GREM Certification exam preparation

Hi everyone,

I am looking to take GREM exam by the end of this year. My background is reverse engineering and malware forensic with more than 3 years experience in real life and dealing with real incidents everyday.

However, this is my first SANS so I am quite concerned about some points. It really appreciate if someone could help me to go through:
- Does GREM exam required a lots reading books and remembering definitions? Is it a practical exam or theory exam?
- With 3 years in reverse engineering and malware forensic, what should I do to prepare for the exam?

Really appreciate for your help. Looking forward to your response eagerly.

Regards,
Michael

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

TechGromit

To clarify are you taking the SANS 610 Course then the GREM exam, or you attempting to challenge the GREM exam with your knowledge without taking the course? The Exam is a mixture of both, your be shown output from say a PDF from a tool and asked questions about it, sometimes it just one question, other times it's several, as well as knowledge type questions. You will not be doing anything interactive like trying to analyze a malware sample during the exam, but you may be asked what tool would you use to analyze a certain type of file. Be very familiar with assembler for static code analysis, be able to follow the logic of assembler code, including the types of conditional jumps. Be familiar to malware detection avoidance techniques and how to identify them. be familiar with Idapro and Foxpro malware analyzer.

michaelhoang

thanks @TechGromit for your advice.
I attempt to take the GREM without taking the course.

The knowledge question that you have mentioned is the theory question getting from the course book right? Can you tell me how many question or the ratio of knowledge questions will be appeared in the exam?
Furthermore, I heard that the SANS exam is required a wide knowledge. Can you suggest me how I should prepare for the exam? Do I need to and how do i create the index for the exam (if required)?

Thank you very much for your time and your help.

JoJoCal19

If you're going to challenge it using your knowledge and work experience, I'd recommend spending the $150 or so that a practice exam costs. You can purchase them to gauge how you'd fair in the real exam.

TechGromit

michaelhoang wrote: »

The knowledge question that you have mentioned is the theory question getting from the course book right? Can you tell me how many question or the ratio of knowledge questions will be appeared in the exam?

I'm afraid not. The Exam is updated often, so even if I were to tell what every question that was on my exam, chances are a lot of the questions would have changed already. I also firmly believe the questions on the exam are pulled from a pool of possible questions from the SANS test server. This would explain why there is sometimes a 2 to 3 second delay when the exam is loading the next question, if the entire exam was downloaded to your test computer in one shot at the beginning of the exam, there shouldn't be any delay in loading the next question.

michaelhoang wrote: »

Furthermore, I heard that the SANS exam is required a wide knowledge. Can you suggest me how I should prepare for the exam? Do I need to and how do i create the index for the exam (if required)?

The "index" for the exam is just a index of the SANS course materials you possess when you take the course, There no reason why you couldn't just index the "Malware Analyst's Cookbook" for a quick reference on the exam or other malware books and other material. I guess you could just use the index in the back of the cookbook, but half the point of creating your own index, it helps you study for the exam. I haven't read the entire cookbook, but there is certainly useful information in it that will help you with the exam, but no assembler in it. You going to need a decent assembler book to understand it, so you can do static code analysis.

mjs1104

Read practical malware analysis and watch some x86 assembly videos and you should have a decent chance to pass with your working knowledge. I agree with what was posted above, I would take a practice test to gauge your readiness. The GREM exam is not a walk in the park.