GSNA Experience

After passing my GSNA exam this morning, I thought I'd share my experience studying for and taking the exam.

Conducting some intial research of the SANS program, it seemed as though a lot of my co-workers had SANS plaques on their walls. Mostly GWAPS, and GPENS, and a few GCIAs here and there. I heard great things about the conferences they had attended, and the knowledge they had gained, so I figured I'd see what all the fuss was about and see what SANS had to offer.

Looking at the SANS web site, there were several training options available, including live, on demand, and the self-study options. I was somewhat surprised, that from a price perspective, the cost of the training itself was roughly the same for the live training, as it was for the on demand, and self study options.

Due to my own contraints of not wanting to take vacation time for training or pay for hotel accomodations out of pocket, I chose the self-study option. The cost of the self study material was $3,536 which includes 7 books and 2 CD's, along with streaming audio, and 2 practice tests. The exam attempt was an additional $549.

The books and accompanying CD arrived in roughly a week after ordering on-line. The books that arrived were little more than soft covered, bound, black and white printouts of the power point slides, with a roughly a half a page explanation of the slide being covered. In addition, there were several gramatical, typographical and even a few technical errors that I caught. That said, I was generally satisfied with the overall content- especially the non-technical, day 1 book, that really got into the meat of a working audit program.

The following 5 books were more technical in nature, and included perimeter, web, unix, and window auditing specifics which were very tool oriented. In fact, I can honestly say that the rest of the course content mirrored what you would find in your typical CEH class. However, to the course's credit, the Windows and Unix books did spend a lof of pages covering batch/bash scripting, which I found interesting. Also, worth noting is that the individual books were written by different people, so the content's voice and flow really wasn't consistent across books as it could have been.

The course content also included a lab book, which offered lots of "hands on" auditing opportunities on linux VMware images included on the CD. A point worth noting however, is that my lab book didn't match up with the CD's containing the virtual images, which made it a very frustrating experience, until I realized that I had received an out of date version of the CD.

SANS was prompt about replacing the old CD with a new CD, after I e-mailed them about the descrepancy. However, after receiving the new CD, I became painfully aware just how old my machine was because the latest version of VMware required to run the virtual machines on the new CD required a dual core processor. Unfortunately, with my P4 1.8 processor, I now lacked the required hardware. I e-mailed SANS again, and they sent me an older lab manual that was compatible with the older version of VMware that came with the first CD that did work with my older computer.

Also included was a streaming audio version of an actual live SANS course. Sadly, the audio quality was pretty poor, and it was kind of hard to understand the instructor, especially when he was addressing a question of another student. The questions were never repeated by the instructor, so you were kind of left guessing at what he was addressing. The contents of the audio feed, roughly matched that of the book. Overal, not much value-add.

Prior to taking the exam, you also have the opportunity to take 2 practice exams. For the first practice exam, I went through it without using any books. It took me roughly 1 hour and 45 minutes to go through the questions. I scored a 78, the first go around.

Taking the second practice exam, I was somewhat dismayed to find that it was esentially identical to the first test... same question bank apparently. Using the book, I scored an 89, so I figured I was ready for the exam.

The exam itself was open book. I had spent a week or so prior creating an index, with basically the topic, page number, and then associated tool and/or term. It proved helpful, although I found myself second guessing myself more than I should have, and going back to the book more often than I needed to verify.

The exam offers a timer, and progress indicator giving you a good idea of how many questions you've answered correctly. For whatever reason, both made me very anxious. So anxious, in fact that 30 minutes into the exam, I started feeling light headed. My feet, legs, and arms were tingling and I started sweating profusely. It felt like I was moving too slow, even though I was on pace to finish the exam on time.

After the first 35 minutes, my score was at 100%. I decided at that point, not to use the books unless I was clueless as to what the answer was. I finished the remainder to the exam in 60 minutes. I started feeling less anxious towards the end and finished with a strong passing score. I believe I could have done better, if I had taken more time, but at that point, I just wanted to finish. After the test concluded, I felt fine.

In retrospect, was the self-study material worth the cost? I wouldn't recommend it... If you're getting SANS training, I'd recommend going to the live event. The self study material felt more or less thrown together as an after thought.

Hope this helps someone out there. On to my CCNP recertification.

Find more posts tagged with

Comments

JDMurray

bryguy, that's one of the best certification reviews we've every had posted at TE! Great job!

