GCIH - exam week!

IaHawkIaHawk Member Posts: 188 ■■■□□□□□□□
I take my GCIH exam this Friday, 5/19/17. Work has been crazy the month of May (including weekends) so it has thrown a huge wrench into my original study plan for the last month. I am taking my 1st practice test tonight (originally planned for 5/6), review missed questions and will revise my index. Depending on how that goes, I'll take my 2nd practice exam Wed/Thur night.

I've been through OnDemand videos and books once, mp3's twice. I'm really disappointed I didn't do as much lab time, but it is what it is.

Materials I'm using for Practice Exam/Real exam
  • Index - 10 pages
  • SANS **** Sheets (Intrusion Discovery - Linux, Intrusion Discovery - Windows, Windows Command line, Netcat)
  • PICERL/Enterprise-Wide Incident Response **** sheet (2 pages)
  • SEC504 books
  • Counter Hack Reloaded
  • Blue Team Handbook

I've been through a majority of the passed threads but if anyone has any last minute tips for preparation, I'll take it. :)

Thanks in advance for any advice!

Comments

  • IaHawkIaHawk Member Posts: 188 ■■■□□□□□□□
    Just finished my first practice exam, finished in 3.5 hrs with an 84%. Took screenshots of all the questions I missed and made notes of anything that was not in my index to add. The CHR book came in handy for about 5-10 questions I couldn't find in my index. Didn't use the Blue Team Handbook at all. Taking a break and I'll update my index tonight and focus on the sections I scored lower on.

    One thing I think they could do is give you the book/section the missed question was from, much like they do in the quizzes in OnDemand.
  • [Deleted User][Deleted User] Posts: 0 ■■□□□□□□□□
    Sounds like you are good to go for the real exam!! :) Good luck! Also, are you using the courseware from 2016 to prep for the exam? I am studying for my GCIH now also! Just reading the first of the manuals now! Please let us know your thoughts on the exam etc.
  • TheFORCETheFORCE Senior Member Member Posts: 2,298 ■■■■■■■■□□
    I haven't taken this but i read somewhere that said try to keep your index at 2-3 pages. A 12 page index might be too much, no?
  • IaHawkIaHawk Member Posts: 188 ■■■□□□□□□□
    Sounds like you are good to go for the real exam!! :) Good luck! Also, are you using the courseware from 2016 to prep for the exam? I am studying for my GCIH now also! Just reading the first of the manuals now! Please let us know your thoughts on the exam etc.

    I have material from 2017, I took the live version and then SANS gave me OnDemand access for free since John Strand was a last minute scratch as our instructor.
    TheFORCE wrote: »
    I haven't taken this but i read somewhere that said try to keep your index at 2-3 pages. A 12 page index might be too much, no?

    2-3 pages seems really short for any GIAC index. My GSEC index was 30+ pages so I was a little worried this one was only 10 pages. I feel pretty good after the first practice exam but I'll probably add another page or two based off my notes.
  • [Deleted User][Deleted User] Posts: 0 ■■□□□□□□□□
    My GPEN index was only 4 pages. I think it all depends on how well you structure it.
  • TechGromitTechGromit A+, N+, GSEC, GCIH, GREM, Ontario, NY Member Posts: 1,990 ■■■■■■■■□□
    IaHawk wrote: »
    Just finished my first practice exam, finished in 3.5 hrs with an 84%.

    84% should be plenty to pass the exam, I wouldn't worry about taking the 2nd practice test unless you trying to get 90% or better.
    IaHawk wrote: »
    2-3 pages seems really short for any GIAC index. My GSEC index was 30+ pages so I was a little worried this one was only 10 pages. I feel pretty good after the first practice exam but I'll probably add another page or two based off my notes.

