nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Study GCIH

zhaddad92

Hi All,

I have took the GCIH (504) training 3 years ago,unfortunately didn't take the exam

,is it possible to study the old course material (2013) and pass the exam now ?

Appreciate your help and advise.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

clintonia

I'm sure they change/renew the information at least yearly (or so I've heard) so there should be some changes to the study material, but I would imagine that about 60-70% of the old study material is still good.

What I would suggest is that you buy a practice test for $130 and use your study material to see if you can pass the practice test with your material. If you get a 70% or above, your study material should be good enough and you can manually print out all the new information that isn't in your book.

TechGromit

clintonia wrote: »

I'm sure they change/renew the information at least yearly (or so I've heard) so there should be some changes to the study material, but I would imagine that about 60-70% of the old study material is still good.

Sounds to me the the perfect recipe for failure. Assuming you know the material you have in your existing books forward, backwards and sideways and got a perfect 100% on that content, and only 60% of the material is the same, the highest possible score you could get would be 60%, that leaves you guessing for the other 40% of the material you do not have, Assuming an average of 4 answers per question, and a correct guess rate of 25%, that gives you a total score of 70%, which is a failing.

clintonia wrote: »

... you can manually print out all the new information that isn't in your book.

er, print out from where? Where is he suppose to obtain the new material that is not in his outdated books?

It's it possible to pass a certification exam with three years outdated material? Yes, but it's going to be much more difficult than if you would have just taken the exam within 6 months of taking your course. My suggestion is to ask for someone's index that recently took the exam and try to study things in the index that are not in your books from other sources (your going to have to pick up some Incident response books from Amazon, try "Blue Team Handbook: Incident Response Edition" Try to get more recently published books, don't waste your money on any GCIH books, they will suffer the same problems as your existing books, hopelessly outdated. ) . To study the material that is in your SANS books and know it forward, backwards, sideways and upside down and make a good index of your SANS books (don't try to use the index you are given, they will not remotely match up), than there's a fair chance you can pass the exam. I give you 50/50 odds at best.

E Double U

zhaddad92 wrote: »

is it possible to study the old course material (2013) and pass the exam now?

Not sure, but would love to see you give it a try and report back to us.

What type of work have you been doing the past 3 years? I assume the course material would be identical in some ways (incident handling, attack steps), but maybe a few different tools. These are the labs that I had when I took the course in May 2015:

John The Ripper
Nessus
InSSIDER
Metasploit
Netcat
Nmap
Redline
Rpcclient
Volatility
SQL injection
Shell history
Cross site scripting
Alternate data streams

JustFred

Where did you take the course D?

LionelTeo

Yes its possible to pass, FYI about 10% new materials is added every 4 years.

TechGromit

LionelTeo wrote: »

Yes its possible to pass, FYI about 10% new materials is added every 4 years.

Seems low, what is your source to draw this conclusion.

LionelTeo

Cause I had new books when I renew certifications; and had chat with colleagues who were sent for courses. I had passed several GIAC without official course books, I dont see why a slightly outdated coursebook would not be viable to use.

clintonia

TechGromit wrote: »

Sounds to me the the perfect recipe for failure. Assuming you know the material you have in your existing books forward, backwards and sideways and got a perfect 100% on that content, and only 60% of the material is the same, the highest possible score you could get would be 60%, that leaves you guessing for the other 40% of the material you do not have, Assuming an average of 4 answers per question, and a correct guess rate of 25%, that gives you a total score of 70%, which is a failing.

Your scenario implies that OP's study material is the ONLY tool they use to attempt the test, which I never suggested.

TechGromit wrote: »

er, print out from where? Where is he suppose to obtain the new material that is not in his outdated books?

OP can Google missing information and print it out...You're allowed to print anything you want and bring it into the exam with you. Or OP can buy IR/IH books to supplement the official material they have. Not to mention, if you look at the training schedule for each day, you can get a good idea of what tools SANS covers and what you need to learn. There will be some specifics missing, but that's what practice questions will help with.

People challenge this cert a lot and from eyeballing this forum, I'd even venture to guess it's SANS most challenged cert. I could be wrong on that, but either way, OP would probably be about 60% of the way to passing with the official (albeit dated) material, which would put them in a better position that people who challenge the cert and pass without any official material.

TechGromit

clintonia wrote: »

OP can Google missing information and print it out...You're allowed to print anything you want and bring it into the exam with you.

True, but my point was how would he know what new material (and what he had to study) was added to the books without access to updated books? If LionelTeo assessment is correct and there's only a 10% delta between three year old material and current exam content, it's less of a concern. I had a co-worker that took the GCIH three years ago and was able to look at his books before I took my course. I felt the material was closer to 20% different, but I didn't do a page by page comparison.

clintonia

TechGromit wrote: »

True, but my point was how would he know what new material (and what he had to study) was added to the books without access to updated books?

By taking a practice test (that I mentioned earlier) and marking down what topics/tools appeared on the practice exam but aren't in outdated material. From there, you'll know where your knowledge gaps are and print out reference material for the topics/tools that you don't know. That, in combination with reviewing the day by day breakdown of the training should give insight on what is missing from the dated books.

TechGromit

clintonia wrote: »

By taking a practice test (that I mentioned earlier) and marking down what topics/tools appeared on the practice exam but aren't in outdated material.

That would suggest that the practice tests cover all areas of the material that you will be tested on. While I completely agree that some questions on the practice exams ARE on the Exam, the practice exams are not a complete study maternal review of what is in the books and what you will be tested on, on the exam.

JoJoCal19

You can look at the day by day breakdown of the course material (go into the course from a specific event page and not the SANS.org courselist page) and compare the list of topics as well as labs. I just did this for the SEC401 and SEC503 courses I took and it should match up pretty well. Additionally and probably most importantly, go to the GIAC.org page and look at the exam test subjects and make sure they are covered in that course content page somewhere. If not, you'll know a topic you need to pursue outside sources for.

clintonia

TechGromit wrote: »

That would suggest that the practice tests cover all areas of the material that you will be tested on.

I never suggested that at all. I said that the practice tests should give OP an idea of what gaps they are missing in their dated material. The old books + looking at the training schedule + practice tests should give OP a good idea of whether he will pass the real exam or not.

LionelTeo

I had taken the "practice test + google print out" approach in all my challenge, and that approach can help to bump up 10% to 20% of the overall scoring. My first GSLC practice with only the CISSP book lands me at 70% and with the printout I had close to 85 in the actual exam.