Study GCIH
Hi All,
I have took the GCIH (504) training 3 years ago,unfortunately didn't take the exam
,is it possible to study the old course material (2013) and pass the exam now ?
Appreciate your help and advise.
I have took the GCIH (504) training 3 years ago,unfortunately didn't take the exam
,is it possible to study the old course material (2013) and pass the exam now ?Appreciate your help and advise.
Comments
What I would suggest is that you buy a practice test for $130 and use your study material to see if you can pass the practice test with your material. If you get a 70% or above, your study material should be good enough and you can manually print out all the new information that isn't in your book.
Sounds to me the the perfect recipe for failure. Assuming you know the material you have in your existing books forward, backwards and sideways and got a perfect 100% on that content, and only 60% of the material is the same, the highest possible score you could get would be 60%, that leaves you guessing for the other 40% of the material you do not have, Assuming an average of 4 answers per question, and a correct guess rate of 25%, that gives you a total score of 70%, which is a failing.
er, print out from where? Where is he suppose to obtain the new material that is not in his outdated books?
It's it possible to pass a certification exam with three years outdated material? Yes, but it's going to be much more difficult than if you would have just taken the exam within 6 months of taking your course. My suggestion is to ask for someone's index that recently took the exam and try to study things in the index that are not in your books from other sources (your going to have to pick up some Incident response books from Amazon, try "Blue Team Handbook: Incident Response Edition" Try to get more recently published books, don't waste your money on any GCIH books, they will suffer the same problems as your existing books, hopelessly outdated. ) . To study the material that is in your SANS books and know it forward, backwards, sideways and upside down and make a good index of your SANS books (don't try to use the index you are given, they will not remotely match up), than there's a fair chance you can pass the exam. I give you 50/50 odds at best.
Not sure, but would love to see you give it a try and report back to us.
What type of work have you been doing the past 3 years? I assume the course material would be identical in some ways (incident handling, attack steps), but maybe a few different tools. These are the labs that I had when I took the course in May 2015:
John The Ripper
Nessus
InSSIDER
Metasploit
Netcat
Nmap
Redline
Rpcclient
Volatility
SQL injection
Shell history
Cross site scripting
Alternate data streams
Seems low, what is your source to draw this conclusion.
Your scenario implies that OP's study material is the ONLY tool they use to attempt the test, which I never suggested.
OP can Google missing information and print it out...You're allowed to print anything you want and bring it into the exam with you. Or OP can buy IR/IH books to supplement the official material they have. Not to mention, if you look at the training schedule for each day, you can get a good idea of what tools SANS covers and what you need to learn. There will be some specifics missing, but that's what practice questions will help with.
People challenge this cert a lot and from eyeballing this forum, I'd even venture to guess it's SANS most challenged cert. I could be wrong on that, but either way, OP would probably be about 60% of the way to passing with the official (albeit dated) material, which would put them in a better position that people who challenge the cert and pass without any official material.
True, but my point was how would he know what new material (and what he had to study) was added to the books without access to updated books? If LionelTeo assessment is correct and there's only a 10% delta between three year old material and current exam content, it's less of a concern. I had a co-worker that took the GCIH three years ago and was able to look at his books before I took my course. I felt the material was closer to 20% different, but I didn't do a page by page comparison.
By taking a practice test (that I mentioned earlier) and marking down what topics/tools appeared on the practice exam but aren't in outdated material. From there, you'll know where your knowledge gaps are and print out reference material for the topics/tools that you don't know. That, in combination with reviewing the day by day breakdown of the training should give insight on what is missing from the dated books.
That would suggest that the practice tests cover all areas of the material that you will be tested on. While I completely agree that some questions on the practice exams ARE on the Exam, the practice exams are not a complete study maternal review of what is in the books and what you will be tested on, on the exam.
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
I never suggested that at all. I said that the practice tests should give OP an idea of what gaps they are missing in their dated material. The old books + looking at the training schedule + practice tests should give OP a good idea of whether he will pass the real exam or not.