GCIH - Am I ready?

I took the OnDemand SANS 504 and read the books a couple times (indexing along the way). This morning I took the first of my 2 practice tests and got an 84% on it.

How close are these 150 question practice tests to the actual GCIH test? I guess the practice test is also from GIAC so I assume they are very similar. Do they pull questions from the actual test bank or are these generic questions that just make you feel good?

I am going to reread a few sections and take the second practice test, then take the actual test on Thursday.

Any advice or input would be greatly appreciated.

Find more posts tagged with

Comments

YuckTheFankees

I haven't took the exam but I have read many threads about it. The main issue I have heard is that the actual exam is harder than the practice test, but as long as you understand the material and bookmark a good amount...hopefully you'll pass.

docrice

For me the actual exams "felt" harder because I knew it was the real deal. That mental pressure hung over my head. However, I always seem to do a little better than I did on the practice runs and in my experience the practice exams feel very similar to the real ones regarding the kind of questions asked.

I understand GIAC is changing from the 150 question / 4-hour format to a 75-question / 90-minute format. I'm not sure if the GCIH exam itself is affected by this yet. In the new format, the questions will also require more cognitive work rather than simple fact memorization, so it's a bit tougher.

However, if you know the material well enough you should do fine. Be prepared enough that most of your book references will really be just to confirm your marked answers. If you spend too much time looking up and figuring out the answers during the exam, you might not finish. I think this is a good thing as I always felt GIAC exams were too generous with the amount of time provided, and I'm not that smart a student. With the 4-hour format, I always seemed to finish in roughly half the time.

the4tress

Thanks for the replies.

docrice, I think if I just reread the stuff that I didn't do well on I will be fine. After I took the practice test it gave me the results of the different sections. Most of them I did well on (4 or 5 stars), but there were a few (Preparation, Containment, and rootkits) that I only got 3 stars on and one (IP Address Spoofing) that I got 2 stars on. After I review those sections I will take the second practice test and see how I do.

If I get a 90% or better then I will take the test on Thursday. Otherwise I will wait 1 more week and take it the following Thursday.

I'm just really nervous that the practice tests won't be similar to the real test.

Also, the practice test told me every time I missed a question and updated my progress in a window on the right (ever 15 questions it would give me my percentage). Does the real test do this as well?

YuckTheFankees

The test updates your grade % after each question.

idr0p

YuckTheFankees wrote: »

The test updates your grade % after each question.

not any more it now updates your grade % after every 15 questions. Also the GCIH is one of the easier SANs exams it also is a really good baseline.

ipchain

the4tress wrote: »

I took the OnDemand SANS 504 and read the books a couple times (indexing along the way). This morning I took the first of my 2 practice tests and got an 84% on it.

Assuming you didn't reference any printed material when you took the practice exam, I would dare to say you are in good shape.

Go over your weakest areas and make sure you fully understand the concepts. Best of Luck!

suparn777

Hey i know we can use normal calculator present in PC in these GIAC exams. However can we convert that normal to scientific calculator like in our XP desktops??

Since it would be really helpful if we could convert Hex to Decimal etc using built in scientific calculator.

idr0p

only allowed the "basic" calc on the exam page. and pen and paper.

the4tress

Ok, so this is just an update to my earlier posts. I ended up taking the second GIAC practice test and got a 90%. At this point I felt confident enough to go ahead and coordinate with my proctor to take the test on Thursday (yesterday). I spent the next 3 days going through my books and underlining every word in the index that I made when I was reading the books.

On Thursday I took the test and passed with a 81%. I probably would have done better but once I knew I passed I didn't look up any more questions. I was so burned out by the end of the test that I didn't even care. If I knew it, great, otherwise I just went with my best educated guess. The test does update your percentage every 15 questions, but does not tell you when you miss a question (the practice tests do). In the end I had an hour and ten minutes remaining, so don't stress about time... you have PLENTY.

