SANS GCTI for578

fatboydadfatboydad Posts: 3Registered Users ■■□□□□□□□□
Need advice, i failed the GCTI 3 times...each time the score have improved, but the final attempt fell short by 4 points. I indexed every page, and still feel short. My weakest areas are Campaign and Attribution and Malware collection source. I have to study for 30 hrs to attempt to retest. Please, I need advice and i'm too close to give up. 

Comments

  • jcundiffjcundiff Posts: 486Member ■■■■□□□□□□
    Whats your background?  When you took the practice (and live) exams, what gaps did you find in your index?  That should be an indicator that you need to re-work a specific area?  How many lines are in your index?  I know when I took it, I had over 1000 lines in my index and still found a couple of things I didn't have in my index. 

    You are definitely too close to throw in the towel
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
  • fatboydadfatboydad Posts: 3Registered Users ■■□□□□□□□□
    So on the practice exam I made a 78, but for some reason malware collection & attribution is my weakest areas
  • jcundiffjcundiff Posts: 486Member ■■■■□□□□□□
    what about your index?  what's it look like?  how many lines?  did you find gaps in it when you took the practice exams?
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
  • fatboydadfatboydad Posts: 3Registered Users ■■□□□□□□□□
    I have 3 indexes, close to 150 pages front and back (keyword, definition, book, page) no gaps, more of misreading the questions instead of gaps 
  • jcundiffjcundiff Posts: 486Member ■■■■□□□□□□
    how long did you take to take each exam?  If you know you are misreading questions, then slow down and read them twice before even looking at the answers
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
  • Randy_RandersonRandy_Randerson Posts: 99Member ■■■□□□□□□□
    edited December 2018
    I can't help you on the test aspect since I haven't taken it, but a method I've always adopted if I was struggling on something was this: 

    You clearly took the real test. So there HAS to be some questions on there that you didn't know. Try to think back a little and picture what those could have been. They could have been complete guesses or just something you didn't get fully. Now go back and try to find those questions in your material. If you can't find them or it is frustrating -- Google. Find someone else who has written/blogged about it. How do they describe it? Do they give examples? Do you need something in your index that breaks something down much easier than what the book puts it out there? 

    For the latter, I've done printouts of commands being ran and then have arrows point to each part of the command and output explaining what I'm looking at. For example, say you had a nmap scan with -sV -O (just putting random stuff here). I would break down what -Sv and -O options are and then when the scan was complete I break down what I am seeing. What does it mean if no OS is found? What does it mean if you see Port 443 Port 445 Port 8080 open? While the example is trivial, during a test where you're under stress -- it can sometimes help jog your memory to look into something or somewhere to find the answer. 

    Good Luck! I know this is a hard thing to go through. Just remember, no one is perfect and people fail tests. No matter how much you prepare for them, sometimes it just isn't in the cards. There is a reason the percentage is low. Not everyone is going to pass that bad boy. Don't give up! 
Sign In or Register to comment.