Passed SANS GCIA Exam - after failing both practive exams,
0xFEEDBEEF
Registered Users Posts: 1 ■□□□□□□□□□
in GIAC
Hello All, First time poster, long time lurker...
Some backstory:
I took the SANS GCIA live training in Las Vegas Sept 2016, Mike Poor did an amazing job at teaching me these skills, while providing great anecdotes, and analogies that allowed me to understand the core fundamentals as best I could.
I took my first practice test two weeks prior to my exam, I scored 60%. For some odd reason, I did not reference my index or notes, whatsoever. I also only used two of the allotted four hours. I thought this was a decent mark for not referencing any material, I continued my studies in the areas SANS gave me my failing summary.
Come four days before my exam, I take practice test two, this time I used my index, and 2.5 of the allotted four hours, I still failed with a 65%. Now I was scared. I had no idea how I did so bad, I didn't reference as many answers as I liked, and I finished way ahead of schedule... Keep in mind, they give you the four hours for a reason... Use it.
Again, I took the output of my failing summary and began to meticulously scrub through each section I got under three stars in, re-writing my index for those subjects, while also reading the notes in the books. I started to use some packet **** because I was doing real bad on mapping headers / finding ports / protocols and checksums...
After re-reading the books (actually reading and highlighting) in the sections I didn't do well on, running through packet ****, familiarizing myself with concepts I was not comfortable with, re-indexing certain areas where I struggled, and being able to explain key concepts to my peers, I believe I was ready.
Exam day.
For some reason the testing centers in my city we're unavailable to book the GCIA, so I had to take a four hour road trip, I had my partner drive me, on the way to the exam, I kept going over the concepts I was not familiar with (IPv6, Packet Crafting, DNS, Application Protocols).
Once I got to the testing center I had some issues with the proctor not allowing me to bring my books into the exam, good thing I printed off the SANS FAQ that states they're allowed. I was brought to my desk, and I began the exam... Without getting into too much detail, I ended up referencing most questions(unless I was 100% sure), and using most of my time (used 3.5/4 hrs). I passed the exam with a whopping 84%... 84%!!! - I had no idea I was going to get a mark like that after failing both practice exams... I believe that the shock of failing kicked in after failing both practice tests, and this booted my brain into some kind of overdrive...
To sum it up; as long as you understand the base concepts, and how the underlying technologies work, you should be able to pass this exam.Also the index and packet headers, these helped immensely.
Questions were not binary, most questions were situational...
Materials going into Exam:
1. I have my 40+ page index (sorted A-Z by excel) (Followed this guide)
Keyword
PAGE
BOOK
CONTEXT
SHORT AWNSER
Fragmentation (DF Bit)
110
1
basic info
if flag set, packet will not be fragmented
Snort (Process Flow)
23
4
process flow
Packets > Decoder > Pre-processors > Snort Rules > Alerts / Logs
TAP (HUB)
151
5
null
SHITTY, Low end, Half duplex, only understands layer 1 traffic
Silk (Flow)
32-33
5
null
Flow is unidirctional 5-tuple of:
- Source IP
- Dest IP
- Sport
- Dport
- Protoccol
Flow terminates when a FIN/RST found, inactivity of 63 seconds/ Activity for 30m
2. Had all my packet headers, and other docs
- IPv4
- IPv6
- ICMP & ICMPv6 (w/ Message Codes)
- UDP
- TCP
- Ethernet Header
- IPv6 Extension Headers
3. A few 'breakdown' images I made, that really clarified the fix position headers.
4. A 'Hex Math' sheet, so I could reference in case I forget something (although, extremely fundamental)
5. I practiced multiple packet hex ****, courtesy of malwarejake.blogspot.ca
You can do it! Believe in yourself, but make sure you know your stuff!
Let me know if you have any questions!
Some backstory:
I took the SANS GCIA live training in Las Vegas Sept 2016, Mike Poor did an amazing job at teaching me these skills, while providing great anecdotes, and analogies that allowed me to understand the core fundamentals as best I could.
I took my first practice test two weeks prior to my exam, I scored 60%. For some odd reason, I did not reference my index or notes, whatsoever. I also only used two of the allotted four hours. I thought this was a decent mark for not referencing any material, I continued my studies in the areas SANS gave me my failing summary.
Come four days before my exam, I take practice test two, this time I used my index, and 2.5 of the allotted four hours, I still failed with a 65%. Now I was scared. I had no idea how I did so bad, I didn't reference as many answers as I liked, and I finished way ahead of schedule... Keep in mind, they give you the four hours for a reason... Use it.
