I want to take GCIH without the course

andrecvntandrecvnt Junior MemberRegistered Users Posts: 4 ■□□□□□□□□□
in GIAC
I did a research in this thread but it looks like almost everyone who took the certification went throught the material.
But since my employer won't pay me for this and I have no money to buy the course, are there alternatives?

Is there a book or material I can go through that will be enough to pass in the exam? I have a little experience with incident response already.

Thanks!
· Share on FacebookShare on Twitter

Comments

  • GirlyGirlGirlyGirl Senior Member Member Posts: 219
    andrecvnt wrote: »
    I did a research in this thread but it looks like almost everyone who took the certification went throught the material.
    But since my employer won't pay me for this and I have no money to buy the course, are there alternatives?

    Is there a book or material I can go through that will be enough to pass in the exam? I have a little experience with incident response already.

    Thanks!

    I am 100% confident if you spend 45 seconds searching the threads you will find what people have used to pass the exam without the course material.

    It is not suggested but possible.

    Have a wonderful day.

    Thanks,

    GG
    · Share on FacebookShare on Twitter
  • al88al88 Dallas, TXMember Posts: 62 ■■■□□□□□□□
    Everything related to IR can be answered without books. Its the tools that kills .. just so many of them! Commands can be overwhelming a little too.

    I'd highly recommend taking the course, not to pass the cert only, but the experience is really worth it Especially if you take it with one of the lead instructors/authors.

    If you just taking the certificate it for a certain requirements.. I'd recommend looking for an alternative honestly.

    Good luck.

    PS: Work-study program costs as much as the certificate attempt.. except you attend the course, take it on-demand and attempt the certificate ;)
    · Share on FacebookShare on Twitter
  • docricedocrice Random Member Member Posts: 1,706 ■■■■■■■■■■
    SEC504 is more about incident handling than incident response. If you're looking for response specifically, consider looking through the syllabus for FOR508 and FOR572.

    https://www.sans.org/course/advanced-incident-response-threat-hunting-training
    https://www.sans.org/course/advanced-network-forensics-analysis

    That said, knowing the overall incident handling workflow is pretty fundamental. 504 packages the viewpoints of both defense, offense, and incident handling management aspects.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
    · Share on FacebookShare on Twitter
  • mactexmactex Member Posts: 80 ■■■□□□□□□□
    al88 wrote: »
    Everything related to IR can be answered without books. Its the tools that kills .. just so many of them! Commands can be overwhelming a little too.

    I'd highly recommend taking the course, not to pass the cert only, but the experience is really worth it Especially if you take it with one of the lead instructors/authors.

    If you just taking the certificate it for a certain requirements.. I'd recommend looking for an alternative honestly.

    Good luck.

    PS: Work-study program costs as much as the certificate attempt.. except you attend the course, take it on-demand and attempt the certificate ;)

    Spot on. The tools are why it will be difficult (not impossible) to pass without the books. SANS courses/labs are packed with tools; and they are usually well represented on the exams. Work study may be your best bet.
    · Share on FacebookShare on Twitter
  • TheFORCETheFORCE Senior Member Member Posts: 2,297 ■■■■■■■■□□
    I'm sure if you go through this list

    https://pen-testing.sans.org/resources/downloads

    you can then research and dive deeper on the tools, plus ypu can take all that use it as your index.
    · Share on FacebookShare on Twitter
  • KasorKasor Senior Member Member Posts: 929 ■■■■□□□□□□
    I will not recommend. If you are experience incident handler, then you still need to read the book. You want to pass because the exam fee is pricey. You shall prepare yourself as much as possible.
    Kill All Suffer T "o" ReBorn
    · Share on FacebookShare on Twitter
  • josephandrejosephandre Senior Member Member Posts: 315 ■■■■□□□□□□
    Work study is far and away the best option as it’s less expensive than the voucher alone.
    · Share on FacebookShare on Twitter
  • TechGromitTechGromit Ontario, NY Member Posts: 2,151 ■■■■■■■■■□
    andrecvnt wrote: »
    Is there a book or material I can go through that will be enough to pass in the exam? I have a little experience with incident response already.

    Best answer I can provide is find someone who recently took the GCIH exam and is willing to share their index with you. Use the index to study what topics you need to know for the exam. Ideally an index that has topic, book, pages and short definition of the topic, as well as detailed as possible. I've seen indexes that were only a few hundred entries long and others thousands of entries. You want the most detailed index possible as reference material. While the book and Page information is useless to you without the books, the topic and definition is very valuable information. I also would not rely on someone's index for the exam, use the index as a blueprint what topics you need to be knowledgeable on.
    Still searching for the corner in a round room.
    · Share on FacebookShare on Twitter
  • yoba222yoba222 Senior Member Member Posts: 1,237 ■■■■■■■■□□
    You'd really need the official course books. Technically it's against the agreement to sell/give away the books to someone. But it's not against the agreement to buy them. I've seen them on eBay before.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
    · Share on FacebookShare on Twitter
Sign In or Register to comment.