Prepping to take the GWEB class/exam - Studying tips
Good afternoon everyone,
I'm hoping that people here can help me find where I'm lacking on my certification exam prep. Over the past few years I've been privileged to take the GCIA, GWAPT and GCIH exams, but with no certifications to show for them. I will admit that the GCIA and GWAPT exams were 'hurried' upon me. There was a mixup with my training department in regards to these cert exams. They reported back to me that the cert exam was not included in the price we paid, yet through some miracle, with about a month of access to the classes, I could take the exam. So I never really approached both classes with the interest I probably should have.
The GCIH was different. I knew ahead of time that the bundle that was purchased for me did include one exam with it. So as the class went on I made notes in my margins in the books, highlighted course material and started prepping my index shortly after the class ended. I downloaded and listened to the MP3s to augment my studying at night. Took my first practice exam and scored an 76%. Felt confident but saw lots of room for improvement. Improved my index and took the second exam. I scored an 85%. So I felt good going into my exam. But when I got there it felt like I was taking a whole new exam. I that 20% to 30% of the practice exam questions were on the test, but this exam didn't feel like I saw any familiar questions at all. Because of that I ran out of time for the exam and scored a 68% and I had to hurry the last (what I thought) ten questions only to be met with forgetting I marked two to get back to later. I was devastated. My index was right around 30 pages tabbed and bound at Staples. I'm just wondering what else I need to do.
My supervisor and I are scheduled to take the GWEB OnDemand class soon and want to be prepared for it. My background is mostly in web app pen testing but I don't feel I have a firm enough grasp to really call myself a web app pen tester. I mean, I run a tool, have it look for vulnerabilities, look through for any false positives I can readily test for (Mostly XSS - Clickjacking, but that's pretty simple IMO). Is there anything you can recommend to a relative FNG to the security realm that will help me pass at least this certification?
I'm hoping that people here can help me find where I'm lacking on my certification exam prep. Over the past few years I've been privileged to take the GCIA, GWAPT and GCIH exams, but with no certifications to show for them. I will admit that the GCIA and GWAPT exams were 'hurried' upon me. There was a mixup with my training department in regards to these cert exams. They reported back to me that the cert exam was not included in the price we paid, yet through some miracle, with about a month of access to the classes, I could take the exam. So I never really approached both classes with the interest I probably should have.
The GCIH was different. I knew ahead of time that the bundle that was purchased for me did include one exam with it. So as the class went on I made notes in my margins in the books, highlighted course material and started prepping my index shortly after the class ended. I downloaded and listened to the MP3s to augment my studying at night. Took my first practice exam and scored an 76%. Felt confident but saw lots of room for improvement. Improved my index and took the second exam. I scored an 85%. So I felt good going into my exam. But when I got there it felt like I was taking a whole new exam. I that 20% to 30% of the practice exam questions were on the test, but this exam didn't feel like I saw any familiar questions at all. Because of that I ran out of time for the exam and scored a 68% and I had to hurry the last (what I thought) ten questions only to be met with forgetting I marked two to get back to later. I was devastated. My index was right around 30 pages tabbed and bound at Staples. I'm just wondering what else I need to do.
My supervisor and I are scheduled to take the GWEB OnDemand class soon and want to be prepared for it. My background is mostly in web app pen testing but I don't feel I have a firm enough grasp to really call myself a web app pen tester. I mean, I run a tool, have it look for vulnerabilities, look through for any false positives I can readily test for (Mostly XSS - Clickjacking, but that's pretty simple IMO). Is there anything you can recommend to a relative FNG to the security realm that will help me pass at least this certification?
Comments
-
kiki162 Member Posts: 635 ■■■■■□□□□□So I can provide some insight on that, as I have failed a GIAC exam myself. One of the biggest things that I can recommend is when you do any exam, remember what you see on there, and write it down after you walk out of the testing center, as it could likely come up again.
I took the GSEC fresh off of the CISSP, and a lot of the material was familiar to me. I took a good 6 months from the time I opened the books till the time I finished the exam and passed it. When I took the next GIAC exam, I wasn't completely familiar with all of the material, and a lot of the stuff taught in class was new to me. And like you, time came up on me REALLY fast, and I started clicking at the end, and came up short just like you. Now I have a SA background/compliance, and personally I think the GCWN or GCCC might be good for the future.
Your index sounds like it's a bit short, but I could be wrong. Really take a look at external links (if you have them), illustrations, pics, diagrams, etc. Once you get a flow going for how taking a GIAC exam works for you, you'll be better at it the next time around.