GCIH Practice Questions

Hello all,
I was wondering if there were any legitimate practice questions/exams I could use to prepare for the GCIH? I do not have the funds to pay for the GIAC Practice Exams, and am going to attempt to Challenge the exam by self-studying other resources and relying on experience.

Any recommendations would be appreciated!

Find more posts tagged with

GCIH

GIAC

cybersecurity

GIAC Exam

Comments

Randy_Randerson

Sorry I cannot help you Kiyori. However, my question is how/why you're willing to challenge a test that will cost you well over $1k for, yet $110 for a practice exam is too much? Also, I see they appear to have moved to a hands-on testing scenario based on the 100-150 questions you may see. So just studying the books is not going to be fully beneficial now.

You can certainly try to flood any InfoSec forums and see if someone is willing to donate a practice exam to you.

MrsWilliams

Randy_Randerson said:

Sorry I cannot help you Kiyori. However, my question is how/why you're willing to challenge a test that will cost you well over $1k for, yet $110 for a practice exam is too much? Also, I see they appear to have moved to a hands-on testing scenario based on the 100-150 questions you may see. So just studying the books is not going to be fully beneficial now.

You can certainly try to flood any InfoSec forums and see if someone is willing to donate a practice exam to you.

Sir,

Where did you gather the information that is based upon those four words?

Kiyori

Randy_Randerson said:

Sorry I cannot help you Kiyori. However, my question is how/why you're willing to challenge a test that will cost you well over $1k for, yet $110 for a practice exam is too much? Also, I see they appear to have moved to a hands-on testing scenario based on the 100-150 questions you may see. So just studying the books is not going to be fully beneficial now.

You can certainly try to flood any InfoSec forums and see if someone is willing to donate a practice exam to you.

Randy,
Essentially, it is both a money and format thing. I'm saving up money for the exam, and I see your point about the $110. From what I've read, the practice exam is a one time thing. I am looking for a practice test engine like PearsonVUE or Transcender offers.

When I feel like I am getting closer to getting ready for the exam, then I will of course be putting up the money to purchase the GIAC Practice Exams. As far as the hands-on stuff (which I didn't know about, thanks for the heads up), I am hoping that by practicing through resources like VulnHub, I will be able to know enough information.

-kiyori

E Double U

In your situation, one then I can recommend is the Boson practice engine for CEH. I only mention this because of the CEH/GCIH overlap and Boson was cheap when I did it (paid about $85 back in 2016).

Disclaimer: I have never used non-SANS material to prepare for a GIAC exam. Outside of the SANS training/books I simply relied on knowledge gained from studying for other certs and skills obtained on the job. Good luck!

Randy_Randerson

MrsWilliams said:

Sir,

Where did you gather the information that is based upon those four words?

MrsWilliams, if you go to the GIAC site: https://www.giac.org/certification/certified-incident-handler-gcih , you'll see that they show 100-150 questions. That is usually an indicator since GXPN and GCIA both have the same thing. Also, I Beta tested the environment for this exact test for the hands-on portion last summer. So I know it is coming eventually.

FluffyBunny

Oh it's no longer eventually: the SANS Advisory Board mailing list has already seen mention of a few people taking the new exam with hands-on tests.

johndoee

They've raised the price 100 times in the past few years and now are adding hands-on testing

Sounds about right LOL

The days of people self-paying for exam attempts and/or training are just about over. Spending 7-8K for training with an exam attempt is what people pay for cars and are added to down payments on a house. I bet those work study applications every year are getting longerrrr

FluffyBunny

and now are adding hands-on testing

Personally, I'm quite happy with this development. I've always been amazed at "The Allmighty SANS(!!!)" resorting to mere multiple-choice, open book exams.

johndoee

FluffyBunny said:

and now are adding hands-on testing

Personally, I'm quite happy with this development. I've always been amazed at "The Allmighty SANS(!!!)" resorting to mere multiple-choice, open book exams.

