GCIH Exam Fail :( - Assistance/Help/Review of my material?

chapnoodle

Greetings Community,

I hope everyone is staying safe during these unprecedented times we are experiencing!

I am reaching out to the community for some assistance, help, and/or review of my GCIH material to see what I am doing wrong and where to improve (within the rules and regulations of GIAC/SANS).  I recently took my GCIH test and failed.  To be honest, I am super bummed and not sure what to do or how to improve.  I thought my index was very thorough (over 200 pages bound and tabbed).  After each practice exam I made changes to information I missed or reword. After the my second practice test, I overhauled the index to get as thorough as I could.  This sucks, because I now have to pay $800 out of pocket to retest (which since I failed, the next test will be based on new material changes) and it doesn't even come with another practice exam!  After paying $7K for a class, you would think they might give you a break on the exam price, maybe $200!  I digress and no, I am not looking for or want a pity party (I guess I needed to vent some)!

To those that have recently taken the training and passed the exam between July 2019 and June 2020, would you mind lending out a hand to help? Maybe review my index to give me some feedback on where I could improve (i.e. formatting, structure, missing info, etc) and possibly share your index so I could compare with mine?

Is it possible that someone in the community has an extra GCIH practice test that they don't need and would be willing to give it away?  I will even give you a donation for coffee or other activities, as long as it is not against the rules and regulations of GIAC/SANS!

Thanks in advance for taking the time to read my post!

Chap

SteveLavoie

I totally agree that GIAC exam are expensive... but that game need big pocket

I am not GCIH... but I am preparing for GPEN (exam in 2 weeks) so most subject are similar. How well were you doing at your practice test? What was your weaks subjects? Did you rely mostly on your index? Were you rushed because you were too much using your index... 200 page.. it is a very big index. 

I am preparing to be able to answer everything from memory as if it wasnt an open book exam. I don't expect to use my books or index more than a few time for some quick fact check). It is more time-consuming but it will last longer.

E Double U

What were your scores on the two practice exams as well as the real exam?

charismaticx

There shouldn’t be that much of a difference honestly. Especially if you retest within a few weeks. I would honestly review your weak areas and review the books again. How did your index do during the practice exams and the real exam. If there was entries missing then go back and work on the index. The index helps reinforce what you’ve see in the books. 

iBrokeIT

Hello and welcome to community.

You talked exclusively about your index as if it were your golden ticket to passing the GCIH.  That mentality is the problem. If you have to look up more than 20% of the questions then you don't know the material well enough and aren't ready for the exam.  At 200 pages you just made another book for yourself instead of a quick reference guide.  Cap your index to 20 pages at most.

Now, start over by reading the books start to finish and do the labs as you encounter them.  You need to completely understand every section and lab before moving on.  Do that twice.  You need to spend more time focusing on the material and time less on your index.  That would be my approach to GIAC exams which I'm only 8-0 on passing.

SecretUser

I'm not sure if we're allowed to share our index with others, but a 200 page index is overkill in my opinion. I am on my second pass of SEC504 and my index is less than 50 pages. 

chapnoodle

SteveLavoie said:

I totally agree that GIAC exam are expensive... but that game need big pocket

I am not GCIH... but I am preparing for GPEN (exam in 2 weeks) so most subject are similar. How well were you doing at your practice test? What was your weaks subjects? Did you rely mostly on your index? Were you rushed because you were too much using your index... 200 page.. it is a very big index. 

I am preparing to be able to answer everything from memory as if it wasnt an open book exam. I don't expect to use my books or index more than a few time for some quick fact check). It is more time-consuming but it will last longer.

For the practice tests I solely relied on my index to "test" and judge the quality of it.  I received a 68% and 67% on the practice tests.  I believe for the first practice test I had about 45 minutes left when I got to the hands on and a little over an hour on the second practice test.

After the first practice test I completely revamped my index to add what I missed from the first practice test and different variations of the words to find them multiple ways. Example would be: Netcat Port Scanning and Port Scanning Netcat.  My thought was that I would hopefully find it either under the "P" or "N".

My indexes are bound and tabbed A-Z.  One index is all five books combined and alphabetized. The second index all the tools alphabetized. The third index is Windows Commands and Linux Commands.

My weakest subjects are Network Attacks, Overflow Attacks, Scanning: Discovery and Mapping, Scanning: Techniques and Defense, Session Hijacking and Cache Poisoning, and Techniques for maintaining access.

chapnoodle

E Double U said:

What were your scores on the two practice exams as well as the real exam?

Practice tests were 68% and 67%. The real exam was 67%.  I had roughly 50 minutes left when I go to the hands on.

chapnoodle

charismaticx said:

There shouldn’t be that much of a difference honestly. Especially if you retest within a few weeks. I would honestly review your weak areas and review the books again. How did your index do during the practice exams and the real exam. If there was entries missing then go back and work on the index. The index helps reinforce what you’ve see in the books. 

I have to wait a mandatory 30 days before I am allowed to retest.  I am in the process of going back and re-reading the books again, making notes of things I saw on the exam and making sure to add it in my index.

chapnoodle

iBrokeIT said:

Hello and welcome to community.

You talked exclusively about your index as if it were your golden ticket to passing the GCIH.  That mentality is the problem. If you have to look up more than 20% of the questions then you don't know the material well enough and aren't ready for the exam.  At 200 pages you just made another book for yourself instead of a quick reference guide.  Cap your index to 20 pages at most.

Now, start over by reading the books start to finish and do the labs as you encounter them.  You need to completely understand every section and lab before moving on.  Do that twice.  You need to spend more time focusing on the material and time less on your index.  That would be my approach to GIAC exams which I'm only 8-0 on passing.

Thank you.

Correct, that is how the information about creating the index was told to me. This is my first SANS exam and others who have taken them expressed the importance of the index and that if you don't have a good one you will not pass.  I was freaked out by that!  So, I made a super thorough index as I could and I even still had trouble finding information or just didn't index it!

I think it is too late to redo my index again.  With all the months I spent building it, I don't even know where to begin on what to take away.

I am currently in the process of reading the books again from start to finish, making notes of stuff I saw on the exam, and redoing the labs.  Prior to taking the exam, I have watched the ondemand videos about 3-4 times, listen to the mp3 audio numerous times and did the labs about 3 times.

chapnoodle

SecretUser said:

I'm not sure if we're allowed to share our index with others, but a 200 page index is overkill in my opinion. I am on my second pass of SEC504 and my index is less than 50 pages. 

Yeah, I don't know about the index either, that's why I asked. I know we are not allowed to share our books, videos, audio, etc, but I am not sure about the index.

SteveLavoie

Sorry I dont want to offend you, but I would have focused on learning the stuff instead to be a master "indexer".   

SecretUser

show previous quotes

After the first practice test I completely revamped my index to add what I missed from the first practice test and different variations of the words to find them multiple ways. Example would be: Netcat Port Scanning and Port Scanning Netcat.  My thought was that I would hopefully find it either under the "P" or "N".

I had this problem when creating my index for the GSEC because it was the first time I had to create an index for a SANS cert. I would advise against it as it becomes too confusing trying to remember the different ways in which you indexed something. If your index uses descriptions, just put Port Scanning in the description for Netcat and underline it so its easy to find. I hope that this makes sense, I'd give you an example if I could. lol. Did you create your index in excel or word with a tool like Voltaire?

chapnoodle

SecretUser said:

show previous quotes

After the first practice test I completely revamped my index to add what I missed from the first practice test and different variations of the words to find them multiple ways. Example would be: Netcat Port Scanning and Port Scanning Netcat.  My thought was that I would hopefully find it either under the "P" or "N".

I had this problem when creating my index for the GSEC because it was the first time I had to create an index for a SANS cert. I would advise against it as it becomes too confusing trying to remember the different ways in which you indexed something. If your index uses descriptions, just put Port Scanning in the description for Netcat and underline it so its easy to find. I hope that this makes sense, I'd give you an example if I could. lol. Did you create your index in excel or word with a tool like Voltaire?

No idea what Voltaire is.  I make it in Excel.  Would I be violating the EULA if I took a screenshot of my index to show how detailed it is?

chapnoodle

SteveLavoie said:

Sorry I dont want to offend you, but I would have focused on learning the stuff instead to be a master "indexer".   

No offense taken. I was just given bad advice by people.

cyberguypr

Did i just read that right? 200 pages? Just NO! I realize all indexes are different but this just doesn't work. After 4 certs I still stand by my indexes: https://community.infosecinstitute.com/discussion/98047/passed-gcih. The GCIH index was only 13 pages. Either you know the material and need a little refresher here or there, or you don't know it. 

