GREM Exam Tips?

1maccabee

Greetings TechExams folks! First time poster here, and I've recently concluded the GIAC GREM course and am preparing for the GREM certification test. I know that I need to go through the books and bookmark any/all key terms, and that it's beneficial to go through the practical exercises for gaining a feel for what Mr. Zeltser is imparting. Any other useful tips and tricks that have helped you out? Any advice is welcomed and appreciated!

TechGromit

Having passed it, It was the hardest GAIC exam I took so far. I would do lots of studying, go back thru the labs a couple of times and build a good index. I also would NOT take the practice exams until you think your ready for the test. I failed both my practice exams, paid for an extension and finally passed the exam. I wouldn't pay for additional practice exams, while it's not "officially stated" by GIAC, the consensus is practice exam questions are pulled from a pool of possible questions, and if you purchase additional practice tests it's likely you will see repeats of questions from other practice exams. My background job was not a malware analyst, so I had a harder time than others how may perform this type of job day to day. I'm sad mine Cert expired, I was planning on using passing the CISSP to get the credits to renew it, but due to covid, testing dates were farther in the future than I was expected.  I did have a date lined up a few weeks before my cert expired, but bad luck interfered, a Snowstorm forced the testing center to cancel my exam and the soonest reschedule dates were into April, 3 months after my certification expired.     

1maccabee

TechGromit said:

Having passed it, It was the hardest GAIC exam I took so far. I would do lots of studying, go back thru the labs a couple of times and build a good index. I also would NOT take the practice exams until you think your ready for the test. I failed both my practice exams, paid for an extension and finally passed the exam. I wouldn't pay for additional practice exams, while it's not "officially stated" by GIAC, the consensus is practice exam questions are pulled from a pool of possible questions, and if you purchase additional practice tests it's likely you will see repeats of questions from other practice exams. My background job was not a malware analyst, so I had a harder time than others how may perform this type of job day to day. I'm sad mine Cert expired, I was planning on using passing the CISSP to get the credits to renew it, but due to covid, testing dates were farther in the future than I was expected.  I did have a date lined up a few weeks before my cert expired, but bad luck interfered, a Snowstorm forced the testing center to cancel my exam and the soonest reschedule dates were into April, 3 months after my certification expired.     

I did see your response to this same question/situation earlier, dating back a few years, and I feel stoked to see that you've replied to me!

That sucks about the expiration, though much like, say the CISSP, I'm sure all they've done is add additional content, and not necessarily a complete overhaul of all knowledge. It took me a long, drawn-out time to get my CISSP, though by contrast, I did get my OSCP the first time I tested for it, albeit after purchasing an extension for course /  lab access. 

I figured that buying the practice tests and cert attempt would be wasted time if I don't feel at least adequately prepared to pass the exam, with the practice tests themselves serving as barometers for potential exam performance. Do you or anyone else know if GIAC has extended the test on-hand resource availability to include computers, or am I just talking crazy and all the sane people bring in bookmarked  course books? 

My daily work does not involve malware analysis either, though, I successfully pushed myself through a graduate class on specifically malware analysis (landing a high A), as well as having had the wonderful experience of being a Tier 2 SOC Analyst - Incident Responder, where I defeated malicious attachments and malware campaigns, hence my fascination and pursuit of this cert. Hopefully it'll lead to an expansion of career opportunities and perhaps the hunting of malware-related stuff
 

TechGromit

1maccabee said:

I figured that buying the practice tests and cert attempt would be wasted time if I don't feel at least adequately prepared to pass the exam, with the practice tests themselves serving as barometers for potential exam performance. Do you or anyone else know if GIAC has extended the test on-hand resource availability to include computers, or am I just talking crazy and all the sane people bring in bookmarked  course books? 
 

