GREM passed!
gespenstern
Member Posts: 1,243 ■■■■■■■■□□
in GIAC
Passed today. 92%. No index (I like to make it tough). No books.
The company I work for paid for "on-demand" SANS FOR610 version + exam attempt.
I have about 8 years malware analysis experience back and forth, but it's more of a hobby for me, for the most part I do architecture stuff. Plus I worked as a DOS x86 assembly developer in 90-s. No surprise that the assembly was my strongest area, web security stuff was the weakest.
Scored 90%-100% on chapter quizzes, but only 77% on a practice exam. No idea how, but I think that the practice exam is tougher than the real one, I've had a few questions there I literally had no idea what they asked me, despite having high score on post-chapter quizzes which one would think assures that the material was digested well.
My initial plan was to bring in all the course books (6 rather thick books) and flag the questions I am not sure about to review them later with books. Little did I know about GIAC exams, LOL! You CANNOT flag and review them later! Ended up not touching a single book. Yeah, it was my first SANS/GIAC course/exam!
Many questions were straight-forward, some were tricky and a few were very complex, I spent like 10 mins on one questing with assembly listing and a debugger screenshot calculating register values as I stepped through the instructions in my head.
Hooray!
I also would like GIAC to revoke "open-book" option from all their exams so we can have more suffering!
The company I work for paid for "on-demand" SANS FOR610 version + exam attempt.
I have about 8 years malware analysis experience back and forth, but it's more of a hobby for me, for the most part I do architecture stuff. Plus I worked as a DOS x86 assembly developer in 90-s. No surprise that the assembly was my strongest area, web security stuff was the weakest.
Scored 90%-100% on chapter quizzes, but only 77% on a practice exam. No idea how, but I think that the practice exam is tougher than the real one, I've had a few questions there I literally had no idea what they asked me, despite having high score on post-chapter quizzes which one would think assures that the material was digested well.
My initial plan was to bring in all the course books (6 rather thick books) and flag the questions I am not sure about to review them later with books. Little did I know about GIAC exams, LOL! You CANNOT flag and review them later! Ended up not touching a single book. Yeah, it was my first SANS/GIAC course/exam!
Many questions were straight-forward, some were tricky and a few were very complex, I spent like 10 mins on one questing with assembly listing and a debugger screenshot calculating register values as I stepped through the instructions in my head.
Hooray!
I also would like GIAC to revoke "open-book" option from all their exams so we can have more suffering!
Comments
-
fabostrong Member Posts: 215 ■■■□□□□□□□Ha. Congrats on the pass. I think it's definitely a good thing to know the material so much that you don't need the books. However, I would always use the books if I wasn't sure about an answer. SANS tests are too expensive to take any risks lol. I would like to take GREM at some point though. I've been thinking of using the book Practical Malware Analysis as a warm-up to GREM. Congrats again. You did very well.
-
NetworkNewb Member Posts: 3,298 ■■■■■■■■■□Congrats on the pass!
I agree about the open book policy too. Shouldn't be able to look up the answer when you aren't sure of it. -
UnixGuy Mod Posts: 4,570 ModCongrats! you have mastery over the subject and it shows! well done!
So you do Malware analysis on the side but you do network architecture for a day to day job? -
gespenstern Member Posts: 1,243 ■■■■■■■■□□Congrats! you have mastery over the subject and it shows! well done!
So you do Malware analysis on the side but you do network architecture for a day to day job?
Thanks! Security architecture. -
TechGromit Member Posts: 2,156 ■■■■■■■■■□Congratulations on the pass.gespenstern wrote: »Scored 90%-100% on chapter quizzes, but only 77% on a practice exam.
I'm studying for this cert now, but I don't know what you mean by the chapter quizzes, there's no chapter quizzes in my books. I'm new at analyzing malware, so I'm at somewhat of a disadvantage. Not a big fan of assembly either.Still searching for the corner in a round room. -
UnixGuy Mod Posts: 4,570 ModTechGromit wrote: »Congratulations on the pass.
I'm studying for this cert now, but I don't know what you mean by the chapter quizzes, there's no chapter quizzes in my books. I'm new at analyzing malware, so I'm at somewhat of a disadvantage. Not a big fan of assembly either.
Chapter quizzes are in the on-demand, by the end of each chapter there is a quiz..not in the physical books only in the online version -
gespenstern Member Posts: 1,243 ■■■■■■■■□□TechGromit wrote: »Not a big fan of assembly either.
Shouldn't be a big deal, as Lenny doesn't strike me as an assembly lover either and in the course he uses every opportunity to skip the static in-your-face analysis by employing as many tricks as possible. -
al88 Member Posts: 62 ■■■□□□□□□□Congratulations!gespenstern wrote: »Little did I know about GIAC exams, LOL! You CANNOT flag and review them later!
Actually, you can skip questions (up to 10 i believe) and review them later on ... you may also flag them but for GIAC to review if you believe there was something wrong with the question. -
gespenstern Member Posts: 1,243 ■■■■■■■■□□Congratulations!
Actually, you can skip questions (up to 10 i believe) and review them later on ... you may also flag them but for GIAC to review if you believe there was something wrong with the question.
Thanks! Okay, then it's my bad. I thought that if you skip it then it's just a form of an answer "I dunno" as I didn't see typical navigation/review buttons, etc. I had ~30 mins left, could've used them to review tough questions. -
JoJoCal19 Mod Posts: 2,835 ModCongrats on the pass!!! Reversing is an area of interest for me (more for fun and bug bounties) and I want to take FOR610 at some point.Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework