GCFE GIAC EXAM PREP

anyways2014

Anyone who has passed the GCFE exam or is studying and would be interested in having a study group? Also please share any study tips, suggestions, or advice for successfully passing the exam

Find more posts tagged with

#Pearson Vue

GIAC

STUDY MATERIALS

#splunk #certification #certifieduser

GIAC Exam

Comments

MrsWilliams

anyways2014 said:

Anyone who has passed the GCFE exam or is studying and would be interested in having a study group? Also please share any study tips, suggestions, or advice for successfully passing the exam

I have honestly never in my life heard of anyone doing a study group for a GIAC exam. I am not saying nobody has ever done such, I am just saying I have never in my life heard of anyone doing one.

I have a few questions:

1. Did you complete the SANS training?

2. Have you done at least one practice test? What did you score?
(assuming you didn't do the training and purchased one)

3. Are you self-studying for this certification exam?

4. I am going to assume this is your first GIAC exam attempt but I'll go ahead and ask. Is this your first GIAC exam attempt? It not, what other GIAC certs do you have?

cyberguypr

Also interested in those details Mrs Wililams asked.

anyways2014

Yep! I went to the week course. I took both practice tests. Failed my exam attempt.

iBrokeIT

Build a lab and spend more time PRACTICING with the material. Build an index, listen to the mp3s, do the labs, refine your index, take a practice exam, repeat.

Just reading and grinding questions will not get you there if you lack the depth of knowledge or experience.

Cheers!

MrsWilliams

anyways2014 said:

Yep! I went to the week course. I took both practice tests. Failed my exam attempt.

Thanks for the information. With that, we don't know who you are. So, can I kindly ask your scores?

Practice Test 1 -
Practice Test 2 -
Exam -

What was your technique for pre-exam preparation?
Is this your first GIAC exam?

anyways2014

Practice Test 1 39% -I did it without an index just to see how much I knew from memory.
Practice Test 2 89%- someone advised me to create an index based on the questions that I missed from the first practice test. My index was 4 pages. Even though I had created a full index of all the books, it was not useful at all during my exam as my 4 page index was. I included a column for descriptions on my 4 page index and only the term and page numbers in my full index.I'm pretty sure my index messed me up but I know it wasn't the only thing. This is my first GIAC exam.

MrsWilliams

anyways2014 said:

Practice Test 1 39% -I did it without an index just to see how much I knew from memory.
Practice Test 2 89%- someone advised me to create an index based on the questions that I missed from the first practice test. My index was 4 pages. Even though I had created a full index of all the books, it was not useful at all during my exam as my 4 page index was. I included a column for descriptions on my 4 page index and only the term and page numbers in my full index.I'm pretty sure my index messed me up but I know it wasn't the only thing. This is my first GIAC exam.

Cool.

Practice Test 1: I would never recommend someone doing a practice test from memory unless:

1. They have strong knowledge of the topics, as in worked in the field.

2. Didn’t mind paying for another practice test

With all things considered, doing a practice test without being committed to 1 or 2 isn’t what I would suggest. It’s said and done now. But if you do consider taking other training in the future think about 1-2. It’s natural for some, especially me to not take the first PT seriously. I also take the real exam more serious than the PT.

During this time of knowing you knew minimal from memory, you could/should have revisited the books. I didn’t ask and you didn’t mention what you did after failing PT1 and what you did to better prepare for PT2. PT1 was just a gauge of your familiarity, not really a huge deal. Many people don’t remember what’s on every page of 5-7 books. So, that’s not a big deal necessarily. People have stated that they’ve taken the PT without the books, that’s cool. Just not my recommended method to advise to others.

Practice Test 2: The good news is that you passed it. The bad news is that a practice test can be a false sense of security. Whoever told you to create an index based on the practice test questions gave you horrible advice. That is insinuating that the exam is based on the practice test questions and if you can pass the PT you can pass the real exam. That is the most far-fetched from the truth.

Here is the issue with creating an index based on the practice test question. You are either doing one or both of the following:

1. Creating screenshots of the questions…which is prohibited and you see that when taking the PT.

2. Enabling the clock to continue running while you create screenshots and/or type as fast as you can.

Either way, it’s a bad situation. I can’t confirm or deny I know people who have done both of the above, I am just saying I wouldn’t suggest it. That is especially on my first GIAC exam.

Moving forward-

I would definitely suggest reading the books again. Downloading the MP3 files to your music device isn’t a horrible idea either. My first exam I listened to the MP3 audio files. After that I stopped listening. It started to either mess up my workout or make me drowsy. Everyone has a type of learning that helps them to memorize material/topics. Some people like audio, video, flash cards, live on-demand training, self-study, etc. Find a study method that works for you.

I would suggest going through the books and purchasing a practice exam or two. Please also read the information at these links:

https://www.giac.org/media/exams/prep-guide.pdf

https://www.reddit.com/r/AskNetsec/comments/7djdwz/favorite_sans_560_index_building_site/

https://tisiphone.net/2015/08/18/giac-testing/

https://www.ericooi.com/how-to-build-a-sans-giac-index/

Long story short, most people have the same/similar method for creating an index.

LonerVamp

anyways2014 said:

... Even though I had created a full index of all the books, it was not useful at all during my exam as my 4 page index was.

This honestly shouldn't be possible. How long was your index of all the books?

There are really only two pieces of advice I could give, which basically will echo @MrsWilliams up above.

1. Re-do your index to be useful. This is on you to make it useful. This is an open book exam. You should be looking up and verifying every answer you can within the allotted time and your index should enable you to do that. The exam is designed for students to have put in the effort to make a useful index. You *must* put effort into this. Don't try to use someone else's index.

2. You do need to understand the materials. Go through the books again. Listen to the mp3 presentation. (And please download them. It pains me to hear students claim they are time-based. They're mp3s. They're not time-based.) Go through the lab book again if your course had a lab. Do every lab and understand the purpose of what you're doing. And then do them again.

As a bonus: Put tabs in the books so you can flip to important charts, graphics, or sections. You don't have to entirely rely on the index to find information. If you know where in the books a particular item is, and you can skip the index and flip right to that section you'll save yourself precious seconds and mental energy. And if you've gone through the material and made an index, you should be pretty intimate with where various topics reside.

Good luck moving forward!