My First question here is when did you take the course? Did you pay for an exam attempt while you were taking the course? 

quogue66

I took GREM 4 years ago and I know it's changed a lot since I took it. I think some of the big changes are more 64-bit assembly and a more recent version of IDA. I've taken 3 GIAC exams in the past 5 months and you cannot use any digital materials. I don't think this will ever change. As far as the exam goes I used the same process for GREM as all the others. Read the books 3 times, do the labs 3 times, and build your index while doing so. There are a few things you mentioned that make it sound like you may have read someone else's books rather than attending the course. If that's the case I wouldn't attempt to take the exam unless those books are very recent. Course materials change often and the test aligns with the version of the course you take.

1maccabee

So, thank you very much for taking the time to reply to this thread, I know I'm new around here and greatly appreciate your insight.

Insofar as to the disassembler used: only Ghidra was ever used in the course, Lenny never touched IDA the whole time, which is a paradigm shift, I know. He does touch on 64bit assembly, though doesn't go deep into it. 

Thank you on the situational awareness into the test taking procedures and how on-hand sources can only be paper and not digital (computer). I still need to push through the books, as I relied on the  SANS On-Access videos the whole time. As previously mentioned, I'm not a reverse engineer, though I've had a graduate course in it (where we dissected WannaCry) and got a crash-course in it, though the FOR610 course goes significantly deeper. 

Way to go hard with those cert exams! I'm hoping you successfully passed all the tests you took?

1maccabee

TechGromit said:

1maccabee said:

I figured that buying the practice tests and cert attempt would be wasted time if I don't feel at least adequately prepared to pass the exam, with the practice tests themselves serving as barometers for potential exam performance. Do you or anyone else know if GIAC has extended the test on-hand resource availability to include computers, or am I just talking crazy and all the sane people bring in bookmarked  course books? 
 

My First question here is when did you take the course? Did you pay for an exam attempt while you were taking the course? 

I just took the course, from late October 21 through early February of this year, and no, I haven't taken plunge and paid for the 2 practice  tests and exam attempt... yet. 

TechGromit

1maccabee said:

TechGromit said:

1maccabee said:

I figured that buying the practice tests and cert attempt would be wasted time if I don't feel at least adequately prepared to pass the exam, with the practice tests themselves serving as barometers for potential exam performance. Do you or anyone else know if GIAC has extended the test on-hand resource availability to include computers, or am I just talking crazy and all the sane people bring in bookmarked  course books? 
 

My First question here is when did you take the course? Did you pay for an exam attempt while you were taking the course? 

I just took the course, from late October 21 through early February of this year, and no, I haven't taken plunge and paid for the 2 practice  tests and exam attempt... yet. 

Not having paid for the exam when you took the course has put you at a disadvantage already. The test you take may not be based on the material you learned. I wouldn't expect any major changes in the material for the next version of the exam, but the longer you wait to pay for the exam, the more outdated what you learned and your materials become. In my case, since the percentage of margin between pass and fail are so small, it probably would have resulted in a failure for me. My advise to anyone taking the GREM is to register for the exam when you take the course and study like hell. You want to be guaranteed that the test you take is exactly on what you learned and materials you possess.  If you feel you need more time to prepare for the exam, pay for an extension, it's money well spent if it means the difference between a pass or fail. i know it was money well spent in my case.    

Also in your case, since it took you almost 4 months to complete the course, I question your motivation to pass the exam. If shouldn't take you 4 months to complete an online course. I did mine course in person, in 6 days. While that may be too quick to digest the material, 4 months shows me that you certainly didn't take the course seriously. Maybe I'll work one of the modules next week after i do a bunch of other crap isn't focused training. After i completed the course I worked on my index for several hours every day, and when completed my index, felt i was ready for the exam and failed the first practice test, I studied even harder.  I was putting in at least 4 hours study time every day after work, plus weekends for the full test exam prep period and also paid for an extension, which I studied even more to prepare for the exam. unless you have some background in malware analysis as a hobby or at you employer, it's a very difficult exam to pass.