GMON/SEC511 Any Advice?

Finished the class last week. I used the index that was provided in book 6 to go through my first practice exam. I definitely rushed through it and didn't look up a lot of the answers. Had 90 minutes to spare (out of 180) and failed by 1%. I definitely will take my time and be more thorough looking up answers the next practice exam. Other than that, any advice? Any additional info you studied or brought with you?

Find more posts tagged with

Comments

Blucodex

I just used the course books. Sounds like you have it down if you use the full time and create a personal index.

DJVeritas

If you're 1% off of a passing score, you are pretty close to passing the exam itself. Best thing you can do is update your index based on the weakest parts of your practice exam. Also, look at the tools used in class again and include several commands into your index. The index provided is not enough to pass the exam by itself, however.

markulous

Thanks! Okay, I'll attach SANS' Linux **** sheets and maybe some other CLI stuff for those tools. Otherwise, I feel fairly confident. I thought some of the questions on the practice exam were trying to trick you a little, but all of the concepts I'm pretty familiar with.

markulous

Do they really censor the word C.H.E.A T on this forum?

markulous

Got it scheduled 2 weeks from now. Should give me plenty of time to study up and fix anything I need to after my 2nd practice exam

Blucodex

Good luck Markulous! Pretty straightforward exam--you'll be fine!

markulous

Thank you! My boss hinted at a promotion in a few months when I pass this too, so extra incentive to pass this thing.

Blucodex

When's the exam Markulous?

markulous

This Saturday in the morning. I'm feeling better about it now that I'm modifying the index quite a bit and adding things they didn't include in there.

Blucodex

Good luck Saturday!

markulous

Thanks!! I'll post in here on how I do.

markulous

Passed! 89%. Definitely easier than the practice exam or maybe I was just way more focused.

Blucodex

Congrats!

markulous

Thanks! Now have to debate the next one. Thinking the GSE may be a good goal, so maybe do the GCIA or GCWN next.

Blucodex

markulous said:

Thanks! Now have to debate the next one. Thinking the GSE may be a good goal, so maybe do the GCIA or GCWN next.

GCIA is a really good class. This was the first SANS class I took and I've heard it's also one of the harder exams. I just did a practice GNFA exam last week and the GCIA had me very well prepared enough to be just about ready to challenge the GNFA.

markulous

67% passing score, so yeah I'd guess it was pretty tough. I look at SIEM logs all day, so sounds like something that would be beneficial too.

DJVeritas

Congrats on the pass! GMON'Ster!

afob

Any tips that you can provide for GMON? I take the test in a month

markulous

afob said:

Any tips that you can provide for GMON? I take the test in a month

I personally used the index they provided but made my own modifications to it as there were a few things missing or labelled in a way that didn't make sense to me. I felt pretty confident after doing that. I was getting low 70s on the practice exam, then just slowed down and took my time and got an 89% on the actual exam, so don't get discouraged if you don't get a great score, especially on the first practice exam.

Just relax during the exam and use the time you have to look up things in your index if you aren't sure. If you can't find the answer after a minute or two, just flag it and move on. Let us know how you do also, good luck!

TechGromit

markulous said:

I used the index that was provided in book 6 to go through my first practice exam. Other than that, any advice? Any additional info you studied or brought with you?

Congratulations on the pass, but my advise to others is as follows.

I said this before and I'll say it again, the index SANS provides you is ****. Don't be lazy and use the SANS provided index, your far better off creating your own index from scratch, considering the price of the exam, you want to do all you can to prepare for the exam.

But let's assume for a minute that the SANS provided index is the great. What your given is a keyword and all the places in the books that keyword is mentioned. Now maybe the first place you look up provides you the answer you need, and maybe it doesn't. For an exam with a limited amount of time, do you want to be searching thru the books in 3 or 4 different places for the answer to the question. There simply isn't enough time to look up every answer, your far better off creating your own index and look up the answer once.

markulous

That's why I made my own modifications to it and it worked out great for me. If I just used what they gave me and that was it, not sure how well I would have done. The biggest value of making your own index or modifying theirs is just being able to study more IMO. That helped a lot.

TechGromit

markulous said:

That's why I made my own modifications to it and it worked out great for me. If I just used what they gave me and that was it, not sure how well I would have done. The biggest value of making your own index or modifying theirs is just being able to study more IMO. That helped a lot.

This wasn't my experience with the GREM, the index provided was badly outdated, it referred to keywords that didn't exist in the books and wrong locations for others, not to mention it was very incomplete. I firmly believe learning on a SANS provided index is a recipe for failure.

markulous

With the index for the GMON, I just felt like it had too much info if anything. I crossed out a few things, added a bunch, etc. I pretty much made my own, just didn't want to waste paper/ink so I just modified theirs.

Blucodex

My indexes are usually only 4-6 pages at the most. I go through all the books and if there is a topic I think is important or don't understand I will write down the book number, page number, and slide title in an Excel spreadsheet. After I index all the books I sort alphabetically by slide title and I take a practice exam. If I am still lacking I will search for the sections I need help in, rinse and repeat.

This works well for me. I am 3/3 so far in GIAC exam attempts. The potential issue with using someone else's index is you are not tailoring the index to your needs. What's the point in an index if it hits your strengths?

markulous

I think really, just do whatever works best for you. I wouldn't blindly accept another index and use it at the actual test, that seems pretty foolish, but the way I did it worked great for me. I did better on this than I did the GCIH.

mjs1104

The 511 index that they provide is much better than most SANS provided indexes. I still built my own index for GMON but I also used the one they provided when I couldn't find the topic in my own index (had this happen a couple of times) and it is much better than most SANS indexes. I feel you could definitely pass the GMON without building your own index but it's always better to be safe than sorry.