The index sharing discussion comes up in the SANS Advisory Board every now and then. Almost everyone agrees that sharing indexes does NOT violate anything or is considered cheating. That is assuming it's a real index and not full copies of SANS course content. Some of us argue that sharing indexes does not have much value because building the index is part of the learning experience. If I share my index and someone fails, they could easily blame me. Heck no!

charismaticx

I don’t think the length of the index matters as long as you know how to use it and it’s separated properly with alphabetical dividers. I also tab out the books for quick reference. It really comes down to if you know the material. 

chapnoodle

cyberguypr said:

Did i just read that right? 200 pages? Just NO! I realize all indexes are different but this just doesn't work. After 4 certs I still stand by my indexes: https://community.infosecinstitute.com/discussion/98047/passed-gcih. The GCIH index was only 13 pages. Either you know the material and need a little refresher here or there, or you don't know it. 

The index sharing discussion comes up in the SANS Advisory Board every now and then. Almost everyone agrees that sharing indexes does NOT violate anything or is considered cheating. That is assuming it's a real index and not full copies of SANS course content. Some of us argue that sharing indexes does not have much value because building the index is part of the learning experience. If I share my index and someone fails, they could easily blame me. Heck no!

Sadly, yes... Now I feel like a total idiot! haha.  AND, it is 200 pages at 9.5 font AND scaled down to 79%. If it was at 100% and 10-11 font, I would be pushing maybe 350 pages.

Good to know that the discussion on index sharing does come up on the SANS Advisory board and does not violate any policies.  Here is a screenshot of my indexs.

https:// imgur.com/a/MMP382A

SecretUser

Right off the bat I can tell you that you need to work on what you put under the "Term" field of your index. Do you really need to put "Network Stuff ping" as a term? Why not just put ping? Like I said above, it can become confusing trying to categorize your terms like this because some terms don't fit neatly into a category. Also, do you really need a new row for each step of a DNS attack? Why not just have a term for the DNS attack, and in the description put see page for example/steps? I will try to provide a snippet of my index when I get a chance.

What version of the course do you have? If we have the same version, I wouldn't mind being your study partner! I am just about to finish my second pass of the books.

chapnoodle

SecretUser said:

Right off the bat I can tell you that you need to work on what you put under the "Term" field of your index. Do you really need to put "Network Stuff ping" as a term? Why not just put ping? Like I said above, it can become confusing trying to categorize your terms like this because some terms don't fit neatly into a category. Also, do you really need a new row for each step of a DNS attack? Why not just have a term for the DNS attack, and in the description put see page for example/steps? I will try to provide a snippet of my index when I get a chance.

What version of the course do you have? If we have the same version, I wouldn't mind being your study partner! I am just about to finish my second pass of the books.

I honestly don't know - I was going off what I was told by other who have taken SANS exams. They told me to index every page title as the subject/term and different ways, ie.e "Ping Network Stuff" and "Network Stuff Ping".

How do I find out what version of the course books I have? I don't see it under the copyright and terms page.

chapnoodle

cyberguypr said:

Did i just read that right? 200 pages? Just NO! I realize all indexes are different but this just doesn't work. After 4 certs I still stand by my indexes: https://community.infosecinstitute.com/discussion/98047/passed-gcih. The GCIH index was only 13 pages. Either you know the material and need a little refresher here or there, or you don't know it. 

The index sharing discussion comes up in the SANS Advisory Board every now and then. Almost everyone agrees that sharing indexes does NOT violate anything or is considered cheating. That is assuming it's a real index and not full copies of SANS course content. Some of us argue that sharing indexes does not have much value because building the index is part of the learning experience. If I share my index and someone fails, they could easily blame me. Heck no!

It looks like my previous post was deleted for some reason.  I'll try to recap everything I wrote to you!

Yes, it is 200 plus pages at font size 9.5 and scaled down to 79%. If I was at font size 10-11 and NOT scaled down, I bet it would be 350ish pages.

