GIAC GCIH Cert Preperation

kossmantabkossmantab Member Posts: 12 ■□□□□□□□□□
Need some advise. So I just got done with the class and have Indexed my book and am in the middle of going back though the labs. Was going to take a practice test this weekend to see where I am. Any other advice on how to study for this test. Are they any external sites that have good questions. OR anyone who has a extra practice exam they are not using. This is my first Sans test so not to sure what to focus on. Tools, Labs, how tools work.

Comments

  • cyberguyprcyberguypr Senior Member Mod Posts: 6,926 Mod
    Nah, you took the class and have the books. That is all you need. Is this your first GIAC test?
  • quogue66quogue66 Senior Member Member Posts: 187 ■■■■□□□□□□
    GCIH was my first GIAC cert and I wondered the same. There is nothing you need other than the material they provided you. I went a little deeper on some things for a few different GIAC tests and it was a waste of time. Read the books, do the labs and create a good index along the way and you'll be good. I usually read the books and do the labs 3 times.
  • kossmantabkossmantab Member Posts: 12 ■□□□□□□□□□
    yes this is my first.
  • krucial85krucial85 Member Austin, TexasMember Posts: 84 ■■■□□□□□□□
    I agree. If you have a good index and understand the steps in incident handling then you will do fine.
    "The way to succeed is never quit. That's it. But be really humble about it."
  • kossmantabkossmantab Member Posts: 12 ■□□□□□□□□□
    Just did my first Practice test on Friday and failed. So working on the Indexing a little more and more reading and studying the commands.
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,926 Mod
    Tell more so we can help. Whats the layout of your index? How close/far where you from passing? Which topics did you do better/worse?
  • kossmantabkossmantab Member Posts: 12 ■□□□□□□□□□
    My index is set up with Box, page and subject. I created it from tabs i flagged in class and from the index I got form San 504 dropbox by John strand. unix commands and windows command I do need to work on that is why im redoing the the labs. And im listening to the MP3 while at work.

    Buffer Overflow missed all
    one star
    Incident Handling: Overview and Preparation, Covering Tracks: Systems,
    Denial of Service Attacks, Network Attacks, Techniques for maintaining access, Worms, Bots & Bot-Nets
    Two starts
    Session Hijacking and Cache Poisoning, Scanning: Techniques and Defense, Scanning: Discovery and Mapping, Covering Tracks: Networks, Client Attacks, Incident Handling: Identification
    Three start
    Incident Handling: Containment, Password Attacks, Web Application Attacks
    Four starts
    Reconnaissance, Incident Handling: Eradication, Recovery, and Lessons Learned
  • kossmantabkossmantab Member Posts: 12 ■□□□□□□□□□
    Index has 353 its setup with Book, Page , Subject. I do know when i did use my index i passed. the top 4 items i need to study are the attack vectors and what they do is where it looks like I struggle.
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,926 Mod
    I will suggest "comments" column in the index. This has been invaluable for me as a brief explanation here saves me from perusing through the books. Saves a LOT of time.

    Se my old post here: http://www.techexams.net/forums/sans-institute-giac-certifications/98047-passed-gcih.html
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    kossmantab wrote: »
    I do know when i did use my index i passed.
    Huh? Why don’t you use your index then...the exam is open book and notes.
  • kossmantabkossmantab Member Posts: 12 ■□□□□□□□□□
    Because the way the worded some of the question it was not in the book.
  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,062 ■■■■■■■■□□
    kossmantab wrote: »
    Index has 353 its setup with Book, Page , Subject. I do know when i did use my index i passed. the top 4 items i need to study are the attack vectors and what they do is where it looks like I struggle.
    Not sure what 353 is referring to, but for comparison, my GCIH index was 1200 entries, sorted by keyword, book, tab # and short definition of keyword/subject. In addition I had a separate index just for computer programs, this was sorted like this:




    Backdoor
    tini Backdoor
    1
    9
    Example: tini.exe is listening on TCP port 7777


    Backdoor
    VNC - Virtual Network Computing
    5
    2
    Backdoor Trajon Program, used for legit remote admin, Pages (10 - 13)


    Code / Flaw Checking
    Pax
    3
    17
    Help configure Linux system to prevent buffer overflows (Page 129)


    Code / Flaw Checking
    Positive Skew Analysis
    1
    24
    stacked analysis of install software on your enviroment


    Code / Flaw Checking
    RATS
    3
    17
    Free automated code checking tool (Page 134)


    Code / Flaw Checking
    Flawfinder
    3
    17
    Free automated code checking tool (Page 134)


    Code / Flaw Checking
    Fortify Source Code Analyzer
    3
    17
    Commerical automated code checking tool Page 134)


    Code / Flaw Checking
    GammaTech's CodeSonar
    3
    17
    Commerical automated code checking tool Page 134)


    Code / Flaw Checking
    Kansa by Dave Hall
    1
    24
    used to create a stacked analysis of install software on your enviroment