If you Google GSNA Exeperience your post is the top link, and is currently in the 5th link for a sans giac gsna search. Sweet!

bryguy

JDMurray wrote: »

bryguy, that's one of the best certification reviews we've every had posted at TE! Great job! If you Google GSNA Exeperience your post is the top link, and is currently in the 5th link for a sans giac gsna search. Sweet!

Thanks, I appreciate it! Although I have to say, your GSEC write up takes the prize though insofar as organization and coherency are concerned. Congrats on your pass- you truly crushed it. Hopefully you'll have additional opportunities to attend subsequent SANS training events; it reads as though you had a fairly positive experience. I hope my experience didn't come off as too scathing, but I've seen far better self-study training material for a lot less money.

JDMurray

I literally started working on those articles since I attended SANS in May, but I couldn't finish the until I took the exam, get the certificate, and go through all the after-exam stuff. I hope that I get to do it again next year.

I've never done the SANS self-study route. The cost is pretty much the same for the vLive, OnDemand, SelfStudy, and SANS events. What you save is the travel, hotel, food, and misc expenses. Do you get the recorded lectures with SelfStudy? The SANS manuals I've seen are best supported by the lectures and not just use by themselves.

docrice

I wouldn't mind taking SANS AUD-507. If I ever get around to taking more courses from them, that'd be on my list as well as 558, 560, and 617.

I'd recommend emailing or calling SANS and leaving them your feedback regarding your experience with the materials. Poor audio quality certainly degrades the learning experience. Non-repeated questions are bad enough, although with the classes I've taken the instructors were generally good about being mindful about this.

w1r3d

bryguy - do you still have the topic index that you used for the exam, and do you mind sharing it? I am taking the GSNA exam in two weeks, and that would help out big time. It's cool if you don't want to share it, though. I was planning on creating one, but I thought I'd ask as that would save me a lot time. Thanks!

docrice

I'm of the opinion that indexes should be personalized to each exam candidate. Otherwise it sort of becomes a generic quick-reference that's passed around. Going through the process of creating an individualized index exposes your strengths and weaknesses as you review the material and helps you focus in on areas for additional emphasis.

wmcglass

Thanks for such a great and thorough review! I have to agree with you on a number of points. It's common to find grammatical errors in the SANS material because the material is updated so frequently. I'd guess the material is updated a couple of times a year, but I don't know for sure. I do wish that they repeated the student questions in the audio and OnDemand material.

Like others, I also experience anxiousness when taking the exams. On previous GIAC exams, I found myself at the end of the exam with 30-60 minutes to spare, and felt I could have done better had I paced myself appropriately.

One thing I do that I find helps is to calculate how much time I have to spend on each question (i.e. 72 seconds), then create my own 'checkpoints' at 25%, 50%, and 75% to indicate where I should be time-wise. For example, if I have three hours to complete an exam with 150 questions, that gives me 72 seconds per question. 38 questions is roughly 25% of the exam. So, it should take me approximately 46 minutes to get through 38 questions. On my notes that I take with me, I'll write down these 'checkpoints' like so:

38 Questions - 2 Hours, 14 Minutes
76 Questions - 1 Hour, 28 Minutes
114 Questions - 42 Minutes

I check my progress at each of these checkpoints to know whether I need to speed up or whether I can take a deep breath and slow down. I find that this helps me tremendously in terms of pacing myself.

bryguy

w1r3d wrote: »

bryguy - do you still have the topic index that you used for the exam, and do you mind sharing it? I am taking the GSNA exam in two weeks, and that would help out big time. It's cool if you don't want to share it, though. I was planning on creating one, but I thought I'd ask as that would save me a lot time. Thanks!

You could check:

Indices for Audit 507 Coursebooks

which the author includes in his blog, that has the indices broken down by book. Might be out of date however, depending on how recent your material is, which is also an issue you would likely encounter with my index as well. You'd probably be better served, as docrice mentioned, creating your own... Best of luck to you!

bryguy

wmcglass wrote: »

Thanks for such a great and thorough review! I have to agree with you on a number of points. It's common to find grammatical errors in the SANS material because the material is updated so frequently. I'd guess the material is updated a couple of times a year, but I don't know for sure. I do wish that they repeated the student questions in the audio and OnDemand material.

Like others, I also experience anxiousness when taking the exams. On previous GIAC exams, I found myself at the end of the exam with 30-60 minutes to spare, and felt I could have done better had I paced myself appropriately.

