Bombed first GREM practice test

TechGromit

Got a 60%, I was kinda dreading taking the practice test, I found the course very tough.

The good is most of the questions I used my index for, there was enough info I could answer the question without looking up the answer in the books, I used the books to look up about 5 answers where where wasn't enough detail in my index.

The bad, despite how detailed I thought my index was (927 entries), I was still missing several keywords for some of the questions the exam asked, several I had no clue on or where to look them up and others not nearly enough details.

Used index more than I would have liked, answered maybe 25 questions without looking them up. Made a couple some stupid answer mistakes as well.

Scored one star on Win Assembly code concepts for reverse-engineering, 2 stars on malware analysis using memory forensics, analyzing web-based Malware and Common win Malware characteristics in assembly. I found myself rushing too much at the beginning of the exam, I had to force myself to slow down, finished with 2 minutes to spare.

Exam is due Dec. 6th, seriously considering paying for a extend, since I'll be away on vacation for a week this month.

quogue66

GREM was a really tough course with a lot of information to take in. I scored a 71 or 72 on my first practice test and a 84 or so on my second. I ended up passing the exam with an 80. After the first practice test I really revamped my index and added A LOT of info. I think my index was around 1500 entries. This was definitely overkill but it helped me study more.

[Deleted User]

Best of luck! I've been keeping my eye on the GREM certification. One thing I found with GIAC exams is read the actual text and make index entries on that not just the slides.

gespenstern

Good luck!

It's a tough nut if you are approaching it without real work experience to back up your studies. I had such a backup so I scored 92 with no index because of the years of analyzing malware.

Given the score and all the lookups during the exam, yeah, it looks like you may want to extend the time available for studies.

Shouldn't be a surprise though, this course starts with 6 and SANS have only a few of them and only one toughest course that starts with 7. It's not a 4xx or 5xx easy course.

UnixGuy

Good luck mate! It is a tough one!

TechGromit

I ended up coughing up the $360 to get a 6 week extension, my exam deadline is now Jan. 19, instead of Dec. 6. I plan to make good use of the extra time, by following along with the MP3 lectures, with the books and carefully doing the labs. In some ways it's better this way because I can pause the MP3 and do the labs along with variations I try to see what happens. Listening in the car does help, but it's as beneficial as having the material in front of me. Someone did comment in my rep why would I point out I'm an idiot, or something along those lines, I'm here to learn or get pointers in learning, not to brag how superior I may be to others.

hoosar

Failed today GREM with 61% , had 60% on first attempt and 85% on second. Honestly I thought I passed the test, was shocker to find out I didn't. Couldn't believe it, debating on new strategy of retaking exam, did labs, all books 2X, index, CTF, I understand the material but still failed.

TechGromit

Just took my 2nd practice GREM Exam today, scored a 69%, I carefully redid all of the labs and material from books 3 to 5, didn't get a chance to redo the labs for book 2, but I did better on that material than the Analyzing Web-Based questions. I have my exam attempt scheduled for Jan. 18th, not going to extend the date again. I firmly believe that the questions are pulled from a pool of possible questions, so what questions you get, is luck of the draw. So practice exams / certification exams can be easier or tougher, just depending on what questions you get. The 2nd practice test seemed way harder than the first exam I did, even though I did better on it. It did seem to have a more code analysis questions, I have two weeks to work on areas I'm weak on, but I give myself a 50/50 chance on passing at this point.

I didn't reference my index as much as I did the first exam, I also pulled up my scores for Win Assembly code concepts for reverse-engineering 3 stars, 4 stars on malware analysis using memory forensics. I seriously considered the correct answer for at least two questions, and ended up picking a different answer, getting the question wrong when I had the correct answer the first time.

I plan on consolidating my assembler notes into a few pages, One weakness I saw was say for example


(Note: question I made up not on practice exam)


Which choice is 32-bit architecture?


A. byte
B. word
C. dword
d. qword


Assuming i didn't know the answer, I would have to flip through the index looking up each answer. While this is unavoidable some of the time, since Assembly is such a big part of the exam, I figured that having everything referring to assembler consolidated separately. Also doesn't hurt to go over all the material again.