The actual test was, in my opinion, significantly harder. On the practice tests I had to look up about 30% of the questions. On the actual test I had to look up at least 50%, maybe more. Now, I did look up many questions that I probably didn't need to, but if I wasn't 100% positive about the answer I looked it up anyway. I figure with all that time I might as well. I feel the practice tests were a good preparation for the actual test, but if you only get a 75% or something, keep studying. Like I said, I got an 84% on the first test, a 90% on the second test, and a 81% on the actual test.

The actual test questions were more scenario based. On the practice test they were more like, "What does this tool do?", or, "What would you use to accomplish this." The actual test was more about the procedures and processes of accomplishing something. Also several, "What is happening in this log?" type questions.

Anyway, my suggestion to anybody wanting to take this test is to read the books and make an index as you go along. Then read the books again. Take some practice tests and review the stuff you didn't do so well on.

Also, a buddy of mine got the ********* for the GCIH. Don't bother with it. The questions were nothing like the actual test and you will just waste your money. Learn the material and go in confident.

If anybody has any questions just post in here and I will do my best to provide you with an answer.

SephStorm

Congrats and dont forget to add it to your cert list!

docrice

My GCIH exam experience was somewhat similar. I did a lot of answer-checking "just in case" and it paid off a few times. I was trying to stay in the 90+ percent range and kept eyeing that correct / incorrect counter like a hawk, and every time I answered incorrectly I felt one byte of pride walk out the door. I think I did more answer-checking for the GCIH exam than others I've taken.

GIAC exam questions are supposed to start using more cognitive questions where you can't just simply reference a one-liner book answer. It requires that you grasp the underlying material well enough to put the pieces together and see the bigger picture. This is a welcome change, in my opinion, as my past GIAC exams always had brain-dead questions which made me start questioning the integrity of it all. A few of these questions reminded me of some in the OnDemand section assessments where there's no way you could miss it if you've been paying even a bit of attention (for example, let's say there's a course section about Nmap, and the question might be: "What tool can be used to detect an open port - 1) ping, 2) ls, 3) Nmap, 4) Loki"; well, duh).

That said, this means I might perform significantly worse on future GIAC exams. I may even fail. This is a good thing. Your 81 percent might mean with the past exam format you may have scored in the 90s.

the4tress

dorice -

I agree, most of the quizzes at the end of the OnDemand sections were ridiculous, though some were well written. I don't know if they have already implemented those changes you refer to, but the actual test was different enough from the practice tests to make me stressed out. I got a 60% on the first 15 questions and I really started to worry. After leaning back and thinking to myself, "Well, no turning back now..." I just focused and knocked it out. Although, I must admit that I did quickly think, "How can I cause a technical malfunction to get me out of this? What if I just pull the plug on the PC?" LOL. That thought quickly left and everything worked out for the best.

I think next I will work on the EC|Council Security Analyst so I can get the LPT (just because I want to put that on a business card and tell women that I am a Licensed Penetration Tester

). Maybe later this year I will take the SANS CISSP course and get that out of the way.

Right now I need to focus on getting into an InfoSec job so I can start getting some real world experience instead of book smarts.

dover

Docrice,

"Every time I answered incorrectly I felt one byte of pride walk out the door." That sums up my GIAC experiences. When I took the GCIA and GISP exams my heart sank every time that little Incorrect: ticker increased by one. I became obsessed with that stupid counter; I think updating after 15 questions is a much better method.

I think you're right about changing the type of questions on GIAC exams too. I would have loved to see some real packet analysis on the GCIA exam - something more thoughtful than just identifying the content of a certain byte offset. Making the certification more meaningful by making it more applicable to real world requirements would do us all good.

SecNewbie

Just took my GCIH and passed. Took 28 days self study reading the 2006 books, and I also watched all 21 videos for CEH(CBTNugs) taking notes as I went along. Practice test was easy as pie compared to the actual test. I got the 2010 books three days before my exam so I didnt bother making another index or reading those. Just stuck with 2006 version and still passed. There was definitely some stuff from that test that was not in the 2006 books but I still got through it. Just glad its over

. On to a IA position hopefully here in the next week or so. Bout time to get out of the HD.