But.. people have still failed GIAC exams even with them being open book exams. If you calculate the number of pages in 5-6 books and the time to complete the exam, I am not going to say it's impossible but some information has to have already been absorbed.

People can say the CISSP is the Almighty certification to have in the cyber security field. Actually, I just did a search in indeed.com with no city, state, or zip code listed. The more popular certifications GSEC, GCIH, and GPEN don't even have half the results as the CISSP certification. Yet, the CISSP is multiple choice...

So, let me see pay a few thousand to challenge a GIAC exam or pay what, 800 bucks or so for the CISSP that gets more hits than like 6 GIAC certifications combined. Let me think about what I would advise someone

It used to be that only the GSE had a hands-on portion. Over the years the price has went up numerous times and the timer no longer displays on the right side of the screen. It's almost like what someone and or companies have done to medications in the past few years:

1. Start off with a lower affordable price.
2. Over time, raise the price so that nobody can afford it.

They are adding hands-on like the competitor:

https://www.eccouncil.org/programs/licensed-penetration-tester-lpt-master/

Speaking of Ec-Council the CEH gets more hits than a few GIAC certifications combined.

Did I mention the a few new certifications come out every single year..This is getting insane.

Anything they can find, that they can make out of 5-6 books that'll do a beta and release a certification exam a few months later.

johndoee

FluffyBunny said:

and now are adding hands-on testing

Personally, I'm quite happy with this development. I've always been amazed at "The Allmighty SANS(!!!)" resorting to mere multiple-choice, open book exams.

Maybe not all, but a good portion of the requisitions that require, prefer, or a GIAC certification would be nice to have, have CISSP listed.

So, if one has CISSP, do they really need a GIAC certification, IF both are listed on the job description...Hmm. Makes me think.

Blucodex

I can validate GCIH has hands on questions. I took the exam in January.

TechGromit

johndoee said:

People can say the CISSP is the Almighty certification to have in the cyber security field. Actually, I just did a search in indeed.com with no city, state, or zip code listed. The more popular certifications GSEC, GCIH, and GPEN don't even have half the results as the CISSP certification. Yet, the CISSP is multiple choice...

To be fair, the CISSP has been around since 1994, GIAC certifications came out in 1999 and besides a written exam to pass, you had to write an original reach paper to boot. This limited the number of certifications awarded until they split them into the Silver and Gold levels. Things are beginning to change, as more people become familiar with the benefits of having someone with a technical background in cyber security instead of a management background. Also often job posting are often posted by Human resource departments where the job description is years outdated.

TechGromit

Blucodex said:

I can validate GCIH has hands on questions. I took the exam in January.

Not sure by you mean by hands on, my the last exam I had, you were shown an example of some malware output using different tools and had to answer questions about that malware sample, instead of simple memorization of the books.

iBrokeIT

TechGromit said:

Blucodex said:

I can validate GCIH has hands on questions. I took the exam in January.

Not sure by you mean by hands on, my the last exam I had, you were shown an example of some malware output using different tools and had to answer questions about that malware sample, instead of simple memorization of the books.

Nop, the GIAC pentesting certs have "hands-on" lab questions where you are given access to a session on a VM and tools to answer a question. I averaged 7-10 actions/commands to complete the questions(aka short labs) on the GPEN.

Image: https://us.v-cdn.net/6030959/uploads/editor/2v/neawywbf4f7h.png

Blucodex

iBrokeIT's description of the hands-on or short-labs is what I experienced in January on the GCIH. Not sure why I didn't think of this but I actually had a 15 minute QA with GIAC afterwards (few weeks later) to tell answer a survey on my experience.

kasod

Anyone mind sharing whats the structure for lab-based questions? they give some kind of scenario or its like ctf ?

iBrokeIT

They give you a VM with multiple tools, a question and 15 multiple choice answers to choose from. They are very short, single task questions that require you to know a few commands and proper syntax. I've taken the GPEN and GXPN, none of the lab questions took more than 5 minutes if you properly studied the labs from the class.