Passed the GSEC (my first SANS exam): My experience, tips & lessons learned

JGSJGS Member Posts: 23 ■■■□□□□□□□
My experience with the GSEC exam:

This was my first GIAC exam and I passed with a 90% :D. I would like to thank all of you who have written about your experiences because they were very helpful to me.

I would like to share how I prepared for the exam as well as my own personal lessons learned, in case it can help someone else.

First, I did not have time to listen to the mp3s (except the first one). I would really have liked to though since I enjoyed the first one. I also did not do the labs again, though I did some of them twice while I took the course (I did them at home in the evenings).

I indexed all the books, however I did not index all the terms (as this was my first exam and I didn’t expect the level of detail). In hindsight, perhaps I should have taken a practice exam before making the index since it was my first SANS course. Not indexing all the terms was a mistake in my opinion, and if I were doing it again, I would have indexed everything. I needed to take the GSEC exam and move on to other courses, or I might have spent more time.

Pre-preparation: Read all the different ways that people have prepared for the exam and read how people have prepared indices (such as as well such as JDMurray’s blog, Better GIAC Testing with Pancakes).

1. The GIAC GSEC Exam Experience - IT Certification Blogs
4. Search for GSEC on and read what people say when they passed. There are often very good comments about indices and other items in the responses in the follow-ups to postings.

For my index, I used a variation of Better GIAC Testing with Pancakes indexing. I decided not to prepare a color coded excel/word index ( I didn’t think I needed the colors in the index), but I did tab/flag my books as well as highlight information in different colors. This tab/flag method has worked well for me in the past, while studying for certification exams. I used 0.5” Post-It Flags in various colors and tabbed the various sections on the books. Each book had a color and every module was tabbed with that color and deemed important sub-sections with a related color (I didn’t tab all sub-sections) .

For example, the first book was blue (for the modules). Then the sub-sections (some of those listed in the objectives) received a related color - light blue. I would write (very small) on the tab, what the subject was. Then any important items that had several slides but was a component of a sub-section, I tabbed/flagged in another color, yellow. For example, TCP. The labs got their own color (e.g., pink) - since a lab description might be useful to an answer. These flags were all down the 11” side of the book. Book 1 had 24. So that I could read what was written on them and include all the information I wanted I used a 0.3mm Ultra Fine Zebra Sarasa Clip Pen (it was hard to find a pen that worked how I wanted - medium pens didn’t work for me).

On the top of the Book 8.5”, I listed pages that were useful. For example, TCP Header, or comparisons. For Book 1, these were orange and green color flags. I also remarked the labs on the top of the books. Book 9 had 12: 9 useful information and 3 labs. Each book had a different main color. So like the Testing with Pancakes, I could associate a color with a book. Book 1 as blue. I was able to find post-it flags that had a dark version of the color and a light one, with the exception of orange and yellow.

I found these tabs/flag really useful for rapidly finding information. I used them a lot during the exam. I also found it added some fun and color to indexing the material.

I also created a one page that had an overview of all six books (excluded the Workbook) and what page each module started on. I used this during the exam if I wanted to find a section. It came in very useful during the actual exam because it turns out that I was missing some terms that should have been in my index and I needed to look for the information in a particular section. There is so much material in these books, from my perspective, one might remember hearing it or reading it but not exactly where.

I indexed the books using Excel. I had two columns, the first reflecting where, the second reflecting what.

Column 1: Book.Module.PageBeginning-PageEnd. (e.g., 5.3.105-106 meaning Book 5 Module 3, pages 105-106)

I didn’t want two columns in my spreadsheet so instead of separate columns for Book and Page numbers like some people do, I just merged them into one column: book and page numbers with an added module number (since I had module tabs on the right side of the book). For me, the idea was to compress information so I didn’t have to turn lots of pages.

Column 2: Term: Description of Term
I used abbreviations if I knew what they were, such as GPO. If I was writing a sequence from a slide, I would use a sequence counter.
For example,
5.4,162: GPO Settings-1: (passwd, …. )
5.4.162: GPO Settings-2: …

This kept my entries in alphabetical order when I did the Alphabetical Order Sort.

