GIAC GCIH Cert Preperation
kossmantab
Member Posts: 12 ■□□□□□□□□□
in GIAC
Need some advise. So I just got done with the class and have Indexed my book and am in the middle of going back though the labs. Was going to take a practice test this weekend to see where I am. Any other advice on how to study for this test. Are they any external sites that have good questions. OR anyone who has a extra practice exam they are not using. This is my first Sans test so not to sure what to focus on. Tools, Labs, how tools work.
Comments
-
cyberguypr
Mod Posts: 6,928 Mod
Nah, you took the class and have the books. That is all you need. Is this your first GIAC test? -
quogue66
Member Posts: 193 ■■■■□□□□□□
GCIH was my first GIAC cert and I wondered the same. There is nothing you need other than the material they provided you. I went a little deeper on some things for a few different GIAC tests and it was a waste of time. Read the books, do the labs and create a good index along the way and you'll be good. I usually read the books and do the labs 3 times. -
krucial85
Member Posts: 84 ■■■□□□□□□□
I agree. If you have a good index and understand the steps in incident handling then you will do fine."The way to succeed is never quit. That's it. But be really humble about it." -
kossmantab
Member Posts: 12 ■□□□□□□□□□
Just did my first Practice test on Friday and failed. So working on the Indexing a little more and more reading and studying the commands.
-
cyberguypr
Mod Posts: 6,928 Mod
Tell more so we can help. Whats the layout of your index? How close/far where you from passing? Which topics did you do better/worse?
-
kossmantab
Member Posts: 12 ■□□□□□□□□□
My index is set up with Box, page and subject. I created it from tabs i flagged in class and from the index I got form San 504 dropbox by John strand. unix commands and windows command I do need to work on that is why im redoing the the labs. And im listening to the MP3 while at work.
Buffer Overflow missed all
one star
Incident Handling: Overview and Preparation, Covering Tracks: Systems, Denial of Service Attacks, Network Attacks, Techniques for maintaining access, Worms, Bots & Bot-Nets
Two starts
Session Hijacking and Cache Poisoning, Scanning: Techniques and Defense, Scanning: Discovery and Mapping, Covering Tracks: Networks, Client Attacks, Incident Handling: Identification
Three start
Incident Handling: Containment, Password Attacks, Web Application Attacks
Four starts
Reconnaissance, Incident Handling: Eradication, Recovery, and Lessons Learned -
kossmantab
Member Posts: 12 ■□□□□□□□□□
Index has 353 its setup with Book, Page , Subject. I do know when i did use my index i passed. the top 4 items i need to study are the attack vectors and what they do is where it looks like I struggle.
-
cyberguypr
Mod Posts: 6,928 Mod
I will suggest "comments" column in the index. This has been invaluable for me as a brief explanation here saves me from perusing through the books. Saves a LOT of time.
Se my old post here: http://www.techexams.net/forums/sans-institute-giac-certifications/98047-passed-gcih.html -
TechGuru80
Member Posts: 1,539 ■■■■■■□□□□
Huh? Why don’t you use your index then...the exam is open book and notes.kossmantab wrote: »I do know when i did use my index i passed. -
kossmantab
Member Posts: 12 ■□□□□□□□□□
Because the way the worded some of the question it was not in the book.
-
TechGromit
Member Posts: 2,156 ■■■■■■■■■□
Not sure what 353 is referring to, but for comparison, my GCIH index was 1200 entries, sorted by keyword, book, tab # and short definition of keyword/subject. In addition I had a separate index just for computer programs, this was sorted like this:kossmantab wrote: »Index has 353 its setup with Book, Page , Subject. I do know when i did use my index i passed. the top 4 items i need to study are the attack vectors and what they do is where it looks like I struggle.
Backdoor
tini Backdoor
1
9
Example: tini.exe is listening on TCP port 7777
Backdoor
VNC - Virtual Network Computing
5
2
Backdoor Trajon Program, used for legit remote admin, Pages (10 - 13)
Code / Flaw Checking
Pax
3
17
Help configure Linux system to prevent buffer overflows (Page 129)
Code / Flaw Checking
Positive Skew Analysis
1
24
stacked analysis of install software on your enviroment
Code / Flaw Checking
RATS
3
17
Free automated code checking tool (Page 134)
Code / Flaw Checking
Flawfinder
3
17
Free automated code checking tool (Page 134)
Code / Flaw Checking
Fortify Source Code Analyzer
3
17
Commerical automated code checking tool Page 134)
Code / Flaw Checking
GammaTech's CodeSonar
3
17
Commerical automated code checking tool Page 134)
Code / Flaw Checking
Kansa by Dave Hall
1
24
used to create a stacked analysis of install software on your enviroment
Code / Flaw Checking
Koders.com
3
14
code search engine tool (Page 110)
Cracking Tool
Cain
4
2
Password cracking tool, rancy GUI interface
Cracking Tool
Cain & Abel
4
3
security tool used for attacking system or administering them. (Page 23 - 2
Still searching for the corner in a round room. -
cyberguypr
Mod Posts: 6,928 Mod
There seems to be a bit of a communication barrier here. What I understood is that the index was 353 items. Then the "the way the worded some of the question it was not in the book" comments leads me to think OP is expecting the be able to literally look up things in the books. This is certainly a recipe for failure. If the book says "Security needs chocolate..." and the exam question says "which security element is composed of milk, sugar, and cocoa" then OP will absolutely miss the question.