    Code / Flaw Checking
    Koders.com
    3
    14
    code search engine tool (Page 110)


    Cracking Tool
    Cain
    4
    2
    Password cracking tool, rancy GUI interface


    Cracking Tool
    Cain & Abel
    4
    3
    security tool used for attacking system or administering them. (Page 23 - 2icon_cool.gif

    Still searching for the corner in a round room.
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,926 Mod
    There seems to be a bit of a communication barrier here. What I understood is that the index was 353 items. Then the "the way the worded some of the question it was not in the book" comments leads me to think OP is expecting the be able to literally look up things in the books. This is certainly a recipe for failure. If the book says "Security needs chocolate..." and the exam question says "which security element is composed of milk, sugar, and cocoa" then OP will absolutely miss the question.

    You need to understand the material and how to apply it. The exam is not verbatim from the book.
  • kossmantabkossmantab Member Posts: 12 ■□□□□□□□□□
    you are correct. sorry about that. By looking at all of the posts. I need to add more to my index. Here is a sample of what it looks like. I will add a description column and more information about what is on each page.




    Book
    Page
    Subject


    1
    8
    Incident Handling


    1
    10
    Event


    1
    11
    Corroboration


    1
    12
    Event


    1
    12
    PICERL

  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,062 ■■■■■■■■□□
    kossmantab wrote: »
    I need to add more to my index. Here is a sample of what it looks like.
    My first index was a lot like yours, but you have space on the paper, why not add a short definition of the keyword? If you can answer the question with your index without flipping thru the book, you will save valuable time you can apply towards answering harder questions.
    I'm not sure if I'm, looking at the finished product, or your work in progress, but your index should be sorted alphabetically when your finished with it.
    Some might say creating a 1200 item index is overkill, but it helps you study and remember the answers you may not need to use the index in the first place. The ultimate goal is to pass the exam, doesn't matter if you know them all in your head or you have a well refined index to help you.
    Still searching for the corner in a round room.
  • kossmantabkossmantab Member Posts: 12 ■□□□□□□□□□
    Very much a work in progress. That is why I's asking for tips and help. I really want to pass. I'm still refine my index with more meaning full data. with reading what everyone posted I went to basic for an index and i need to put more details and information in it to have more meaning will work on that. And share as I do it for feed back and pointers. Still have one more practice I can take but want to wait to use it till I have a better index.
  • JasionoJasiono Member Posts: 896 ■■■■□□□□□□
    With just scanning the other replies in this thread, I see some very good advice.
    Here is what I did when I took my exam in March of this year:

    Downloaded the MP3 files and put them on my iPod and listened to it every damn time I drove somewhere
    I watched all the videos and did the little practice questions after each section
    (The videos are available to you if you have the on demand package. Not sure if everyone gets the MP3 files)
    Created index
    Took first practice exam
    Fine tuned my index according to cyberguypr's recommendations (Thank you for posting that information by the way)
    Took the second practice exam
    Added more entries to my index accordingly
    Took the final exam and passed higher than my practice exams
    Throughout this, I would do all the labs as well while going through the books.

    I must have watched the videos twice
    Listened to the MP3 files quite often but I lost my place every once in a while so I just let it shuffle around like an idiot (don't be like me LOL)

    My index had 779 entries and it consisted of the following columns:

    B.P (means book.page)
    Keyword1
    Keyword2
    Comment

    Here are example entries I had in my index:

    3.106 !exploitable Tools Works with a debugger to analyze software crashes....
    3.87 arp -a Commands Check ARP entries on a windows machine


    Another note on my index:
    I kept my Keyword2 column to a certain set of keywords, if that makes sense. My most common entries in that column were Tools, Info, Preparation, Identification, Definition...... etc. I hope you get the idea. My Keyword1 is where I had the widest range of keywords. I did this because I would look up keyword1, and have multiple entries for that keyword (perhaps ARP) and I would know which one I needed to look at for the question. If it's asking for a command, I will look at the ARP entry with the keyword2 being COMMANDS, if it asked for a definition, you guess it, I would look at keyword2 being DEFINITION.

    I brought two indexes in with me to the exam center. One of them being sorted by keyword1 and the other by keyword2.
  • JasionoJasiono Member Posts: 896 ■■■■□□□□□□


    B.P
    Keyword1
    Keyword2
    Comments


    1.26
    OWASP
    Methodology
    This page shows OWASP Top 10


    1.25
    SamuraiWTF
    Tools
    Framework for WAPT built by SANS




    There we go. There's an example of my index that's not crammed, and this one is for my current WAPT index.
  • kossmantabkossmantab Member Posts: 12 ■□□□□□□□□□
    I went to live class so I did not get the video's. But I'm listening to the MP3's everyday. And doing the Labs as well and redoing my index as above. I'm adding to it based on everyone's examples. Which means I'm re-reading my books. And as I do this I find more Items of interest to add. Thanks for everyone's input and help.
Sign In or Register to comment.