-Ram

lamapuppy

Where did you get the 2006 books? I'm taking a class in May for GCIH and taking CEH classes on the weekends after that. I'd love to get a head start though.

security4you

I took the exam once this past spring and failed even though I did well on the practice tests. Now I am trying to go back and do a better job indexing my books. Can anyone shed some light on the best method to use to index the books?

Instead of going with what I knew to be right, I got too caught up with the timer on the clock and rushed through some on the actual exam which caused me to fail.

Thanks for any tips.

cyberguypr

Memory fails me but someone here prepared this: How to Guide for making a SANS / GIAC Index with Pictures | Digital Forensics Tips

samurai86

First congrats on the pass! Second, my recommendation to anyone else looking to take the exam. I took it in May 2013. I created 3 indexes for this exam. I had an index of general concept/ideas by chapter, I made a tool index, and I made an attack index. I very much recommend the latter two.

bkhayes

cyberguypr wrote: »

Memory fails me but someone here prepared this: How to Guide for making a SANS / GIAC Index with Pictures | Digital Forensics Tips

May i ask what books did you guys use to prepare for this exam? you made an index study reference? what books did you guys use to help you?

prajit00

the4tress wrote: »

Ok, so this is just an update to my earlier posts. I ended up taking the second GIAC practice test and got a 90%. At this point I felt confident enough to go ahead and coordinate with my proctor to take the test on Thursday (yesterday). I spent the next 3 days going through my books and underlining every word in the index that I made when I was reading the books.

On Thursday I took the test and passed with a 81%. I probably would have done better but once I knew I passed I didn't look up any more questions. I was so burned out by the end of the test that I didn't even care. If I knew it, great, otherwise I just went with my best educated guess. The test does update your percentage every 15 questions, but does not tell you when you miss a question (the practice tests do). In the end I had an hour and ten minutes remaining, so don't stress about time... you have PLENTY.

The actual test was, in my opinion, significantly harder. On the practice tests I had to look up about 30% of the questions. On the actual test I had to look up at least 50%, maybe more. Now, I did look up many questions that I probably didn't need to, but if I wasn't 100% positive about the answer I looked it up anyway. I figure with all that time I might as well. I feel the practice tests were a good preparation for the actual test, but if you only get a 75% or something, keep studying. Like I said, I got an 84% on the first test, a 90% on the second test, and a 81% on the actual test.

The actual test questions were more scenario based. On the practice test they were more like, "What does this tool do?", or, "What would you use to accomplish this." The actual test was more about the procedures and processes of accomplishing something. Also several, "What is happening in this log?" type questions.

Anyway, my suggestion to anybody wanting to take this test is to read the books and make an index as you go along. Then read the books again. Take some practice tests and review the stuff you didn't do so well on.

Also, a buddy of mine got the ********* for the GCIH. Don't bother with it. The questions were nothing like the actual test and you will just waste your money. Learn the material and go in confident.

If anybody has any questions just post in here and I will do my best to provide you with an answer.

Hi,

Can you guide us which all study material you had used to prepare for GCIH.

vagfan27

Apart from the material used, can someone also advise on how many days/months are needed to get prepared enough in order to pass the exam? I hold a masters on Security and I'm a Security Analyst since Jan 2014, so I've already some knowledge/experience on incident handling.

keane234

Congrats!

yoba222

Arg 2012. Congrats though.

lostsol

docrice wrote: »

My GCIH exam experience was somewhat similar. I did a lot of answer-checking "just in case" and it paid off a few times. I was trying to stay in the 90+ percent range and kept eyeing that correct / incorrect counter like a hawk, and every time I answered incorrectly I felt one byte of pride walk out the door. I think I did more answer-checking for the GCIH exam than others I've taken.

Man can I empathize with this! I would be cruising, then time would be running out, I'd rush, and my score kept dropping!