You need to understand the material and how to apply it. The exam is not verbatim from the book. -
kossmantab
Member Posts: 12 ■□□□□□□□□□
you are correct. sorry about that. By looking at all of the posts. I need to add more to my index. Here is a sample of what it looks like. I will add a description column and more information about what is on each page.
Book
Page
Subject
1
8
Incident Handling
1
10
Event
1
11
Corroboration
1
12
Event
1
12
PICERL
-
TechGromit
Member Posts: 2,156 ■■■■■■■■■□
My first index was a lot like yours, but you have space on the paper, why not add a short definition of the keyword? If you can answer the question with your index without flipping thru the book, you will save valuable time you can apply towards answering harder questions.kossmantab wrote: »I need to add more to my index. Here is a sample of what it looks like.
I'm not sure if I'm, looking at the finished product, or your work in progress, but your index should be sorted alphabetically when your finished with it.
Some might say creating a 1200 item index is overkill, but it helps you study and remember the answers you may not need to use the index in the first place. The ultimate goal is to pass the exam, doesn't matter if you know them all in your head or you have a well refined index to help you.Still searching for the corner in a round room. -
kossmantab
Member Posts: 12 ■□□□□□□□□□
Very much a work in progress. That is why I's asking for tips and help. I really want to pass. I'm still refine my index with more meaning full data. with reading what everyone posted I went to basic for an index and i need to put more details and information in it to have more meaning will work on that. And share as I do it for feed back and pointers. Still have one more practice I can take but want to wait to use it till I have a better index.
-
Jasiono
Member Posts: 896 ■■■■□□□□□□
With just scanning the other replies in this thread, I see some very good advice.
Here is what I did when I took my exam in March of this year:
Downloaded the MP3 files and put them on my iPod and listened to it every damn time I drove somewhere
I watched all the videos and did the little practice questions after each section
(The videos are available to you if you have the on demand package. Not sure if everyone gets the MP3 files)
Created index
Took first practice exam
Fine tuned my index according to cyberguypr's recommendations (Thank you for posting that information by the way)
Took the second practice exam
Added more entries to my index accordingly
Took the final exam and passed higher than my practice exams
Throughout this, I would do all the labs as well while going through the books.
I must have watched the videos twice
Listened to the MP3 files quite often but I lost my place every once in a while so I just let it shuffle around like an idiot (don't be like me LOL)
My index had 779 entries and it consisted of the following columns:
B.P (means book.page)
Keyword1
Keyword2
Comment
Here are example entries I had in my index:
3.106 !exploitable Tools Works with a debugger to analyze software crashes....
3.87 arp -a Commands Check ARP entries on a windows machine
Another note on my index:
I kept my Keyword2 column to a certain set of keywords, if that makes sense. My most common entries in that column were Tools, Info, Preparation, Identification, Definition...... etc. I hope you get the idea. My Keyword1 is where I had the widest range of keywords. I did this because I would look up keyword1, and have multiple entries for that keyword (perhaps ARP) and I would know which one I needed to look at for the question. If it's asking for a command, I will look at the ARP entry with the keyword2 being COMMANDS, if it asked for a definition, you guess it, I would look at keyword2 being DEFINITION.
I brought two indexes in with me to the exam center. One of them being sorted by keyword1 and the other by keyword2. -
Jasiono
Member Posts: 896 ■■■■□□□□□□
B.P
Keyword1
Keyword2
Comments
1.26
OWASP
Methodology
This page shows OWASP Top 10
1.25
SamuraiWTF
Tools
Framework for WAPT built by SANS
There we go. There's an example of my index that's not crammed, and this one is for my current WAPT index. -
kossmantab
Member Posts: 12 ■□□□□□□□□□
I went to live class so I did not get the video's. But I'm listening to the MP3's everyday. And doing the Labs as well and redoing my index as above. I'm adding to it based on everyone's examples. Which means I'm re-reading my books. And as I do this I find more Items of interest to add. Thanks for everyone's input and help.