That is good to know the SANS Advisory Board does not consider sharing indexes a violation
 

charismaticx

Your index looks like one of mine. Honestly, I would go back and review everything. It’s quite possible you didn’t know how to use the index to come to a conclusion. 

quogue66

There is another way to look at this.  While I agree that 200 pages is too big it also comes down to the way you formatted it.  It looks like your index is in landscape format.  That will significantly increase the number of pages.  I regularly have very large indexes.  The majority of my indexes have about 1100-1300 lines.  I'm about to take the GCPM exam.  This is my 11th GIAC exam.  My index is over 2400 lines.  For some exams I had multiple indexes.  For the mobile forensics exam I had a complete alphabetical index of all books, an index of just Android, an index of just iphone, etc.  I also create table of contents pages for each book and tape them inside the front cover.  I try to limit them to about 20 lines.  Creating the index is a part of studying.  You just have to make sure you understand the material and think of the index as a resource you use as needed, not for every question.

chapnoodle

charismaticx said:

I don’t think the length of the index matters as long as you know how to use it and it’s separated properly with alphabetical dividers. I also tab out the books for quick reference. It really comes down to if you know the material. 

  Yes, I tabbed out the books too by using pages numbers. That way, I could quickly get to page 93.

charismaticx

At this point, it comes down to understanding the material. The index is just a tool that helps point you in the right direction. It honestly comes down to you. SANS courses are challenging but their not impossible. Their by far the best training around. Good luck on you’re next attempt. Don’t let this discourage you. The GCIH is my pride and joy. 

JDMurray

That is not only an index but also a glossary. The page count will be greatly reduced by only creating an index to reference the pages in the course texts. However, putting together a document of that magnitude will certainly help anyone learn the material better.

TechGromit

chapnoodle said:

show previous quotes

E Double U said:

What were your scores on the two practice exams as well as the real exam?

Practice tests were 68% and 67%. The real exam was 67%.  I had roughly 50 minutes left when I go to the hands on.

Since your test scores didn't improve between the practice exams, I believe it's a question of study habits not the size of your index. My index was 36 pages, printed landscaped, and I think I only referring to it maybe 10 times during the exam. Building an index is suppose to be a method of studying, not to rush to build the index. If you took the time to study and build a solid index, chances are you will not need to refer to it more than a few times during the exam, ideally not at all. As for your time remaining after completing the exam, your time management needs work, you shouldn't have so much time left after completing the exam. You should split the exam into check points so you should be on question 37 at the 1 hour mark, 75 at the two hour mark and so on, if your ahead, force yourself to slow down, if behind, pick up the pace. the Exam appears to be different now, it says 100 to 150 questions, when i took it it was a set number of questions, it may be reactive now where if you get an answer wrong it gives you more questions about that topic to probe your knowledge on it. I wouldn't rush to retake the exam soon as your 30 days waiting period expires, your obviously not ready. Rushing to retake the exam is only going to result in another failure. From my own experience on the GREM, I knew I was not ready for to take the exam and paid for an extension, it was money well spent, I squeezed out a pass.

My recommendation would be to burn your current index and start over, you need to read all the books, study them as you build a new index. Even a Great index isn't going to help you pass the exam if you do not know the material. 

yoba222

Passed the GCIH with no index. Or reference books with me*. They weren't available to me at the time and I knew that while studying for it. I think knowing of the burned bridge forced me to study carefully and really know the material. That's all the index really is -- an activity to force you to digest the material carefully.
One very helpful thing was carefully reviewing each question of the practice exam, several days later, over and over until I could "take" it again and get 100%. I mean the practice exam is given in a web browser after all.

*Probably couldn't do that on something more intense, like the 503, from what I've heard, but very doable on the 504.

scasc

Some excellent advise here from folks who are pretty experienced GIAC exam takers. I fell into this trap about 4/5 years back when I sat my first GIAC exam - GSNA. I was so naive at the time, I just created notes with no real index and used the notes + books for the exam. It was when I kept my eye on the score after every 10/15 questions I knew this was a terrible tactic. Cut a long story short, pass mark was 71, I got 73 but realized the key thing is to really understand the material properly. Index is a supplement to point you to where you have seen something. 

I too have a habit of making too many notes and I have always done this. But when I did GCCC - I simply created an index of the index just to point me in the right direction.

What you can do is perhaps go over the material and make a short index of the index you have - what I mean is perhaps a few pages just to highlight key aspects so you can be pointed to the right direction when needed.

Best of luck. 

E Double U

scasc said:

realized the key thing is to really understand the material properly. 

That is applicable to any exam 

scasc

You got it bud. Sometimes one is tempted to just go for it (and I am like this too )  but honestly when you break it down bare bones - just got to understand the material.