Then I printed out two forms of the index:
1. Book Order (this was actually separate by book the way I created it)
2. Alphabetical Order (sort on the text column)

I didn’t use end up using Book Order index in the actual exam, so I might not do that again, but I liked the thought of having all the information the way I created it (as I am a visual person).

Practice Exam 1: Decided to wait until I studied. I know some people take them right away to see what they know, but I didn’t want to use this to see what I could guess. I wanted to study and learn the material as much as I could.

Took the Exam with:
- Index
- 1 page Book/Module Sheet (in a plastic colored sheet protector)
- **** sheets (what was given in class and what I found on the SANS website).

Got a 85%..

I realized from this exam, that I my index was missing lots of windows commands and I also was weak on some vulnerabilities and mitigations. So I:

- Created a “**** sheet” of all Windows tools I found in the book and what page
- Created one for some of the Linux ones that I didn’t know (but I am more familiar with Linux than Windows)
- Created a list of all ports that were mentioned in the book
- Created a partial list of attacks, vulnerabilities & mitigations (partial because I didn’t finish it)
- Wrote out the diagram of the Crypto Algorithms that was in the book, so that it was handy and I didn’t have to look it up (I referred to this a few times in the Exam).
- I also printed a copy of ports from a website online as well as a hexadecimal/binary **** sheet.

I put them in colored clear plastic sheet protector, so I could remember, e.g., windows commands in reddish plastic one, ports in green, ...

The idea behind this is that if one has to look up information, find it fast. Time is precious.

I also reviewed the Exam 1 summary to find my weaknesses on the exam.

Decide to take Exam 2, per JDMurray’s advice to learn more (as this is my goal icon_smile.gif as well as pass). I didn’t look up items on this exam, I just guessed if I didn’t know. I was really glad I did this, the second Practice Exam had questions the first exam didn’t. Some of the questions were exactly the same though.

In the Actual Exam: I took of course the tabbed books, and:
1. Indices as described (used this)
2. 1 page sheet All Book/Module outline (includes page numbers) (used this on exam)
3. **** Sheets that I created (used the Windows one a lot, I am more familiar with Linux)
4. SANS **** sheets (you can find more on the SANs site - I printed these out)
5. My notes from the SEC401 class - I typed them all into Google Docs during the lectures.

During the actual exam I had to do more lookup than I would have liked, but I had the time. I had to go through some sections in detail because I was missing the term completely in my index.

I also didn’t drink any coffee/tea/soft drinks to avoid going to the restroom other than the 15 minutes break. I did however bring some coffee creams for break that gave me a bit of a caffeine boost. 5 hours is a long time!

Lessons Learned:
- index more fully, there is a lot of detail on the exam
- create useful 1 page **** sheets based on the material - they are easy to refer to during the exam.
- make sure all the terms in the SANS books index are in yours. I found one item in the SANS course index after the course (that wasn’t in mind). If I had checked the SANS provided index, this would have enabled me to answer a question correctly.
- create an each book summary similar to my 1 page all book/module summary.
- take the practice exam summary only somewhat seriously. If one scores well it may be due to the questions asked on the practice exam. My final exam summary and practice exam summaries didn’t always overlap in terms of how I scored on the various areas. However, the practice exam summary was definitely useful for studying my areas of weakness.

Comments on my approach are always appreciated! :D

Thanks again to the creators of this forum - it is really beneficial!

Good luck to everyone on their certification exams!


  • mactexmactex Member Posts: 80 ■■■□□□□□□□

    Using the practice tests as a guide for the index/**** sheets is the key to GIAC exams IMO.
  • JGSJGS Member Posts: 23 ■■■□□□□□□□
    Thank you. I plan to utilize the practice tests more effectively on my next exam.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    Congratulations, When you take SANS exams seriously, they are usually not too difficult to pass. Understanding the material, Indexing and Time management are the keys to passing. If they were $150 exams, you could afford to be a little more laid back with your approach, but at $675 exam cost and $729 retake cost, it's serious dough.
    Still searching for the corner in a round room.
  • KasorKasor Member Posts: 933 ■■■■□□□□□□
    Congrats. I agreed that SANS exam is all about knowledge your topics and how to index your study guides. However, a strong IT background will help to phase out some of the questions. Sometime SANS do have stupid question on the exam.
    Kill All Suffer T "o" ReBorn
Sign In or Register to comment.