GPEN Exam prep

Cyber_Marsu

Hello,
My employeer provides me with a SANS voucher... But I will have to pay my exam if I want to get the certification associated.
I'm thinking at SANS560 / GPEN (I'm not here to have the multiple time seen exchange on OSCP is better,... )

To know if i will invest on the cert (not mandatory in my actual job), I would like to measure the effort needed regarding the level.
To build my index I have to get the mindset and the depth of the exam... so before paying (and get 2 training exams) I would like to get question samples not to che*t (I'm not asking for d*mps) but to assess the level ... There are many free questions online and paying stuff... but are they relevant ? Any recommandation ?

BR

SteveLavoie

I did SEC560/ GPEN in 2020. The class is really great on all aspect (material, labs, instructor etc..). IMO going to a SANS class and not doing the associated certification is a waste of money. Sure you got the knowledge but the certification confirm to you and all other that you really understand it.  GIAC exam are really based on the books/labs you did on the class and at the same depth/level, so you dont have to expect unrelated question. Also the practice exam with the Cyberlive question (hands-on) give you a 99% realistic experience. Finally, there is this book: 

https://www.amazon.com/GPEN-Certified-Penetration-Tester-Guide/dp/1260456749/ref=sr_1_1?dchild=1&keywords=gpen+sans&qid=1612226906&sr=8-1

I looked at its content on Safari/O'Reilly, and the end of chapters questions are nice and are representative of the exam. Also there is an exam simulator with a practice exam. It is only 47 USD$, so with that book you could surely get the feel and depth of the exam. 

E Double U

You can ask around if anyone has a spare GPEN practice exam. SANS training provides two practice tests, but not everyone uses them and people are allowed to donate them. 

Cyber_Marsu

Many thanks SteeveLavoie for this advice !
Can I ask you the way you took the course ? For me it will be On Demand and I'm a bit afraid of missing important stuff during the labs and/or final CTF on day 6 as I will be "on my own"... Any feedback ?

Cyber_Marsu

Thanks E Double U, but I have a moral issue with "burning" a regular exam just to assess the level and get direction on how to build my index !.... Of course i will be more than grateful to get one, but maybe someone who doesn't have the discounted price including two training exams as he can't afford the course will need it more than me....
Nevertheless if someone wants to donate one, (s)he can offer it here... and after some days if no one claims it... I will

E Double U

I do not see a moral conflict here, but suit yourself lol. You said "There are many free questions online and paying stuff... but are they relevant?" Well in my opinion, I do not think there is any more relevant set of practice questions than the ones provided by the provider itself.

Just my $0.02 as a 5x SANS/GIACer. 

Cyber_Marsu

E Double U said:

 I do not think there is any more relevant set of practice questions than the ones provided by the provider itself.

I can only agree

SteveLavoie

Cyber_Marsu said:

Many thanks SteeveLavoie for this advice !
Can I ask you the way you took the course ? For me it will be On Demand and I'm a bit afraid of missing important stuff during the labs and/or final CTF on day 6 as I will be "on my own"... Any feedback ?

I was lucky enough to be attend the class live in New Orleans in Feb 2020.  With the books, access to the labs etc.. I dont think you would miss important stuff.. however being in a class is much more than content, you are missing all the networking (like in people stuff), the night-talk, the Netwars night etc.. I postponed my next SANS class to next year because I didnt want to do it On Demand or Live Online, so 2022, I should be able to attend to 2 in the same years. 

E Double U

Cyber_Marsu said:

 For me it will be On Demand and I'm a bit afraid of missing important stuff during the labs and/or final CTF on day 6 as I will be "on my own"... Any feedback ?

In 2017 I did SEC503/GCIA on-demand and did not feel that I missed anything important content-wise, but like SteveLavoie said you do miss the live interaction which for me is one of the main reasons to attend SANS. I enjoy the experience in its entirety so live is definitely my preference. But on-demand is good enough for learning the material and passing the exam. 

SteveLavoie

IMO, SANS on-demand is too expensive for some books and video, you only save the travel part..  And in my opinion, allocating a week to some training allow me to concentrate on that subject alone, and not deal with it as just another thing in my days. 

Cyber_Marsu

I agree with both of you....  but it was On Demand or Nothing (I could use my voucher on Live event too but not suitable with my constraints)...
I know the limits : no networking, no exchange with peers, no enrichement from questions I even not thought... but between missing the opportunity or accept the drawbacks... I took the opportunity... 
I will do my best to take the most from the course.... According to UPS i will receive the books next week and to "save" time on the 4 months I will start then...  and make my mind (TBH I think is already done*) on taking the exam quickly

Kind regards

SteveLavoie

Sure Ondemand or nothing is a no-brainer..  And I think they provide you with access to the teacher, so if you have question, they could surely be answered (I hope with that price tag). 

All SANS instructor I met are really willing to share knowledge, so go ahead and ask

Cyber_Marsu

Hello, some late feedbacks.
I passed the exam (and missed the "board" 90% from 2 points).
I felt the exam was harder than moke ones (scored 86% and 95%) but I was confident on "passing" before ending it... just no idea of the score.
Without violating NDA many more questions on Azure that I faced on practice tests, labs are aligned with what you have already done during the course.