Another question I didn't trust my own index, looked up the four answers, but only one was on my index, but it didn't see right to me, so I picked one of the answers that wasn't on my index, the BOGUS answer was wrong, If your index is complete, trust it over your gut.

The final thing I'm planning to do is go over all the code again in the books and pull out examples that i think may be on the exam into **** sheets, I saw a question I immediately recognized from the books, I'm betting there are parts of other code examples from the books on the exams. While i didn't do too bad on this part of the exam, I just think I got lucky, with best guess answers.

GirlyGirl

--Based off the last two discussion posts I will mentally never consider this certification unless a job says take it or you are fired---

Ok, back on topic. Stay in the fight TG. Thanks for not giving up. These courses are two expensive to give up on, especially with the added cost of certification re-attempts. I hope you and Hoosar prevail!

I just did some quick math. You can miss at least 20 of the 75 questions. Without that every 15 question score that they went away with, I just honestly count in my head the questions I am not 100% sure in. Towards the end, I have a pretty good idea if I passed.

My new technique is if I don't know or can't find the answer in less than a minute I skip it. I go for the low hanging fruit and the answers I can easily find in my index/book. That way, I am not pressed for time at the end and have to quick read and pick a letter between A-D that may or may not be correct. Yes, it has happened. Go for what you know first. That works for me, not really for everyone. It also only works if you are not one for taking breaks. Because if you have to take a break, you have to answer the questions you skipped first.

GG

johndoee

As long as your know your weakness you can maintain your strengths and improve upon the areas in which you lack. You still have time. You have time to make the best index and absorb the most information as possible.

BlackBeret

I'm planning to challenge this one this year, but now I'm not so sure. Can I ask if the assembly was mostly x86 focused, or did they throw in a lot of 64-bit examples as well?

How tool heavy were the test questions? I'm decent with IDA and I find it works well as a debugger as well, but I know there's a dozen ways to skin a cat. I've heard the GREM labs use x64dbg and ollydbg a lot. Concepts and basic usage I get, but if GREM is like GPEN, you need to know which keys are needed to access what features. x= cross references in IDA, but I wouldn't know the equivalent in x64dbg, etc.

quogue66

BlackBeret wrote: »

I'm planning to challenge this one this year, but now I'm not so sure. Can I ask if the assembly was mostly x86 focused, or did they throw in a lot of 64-bit examples as well?

How tool heavy were the test questions? I'm decent with IDA and I find it works well as a debugger as well, but I know there's a dozen ways to skin a cat. I've heard the GREM labs use x64dbg and ollydbg a lot. Concepts and basic usage I get, but if GREM is like GPEN, you need to know which keys are needed to access what features. x= cross references in IDA, but I wouldn't know the equivalent in x64dbg, etc.

When I took it in September they barely touched on x64 based Assembly. The course is very technical. I thought it was much more technical than GPEN. You can look at the test requirements on the GIAC site for a list of tools but I'm not sure if they list every tool that is covered.

TechGromit

BlackBeret wrote: »

I'm planning to challenge this one this year, but now I'm not so sure. Can I ask if the assembly was mostly x86 focused, or did they throw in a lot of 64-bit examples as well?

Other than larger address space for the 64-bit examples, assembly wise I don't see very much difference. If your good with 32 bit assembler, I don't think you'll have trouble with 64 bit assembler.

BlackBeret wrote: »

How tool heavy were the test questions? I'm decent with IDA and I find it works well as a debugger as well, but I know there's a dozen ways to skin a cat. I've heard the GREM labs use x64dbg and ollydbg a lot. Concepts and basic usage I get, but if GREM is like GPEN, you need to know which keys are needed to access what features. x= cross references in IDA, but I wouldn't know the equivalent in x64dbg, etc.

He no longer uses ollydbg in the course, it's x32dbg / x64bdg. There are some tool related questions, so it's good to be familiar with what tools the author recommends, volatility is a big one, there's a good 20 pages in the book dedicated to this one tool. I printed out the full help screens for it and it served me well so far. Don't recall any what this key does or how to do that in such and such program, but anything is possible on the exam.

hoosar

Passed my GREM finally, one advice for takers, read questions carefully.

j1mgg

Well done

wrickaz

Well done!