Passed GCIA

What a tough exam. Either I am starting to feel some burnout from the continuous studying or GCIA is just a beast. Scored 72% with less than two minutes remaining on the clock and didn't take a break.. I am not good with time management on these open book exams. I want to make sure I look up every answer even when I am sure I know it.

My approach to this was different than GCIH. I took SEC504 live and started my index after going through all of the material. For SEC503 I did on-demand and built my index as I followed the course. There is a quiz at the end of each section so I made sure to have my index completed for that book before taking the quiz. I didn't have enough time to complete the first practice exam so I just rushed through it and took snapshots of the questions I didn't understand for review later. After that I went through all of the material again then took the second practice exam (scored 74% and used all four hours). My index went through several revisions. I had to go over some of the material multiple times including this morning before the test. Building the tcpdump filters, understanding everything in the headers, and the more fragments section took a while to catch on.

Feeling pretty good about the results considering the bulk of my studying was done later in the evening after the kids were in bed and during my train rides to/from work (50 minutes each way).

CISM is my other certification goal this year plus I really need to work on my Dutch. No rest for the weary

Find more posts tagged with

Comments

JoJoCal19

Congrats on the pass!! GCIA is definitely a beast. I passed with a 72 or 73 myself. My study for the GCIA was similar to yours.

NetworkNewb

Nice work, congrats!

Mike7

Well done. Congrats!

E Double U

After taking GIAC exams with and and without the progress meter, I would prefer to have it. It would put my mind at ease towards the end of the exam if I see that I am in the passing range before I hit that submit button.

rscrt

Congrats! It is a cert with very useful knowledge.

E Double U

rscrt wrote: »

Congrats! It is a cert with very useful knowledge.

Definitely! Came in handy when I had some work to do in our NIDS.

FillAwful

Congrats on your pass! GCIA is a beast of a test but now you can read The Matrix...blonde...red-head...brunette...

E Double U

FillAwful wrote: »

now you can read The Matrix...blonde...red-head...brunette...

SANS should add that to the syllabus

IaHawk

Congrats!

mjs1104

Congrats! I just recently passed the GCIA with nearly an identical score. I have taken and passed the GSEC, GCFA, and GCIH, and found that the GCIA was the most difficult GIAC test I have taken by far. I also, like you, used almost all of my available time. I procrastinated studying for the exam. I took the course ONDEMAND and of course saved it to the last possible minute.

When I hit the final submit button I was a bit nervous but relieved that I passed. My advice to anyone studying for this would be to take this exam seriously and start studying early. Ideally, have your first practice test done with plenty of time to shore up any weak areas. I also feel like a thorough index saved my bacon on this one. I don't have a lot of hands on experience with tools like Snort and Bro and really didn't spend nearly enough time getting comfortable with them.

I'm on to the GREM now, and learned my lesson with the GCIA. I already started indexing the first book and just finished reading Pracitical Malware Analysis. I'd much rather pass with a comfortable percentage then to squeak by and give myself a panic attack.

E Double U

@ mjs1104 - Congratulations to you as well! I began studying in mid-January and kept studying up until the moment I entered the testing center lol. My index was much larger for this than GCIH. Going into the course I only had hands on with Snort (via Cisco Sourcefire) and Wireshark.

UnixGuy

congrats!!!! GCIA is awesome, and i've been slacking to no end on this one! no more!!

I wish there was a practical way to practice the stuff in the GICA material in the real world! I deal with IPS everyday, but without access to Snort...just through a GUI

I'm going to take this exam some time this year

gespenstern

Just wondering where they are at on network security monitoring. Do they say that it is becoming less and less relevant as advanced malware more and more often encrypts its traffic and more often mimics legit protocols to get lost in noise, such as twitter traffic, etc?

E Double U

@ UnixGuy - You don't need to be a Snort expert to pass the exam. You sure better know how to read a packet though. Stop slacking!!!

@ gespenstern - The material doesn't say "less relevant", but does get into encryption and noise as issues. I'm actually interested in SEC511/GMON because I think it would take a deeper dive on the topic, but I could be wrong.

billyr2009

Congrats on your pass. I too will be taking this course on demand in the next few weeks. A little nervous but I plan to spend my summer with this class and hope to make it on the first try.

FillAwful

E Double U wrote: »

@ UnixGuy - You don't need to be a Snort expert to pass the exam. You sure better know how to read a packet though. Stop slacking!!!

@ gespenstern - The material doesn't say "less relevant", but does get into encryption and noise as issues. I'm actually interested in SEC511/GMON because I think it would take a deeper dive on the topic, but I could be wrong.

I'm looking at the GNFA as a more relevant approach to network forensics and monitoring especially when it comes to threat hunting and dealing with large amounts of data.

keane234

Congrats!

lostsol

FOR572 was a great class. Phil Hagen was a great instructor too. It definitely teaches you how to pare down the amount of data, and hone in on relevant clues and artifacts.

E Double U

billyr2009 wrote: »

A little nervous but I plan to spend my summer with this class and hope to make it on the first try.

I was very nervous while going through the course. It just felt like I wasn't getting it. Might be fatigue, but this was tough.