SANS GCTI for578
Need advice, i failed the GCTI 3 times...each time the score have improved, but the final attempt fell short by 4 points. I indexed every page, and still feel short. My weakest areas are Campaign and Attribution and Malware collection source. I have to study for 30 hrs to attempt to retest. Please, I need advice and i'm too close to give up.
You clearly took the real test. So there HAS to be some questions on there that you didn't know. Try to think back a little and picture what those could have been. They could have been complete guesses or just something you didn't get fully. Now go back and try to find those questions in your material. If you can't find them or it is frustrating -- Google. Find someone else who has written/blogged about it. How do they describe it? Do they give examples? Do you need something in your index that breaks something down much easier than what the book puts it out there?
For the latter, I've done printouts of commands being ran and then have arrows point to each part of the command and output explaining what I'm looking at. For example, say you had a nmap scan with -sV -O (just putting random stuff here). I would break down what -Sv and -O options are and then when the scan was complete I break down what I am seeing. What does it mean if no OS is found? What does it mean if you see Port 443 Port 445 Port 8080 open? While the example is trivial, during a test where you're under stress -- it can sometimes help jog your memory to look into something or somewhere to find the answer.
Good Luck! I know this is a hard thing to go through. Just remember, no one is perfect and people fail tests. No matter how much you prepare for them, sometimes it just isn't in the cards. There is a reason the percentage is low. Not everyone is going to pass that bad boy. Don't give up!