First off, I attended a SANS training class in person which really helped. I actually took the class nearly a year before taking the exam. Even so, having the classroom experience really helped me in terms of exposure to the many tools the course covers.
My exam experience was similar to what Docrice talked about.
http://www.techexams.net/forums/security-certifications/65080-gcia-passed.html
I struggled quite a bit with Microsoft protocols. Oddly enough, I also struggled a bit with Wireshark filters even though this was the tool I had the most experience and familiarity with coming into the course. One thing I would add is that it is very important to spend some time studying all the various tools covered in the course. Not just the main ones, but those covered in the analyst toolkit as well. By luck of the draw, I had to answer to some pretty detailed questions in that section.
My advice to people studying is nothing really new:
- Index your reference material.
- Take your practice exams and review the results.
- After your first practice exam revisit your indexing scheme.
- Also take some time to assess if you need any additional reference material or if you have some that is unnecessary.
- Go into the exam well rested. The actual exam only took me just over 2 hours but my practice exams took much longer. I was suffering from some fatigue at the end of my practice exams.
The indexing scheme that worked for me was to directly mark some pages in my reference material and to carry a sort of table of contents that covered all of my various materials and notes. I ended up using my table of contents a bit more than the direct marking because it was easier to navigate but both were helpful. I advise against marking too many pages. It can make navigating your various marks difficult.
I am considering trying to get the Gold level certification but am not sure what kind of topic I would like to cover.
Anyway, there was a lot of helpful advice in this forum so thanks to everyone!
