GREM passed!

gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
Passed today. 92%. No index (I like to make it tough). No books.

The company I work for paid for "on-demand" SANS FOR610 version + exam attempt.

I have about 8 years malware analysis experience back and forth, but it's more of a hobby for me, for the most part I do architecture stuff. Plus I worked as a DOS x86 assembly developer in 90-s. No surprise that the assembly was my strongest area, web security stuff was the weakest.

Scored 90%-100% on chapter quizzes, but only 77% on a practice exam. No idea how, but I think that the practice exam is tougher than the real one, I've had a few questions there I literally had no idea what they asked me, despite having high score on post-chapter quizzes which one would think assures that the material was digested well.

My initial plan was to bring in all the course books (6 rather thick books) and flag the questions I am not sure about to review them later with books. Little did I know about GIAC exams, LOL! You CANNOT flag and review them later! Ended up not touching a single book. Yeah, it was my first SANS/GIAC course/exam!

Many questions were straight-forward, some were tricky and a few were very complex, I spent like 10 mins on one questing with assembly listing and a debugger screenshot calculating register values as I stepped through the instructions in my head.

Hooray! :)

I also would like GIAC to revoke "open-book" option from all their exams so we can have more suffering! :)

Comments

  • fabostrongfabostrong Member Posts: 215 ■■■□□□□□□□
    Ha. Congrats on the pass. I think it's definitely a good thing to know the material so much that you don't need the books. However, I would always use the books if I wasn't sure about an answer. SANS tests are too expensive to take any risks lol. I would like to take GREM at some point though. I've been thinking of using the book Practical Malware Analysis as a warm-up to GREM. Congrats again. You did very well.
  • NetworkNewbNetworkNewb Member Posts: 3,294 ■■■■■■■■■□
    Congrats on the pass!

    I agree about the open book policy too. Shouldn't be able to look up the answer when you aren't sure of it.
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,103 Mod
    Congrats! you have mastery over the subject and it shows! well done!

    So you do Malware analysis on the side but you do network architecture for a day to day job?
    Goal: MBA, Jan 2021
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
    UnixGuy wrote: »
    Congrats! you have mastery over the subject and it shows! well done!

    So you do Malware analysis on the side but you do network architecture for a day to day job?

    Thanks! Security architecture.
  • TechGromitTechGromit A+, N+, GSEC, GCIH, GREM, Ontario, NY Member Posts: 1,981 ■■■■■■■■□□
    Congratulations on the pass.
    Scored 90%-100% on chapter quizzes, but only 77% on a practice exam.

    I'm studying for this cert now, but I don't know what you mean by the chapter quizzes, there's no chapter quizzes in my books. I'm new at analyzing malware, so I'm at somewhat of a disadvantage. Not a big fan of assembly either.
    Still searching for the corner in a round room.
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,103 Mod
    TechGromit wrote: »
    Congratulations on the pass.



    I'm studying for this cert now, but I don't know what you mean by the chapter quizzes, there's no chapter quizzes in my books. I'm new at analyzing malware, so I'm at somewhat of a disadvantage. Not a big fan of assembly either.

    Chapter quizzes are in the on-demand, by the end of each chapter there is a quiz..not in the physical books only in the online version
    Goal: MBA, Jan 2021
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
    TechGromit wrote: »
    Not a big fan of assembly either.

    Shouldn't be a big deal, as Lenny doesn't strike me as an assembly lover either and in the course he uses every opportunity to skip the static in-your-face analysis by employing as many tricks as possible. :)
  • al88al88 GCIH, GCFA, GNFA, GCTI, GASF, GISP, Sec+ Dallas, TXMember Posts: 62 ■■■□□□□□□□
    Congratulations!
    Little did I know about GIAC exams, LOL! You CANNOT flag and review them later!

    Actually, you can skip questions (up to 10 i believe) and review them later on ... you may also flag them but for GIAC to review if you believe there was something wrong with the question.
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
    al88 wrote: »
    Congratulations!
    Actually, you can skip questions (up to 10 i believe) and review them later on ... you may also flag them but for GIAC to review if you believe there was something wrong with the question.

    Thanks! Okay, then it's my bad. I thought that if you skip it then it's just a form of an answer "I dunno" as I didn't see typical navigation/review buttons, etc. I had ~30 mins left, could've used them to review tough questions.
  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,809 Mod
    Congrats on the pass!!! Reversing is an area of interest for me (more for fun and bug bounties) and I want to take FOR610 at some point.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • Ricky MurongRicky Murong Member Posts: 11 ■□□□□□□□□□
    Congratulations ! =)
Sign In or Register to comment.