Again, I took the output of my failing summary and began to meticulously scrub through each section I got under three stars in, re-writing my index for those subjects, while also reading the notes in the books. I started to use some packet **** because I was doing real bad on mapping headers / finding ports / protocols and checksums...
After re-reading the books (actually reading and highlighting) in the sections I didn't do well on, running through packet ****, familiarizing myself with concepts I was not comfortable with, re-indexing certain areas where I struggled, and being able to explain key concepts to my peers, I believe I was ready.
Exam day.
For some reason the testing centers in my city we're unavailable to book the GCIA, so I had to take a four hour road trip, I had my partner drive me, on the way to the exam, I kept going over the concepts I was not familiar with (IPv6, Packet Crafting, DNS, Application Protocols).
Once I got to the testing center I had some issues with the proctor not allowing me to bring my books into the exam, good thing I printed off the SANS FAQ that states they're allowed. I was brought to my desk, and I began the exam... Without getting into too much detail, I ended up referencing most questions(unless I was 100% sure), and using most of my time (used 3.5/4 hrs). I passed the exam with a whopping 84%... 84%!!! - I had no idea I was going to get a mark like that after failing both practice exams... I believe that the shock of failing kicked in after failing both practice tests, and this booted my brain into some kind of overdrive...
To sum it up; as long as you understand the base concepts, and how the underlying technologies work, you should be able to pass this exam.Also the index and packet headers, these helped immensely.
Questions were not binary, most questions were situational...
Materials going into Exam:
1. I have my 40+ page index (sorted A-Z by excel) (Followed this guide)
Example: (not sure if this falls under bad rules)
Keyword
PAGE
BOOK
CONTEXT
SHORT AWNSER
Fragmentation (DF Bit)
110
1
basic info
if flag set, packet will not be fragmented
Snort (Process Flow)
23
4
process flow
Packets > Decoder > Pre-processors > Snort Rules > Alerts / Logs
TAP (HUB)
151
5
null
SHITTY, Low end, Half duplex, only understands layer 1 traffic
Silk (Flow)
32-33
5
null
Flow is unidirctional 5-tuple of:
- Source IP
- Dest IP
- Sport
- Dport
- Protoccol
Flow terminates when a FIN/RST found, inactivity of 63 seconds/ Activity for 30m
2. Had all my packet headers, and other docs
- IPv4
- IPv6
- ICMP & ICMPv6 (w/ Message Codes)
- UDP
- TCP
- Ethernet Header
- IPv6 Extension Headers
3. A few 'breakdown' images I made, that really clarified the fix position headers.
4. A 'Hex Math' sheet, so I could reference in case I forget something (although, extremely fundamental)
5. I practiced multiple packet hex ****, courtesy of malwarejake.blogspot.ca
You can do it! Believe in yourself, but make sure you know your stuff!
Let me know if you have any questions!
Comments
-
grouchy_Smurf Member Posts: 15 ■□□□□□□□□□Great write up! Thanks for the share and congrats on the pass!
-
Abdullah.AA Member Posts: 50 ■■□□□□□□□□Congratulations the GCIA is on my to do list for 2017, I hope I get accepted into SANS work study program, other wise i'm not sure how one could learn the material well enough to use the intrusion analysis skills this course covers.
-
quogue66 Member Posts: 193 ■■■■□□□□□□Congrats! You put in a lot of hard work and earned that cert. Well done.
-
FillAwful Member Posts: 119 ■■■□□□□□□□Congrats on your GCIA!
I agree that reading the coursebooks thoroughly to the point of understanding and being adept at analyzing packet **** is the key to success on this exam. -
yomista Member Posts: 23 ■■□□□□□□□□Congrats and your index is awesome!
I thought of taking GCIA after my GCED but damn it looks tough. -
joeimp Registered Users Posts: 4 ■□□□□□□□□□I had the same experience. After failing both practice exams, I passed the GCIA (barely). I have taken seven SANS courses and 503/GCIA was by far the hardest.
-
CIPHERSTONE Member Posts: 30 ■□□□□□□□□□Hey 0xFEEDBEEF - I was in your class with Mike Poor. I'm looking for a backup index to accompany mine. Shoot me an email if you could, I'd like to chat. stvlange (at) gmail (dot) com.
-
E Double U Member Posts: 2,233 ■■■■■■■■■■Congratulations! I'm studying for this now.Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
-
CIPHERSTONE Member Posts: 30 ■□□□□□□□□□E Double U - I posted my index on another thread, feel free to use as a supplimental if you like.