.

    I never suggested that at all. I said that the practice tests should give OP an idea of what gaps they are missing in their dated material. The old books + looking at the training schedule + practice tests should give OP a good idea of whether he will pass the real exam or not.
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    I had taken the "practice test + google print out" approach in all my challenge, and that approach can help to bump up 10% to 20% of the overall scoring. My first GSLC practice with only the CISSP book lands me at 70% and with the printout I had close to 85 in the actual exam.
Sign In or Register to comment.