    Three pages sounds short to me as well, but 84% is a respectable score, so I wouldn't worry about it only being 10 pages. My index for the GCIH was 35 pages, it was landscaped, printed double sided, so it was 16 or so pages. I also had a 12 page program index, that described what each program did. When I took my practice exams, there always seemed to be a few questions I didn't prepare for, so I may have gone overboard with my indexes, but I passed, so it worked for me. My take is I rather have it and not need it then not have it and be wanting it. I really only used my program index for a few questions, but if it help me study just a little bit more for the exam, it was time well spent. While I agree it's not a benefit to take to much material with you into the exam, having a little extra is only going to benefit you, not hurt you.
    IaHawk wrote: »
    I have material from 2017, I took the live version and then SANS gave me OnDemand access for free since John Strand was a last minute scratch as our instructor.

    When was this? He left his BlackHat training class after the first day as well, I wonder if he or family is having health issues.
    Still searching for the corner in a round room.
  • IaHawkIaHawk Member Posts: 188 ■■■□□□□□□□
    @TechGromit - Yeah, I only added a couple of lines to my index after the 1st practice exam. I went ahead and printed out the 2016 index that was in the 504extras tinyurl for the class. It appears to be a nice addition for any key term or tool I may have left out of my own index. I'll only use that if I can't find something in my index or the CHR book. I'm taking the 2nd practice test later today.

    My live training was in January. We found out the morning of our first day that John was not going to be our instructor. I was pretty bummed because that was 95% of the reason I picked that event, to have Strand as the instructor. He ended up tweeting later that week he cracked some ribs and also had a death in his family. So obviously understandable why he couldn't make it.
  • IaHawkIaHawk Member Posts: 188 ■■■□□□□□□□
    Just completed practice exam #2, 84%. If I get an 84% on the exam, I would say the practice exams are a good indicator of the real exam. :)

    A little review tonight and then take a break from studying on Thursday and exam on Friday!
  • IaHawkIaHawk Member Posts: 188 ■■■□□□□□□□
    I passed, 91%. Very happy with that score. I'll provide a write up when I get home tonight.

    Celebrating with a beer or two. icon_cheers.gif
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,882 Mod
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Grats on the pass!!
  • IaHawkIaHawk Member Posts: 188 ■■■□□□□□□□
    I took this class live in New Orleans with Mike Murr. He was a last minute substitute for John Strand but still a great instructor. Due to the last minute change of instructor, SANS offered me the OnDemand version at no cost. I made it through the videos once with John Strand and the audio twice during my commutes to work. If you have the option, I highly recommend taking the live version just for the interaction with the instructor and others in the class. I also loved the Night talks and 2 nights of NetWars.

    The material for the course is great, there is a lot of info and different tools to familiarize yourself with. The best thing about all of these is that a majority of them are free or have free versions so learning does not stop after the course is over. I have made a list of all the tools referenced and plan to familiarize myself with them even if I don't use them in my current role.

    Like any SANS cert, to prepare for the exam:
    1. Attend live or go through OnDemand course
    2. Read the books
    3. Listen to mp3s
    4. Go through books again and create index.
    5. Take 1st practice test, update index and review weak areas
    6. Take 2nd practice test, update index and review weak areas
    7. Take the test and kill it!

    Thanks again for all the feedback and for everyone who posted their experience with the GCIH.

    As far as whats next...I'm thinking FOR500, previously FOR408 or OSCP. For now, rest and relaxation!
  • keane234keane234 Member Posts: 11 ■□□□□□□□□□
  • grouchy_Smurfgrouchy_Smurf Member Posts: 15 ■□□□□□□□□□
    Congrats! Great score.
  • FillAwfulFillAwful Member Posts: 119 ■■■□□□□□□□
    Congrats! Awesome score!
  • keane234keane234 Member Posts: 11 ■□□□□□□□□□
  • IaHawkIaHawk Member Posts: 188 ■■■□□□□□□□
    Thanks, it was a great course. Thinking about taking a forensics course or OSCP next, but not until late fall or winter time. In the mean time I'm going to hit Python hard to add that to the arsenal.
  • corpseccorpsec Member Posts: 73 ■■□□□□□□□□
    Passed GCIH with 93% yesterday =D
  • InCryptableInCryptable Member Posts: 36 ■■□□□□□□□□
    IaHawk wrote: »
    @TechGromit - ...I went ahead and printed out the 2016 index that was in the 504extras tinyurl for the class.

    ?? Did the 504 course provide you with an index??
Sign In or Register to comment.