One thing I do that I find helps is to calculate how much time I have to spend on each question (i.e. 72 seconds), then create my own 'checkpoints' at 25%, 50%, and 75% to indicate where I should be time-wise. For example, if I have three hours to complete an exam with 150 questions, that gives me 72 seconds per question. 38 questions is roughly 25% of the exam. So, it should take me approximately 46 minutes to get through 38 questions. On my notes that I take with me, I'll write down these 'checkpoints' like so:

38 Questions - 2 Hours, 14 Minutes
76 Questions - 1 Hour, 28 Minutes
114 Questions - 42 Minutes

I check my progress at each of these checkpoints to know whether I need to speed up or whether I can take a deep breath and slow down. I find that this helps me tremendously in terms of pacing myself.

That's good advice... Not sure why this exam threw me for such a loop. It wasn't much different from the practice exams that I took. Kind of strange that I was so anxious this time around. Maybe I'll skip the Rockstar energy drink prior to taking my next exam...

tomepatterson2000

If anyone has books available, I would really appreciate it. I'm interested in this course but can't spare the 4k+.

Thanks.

LionelTeo

Hi Patterson,

GIAC books are non-transferable and non-resalable.

If you are really interested in self study for the certifications. Consider options like looking for books at amazon.

Some tips.

Look for books written by authors which are GSNA certified, or best if it came from the sans instructor
You can go a professional search here GIAC Forensics, Management, Information, IT Security Certifications

Use a other certification study book related to auditing. Example: Reading from a CISA book, or a CISA study guide.
Read the reviews from the users from Amazon.
Aim to cover about 1000 pages total up with books which can safely cover up to 1400 pages for GIAC books because they have lots of white spaces within each page
read about 3-4 books regarding auditing.
Go to Systems and Network Auditor Certification: GSNA and look for books that covers appropriate concept
Go to http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/Prepare-for-the-Exam/Documents/CISA-Exam-Candidate-Guide-English-2013.pdf and understand what topic that is cover by CISA is covered by GSNA
GIAC Exams are very hands on, aim to practice about 70% of the lab cover in those book
Get a feel of the topic by looking at white paper here: SANS IT Audit Whitepapers (You dont have to read them, but this helps you to assess better on the books you are required to buy)

Base my experience with GIAC exams, I have help you find the following books.
CISA Certified Information Systems Auditor Study Guide: David L. Cannon: 9780470610107: Amazon.com: Books (696 pages)
Network Security Auditing (Networking Technology: Security): Chris Jackson: 9781587053528: Amazon.com: Books (528 pages)
This Book is Written By Christopher Jackson, an ex GSNA certification holder

Source: Amazon.com: Chris Jackson: Books, Biography, Blog, Audiobooks, Kindle
Source: GIAC Forensics, Management, Information, IT Security Certifications

IT Auditing Using Controls to Protect Information Assets, 2nd Edition: Chris Davis, Mike Schiller, Kevin Wheeler: 9780071742382: Amazon.com: Books
This Book is closely related to the GSNA syllabus Systems and Network Auditor Certification: GSNA

From Book Description

Audit entity-level controls, data centers, and disaster recovery

Examine switches, routers, and firewalls

Evaluate Windows, UNIX, and Linux operating systems

Audit Web servers and applications

Analyze databases and storage solutions

Assess WLAN and mobile devices

Audit virtualized environments

Evaluate risks associated with cloud computing and outsourced operations

From GSNA Website

Auditing Firewalls and Intrusion Detection/Prevention System

Auditing Network Services and Critical Systems

Auditing Networking Devices

Auditing Unix Access and Permissions

Auditing Unix Services and System Information

Auditing Web Applications

Auditing Windows Access and Permissions

Auditing Windows Services and System Information

After finishing the books.

Index the Book you had read
Get CISA Practice TEST and do the practice test do it by treating it like a OPEN BOOK exam. (Because this is cheaper and sometimes free when comes with books)
Look for even more CISA practice test!
After you passed, buy a GIAC practice test Link Here: https://www.sans.org/registration/register.php?conferenceid=2532 and do it an treating it like a real GSNA Exam.
Read up on weak areas, do so by through more books and online resources.
Go for the real test.
Bonus: You can also go for CISA exam after you pass GSNA. This is an acceptable practice even you do not have the work experience as listed on their website. You can apply for certification later.

Think of it this way, whoever who wrote of GSNA coursebooks are probably CISA certified. So there is no harm using CISA to study for GSNA. And there is no harm to study for CISA since you are interested in Auditing. Good luck and I wish the best to you