Passed GLEG today...
This was my first SANS test so it was kind of a weird experience. I am used to exams where they test comprehension and knowledge. This exam was more what does the book exactly say. I was kind of shocked. Not used to that. I am used to thinking it through and applying knowledge.
Regardless I passed with a 82%. I was above 90% at a couple of the checkpoints but then the questions got crazy and very specific about what I would consider worthless facts. What page of this random book in the footnotes was this issue discussed? WTH? Who indexes that? Me next time I guess. I lost nerd cred but realistically I was happy to make it out of there alive.
It was a good experiance and now I know what to expect. IMHO the GLEG certification exam does not indicate knowledge of the subject just the memorization of weird facts without practical application. It is not a technical exam. But it was treated as such.
I think my GCFA experience will be much better. It will be a technical exam and the certification exam will probably be technical. That is understandable.
Kudos to all you guys who get above 90% on these things.
Now I have a question. I recieved my email stating that I passed. I am listed in the registry on SANS as passing but in my attempts page the exam is listed 2x (duplicate) with the same passing score? I am unable to "click the red box" to verify my info. Has this happened to anyone?
I have already emailed support. But I wondered if this was normal or not.
Thanks!
Anthony
Regardless I passed with a 82%. I was above 90% at a couple of the checkpoints but then the questions got crazy and very specific about what I would consider worthless facts. What page of this random book in the footnotes was this issue discussed? WTH? Who indexes that? Me next time I guess. I lost nerd cred but realistically I was happy to make it out of there alive.
It was a good experiance and now I know what to expect. IMHO the GLEG certification exam does not indicate knowledge of the subject just the memorization of weird facts without practical application. It is not a technical exam. But it was treated as such.
I think my GCFA experience will be much better. It will be a technical exam and the certification exam will probably be technical. That is understandable.
Kudos to all you guys who get above 90% on these things.
Now I have a question. I recieved my email stating that I passed. I am listed in the registry on SANS as passing but in my attempts page the exam is listed 2x (duplicate) with the same passing score? I am unable to "click the red box" to verify my info. Has this happened to anyone?
I have already emailed support. But I wondered if this was normal or not.
Thanks!
Anthony
Comments
-
paul78 Member Posts: 3,016 ■■■■■■■■■■Congrats Anthony on your pass.
I found your comments about the exam interesting. I felt similarly about the GWAPT when I took it recently. It felt like the exam was geared towards ensuring that the candidate would pass but offering some nitpicky questions of dubious value. I fared well in the exam (97% or 98%, can't recall) but it didn't seem earned to me.
The GWAPT is my only experience with a GIAC certification so I had discounted my own own perception of GIAC exams. But your post does make my reexamine whether if GIAC certifications are a true measure of someone's knowledge and skill. -
AnthonyF Member Posts: 109Paul,
First off great score! Trust me it was earned.
I am glad someone else saw the same thing. I did not feel my knowledge of the subject was tested. In contrast to the CISSP where I felt like I left everything I knew on the floor of the exam room. This one I left feeling confused.
I had plans to attend four or five events in the next 12 to 18 months as well as test for certification. Now I am unsure of the value in that. I think I may skip the test on a few of them. The event is the true value anyway. I am already locked in for San Diego next month and on the subsequent test I hope the exam experience improves.
At the end of the day I understand it was my fault. GIAC can test what they want and how they want. I am frustrated because I studied my a$$ off, made an in-depth index, understand the material and it was not represented in my score or tested during the exam. But GIAC gives tests their way, so does Microsoft. I should have made a better index because 4 or 5 cheap questions on a 75 question test will kill your grade quickly. The whole purpose was not to try and flame GIAC just give
an honest view of how I felt after the test.
The greater issue regarding the true value of GIAC certs. I guess that will be answered in time. There are quite a few people in the forum whole hold numerous GIAC certs and I would be interested to hear their opinions.
I wish you all a good day... -
docrice Member Posts: 1,706 ■■■■■■■■■■I've always been curious what the GLEG exam would be like as it doesn't seem "technically-oriented" ... although I guess legal subject matters always have their own version of technicality.
The GWAPT was my most recent GIAC exam as well and I found it fair, although web apps aren't really what I deal with at work (so it was actually a tough thing for me to get through). I somehow passed the exam, and with 90%. Perhaps it just indicates I'm good at navigating through multiple-choice exams (I've generally finished in half the allotted exam time).
Overall my experiences with GIAC exams have been good, although I always feel as if I'm cheating or gaming the system somehow by bringing in materials for reference, but I think GIAC's approach is to ensure you understand the concepts and can distinguish certain things in specific scenarios. In real life, no one knows all the answers and a considerable amount of effort is also put into looking things up. I understand that approach.
I think these exams would be more credible with sims, and there was some discussion a while back on the SANS Advisory Board about this subject. Multiple-choice exams have their place though, it seems. For me, the real value tends to be the reinforcement I get from the first day of class through the final exam. The GWAPT is the one exception for me, however. Either that or SANS 542 is really more of a basic introduction to web app pentests. In any case, I always feel like I can go back to work and apply what I've learned and be better at my job.
I've been through quite a bit of training over the past few years (both vendor-neutral and vendor-specific) and I always feel like I get strong value from SANS, which is why I keep going back. They're certainly not the end-all of infosec training though. I think Offensive Security's offerings are superior in their own ways. But SANS has good instructors, lots of knowledge packed into their six-day courses, the largest variety of courses and coverage, and I feel the exam does a good job solidifying much of the material. It's not about learning all the small details, but being able to put things together when the clock's ticking. The newer exam format (half the number of questions but requires more thought and packaging of what you learned) isn't as easy as just looking up the answer in the book. I found that refreshing. The GWAPT was like that for me, but I think most other GIAC exams have yet to transition to that format.
I'd assume LEG-523 and GLEG isn't the most popular SANS offering so there's probably much fewer people helping write the exam questions (there are only 164 certified GLEGs as of this writing, which is tiny compared to the pool of GCIH holders which number past 7200 right now), hence why a lot of the questions probably came straight from the books verbatim. I never did like questions like those as it becomes more of an exercise in matching up text-to-text as quickly as you can turn pages. GIAC's slowly moving away from that.
Anyway, a pass is a pass. A congratulations is in order.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
AnthonyF Member Posts: 109Thank you sir.
I do not wish to beat this horse anymore. But I agree with everything you have said. In the end I hope I provided an honest look at not only the exam format but the class itself. That was the whole point of this anyway.
Bottom line: Class is amazing. The test needs work. But still a worthwhile goal. -
paul78 Member Posts: 3,016 ■■■■■■■■■■Anthony - thanks for sharing your experience. I've been debating the merits of taking the GLEG class for quite some time. It's complements my current role and I do have more than a passing interest in legal issues. And it's the only course that I've found that appears to contain the topics that are most relevant to me. The next closest is the IAPP's material on privacy and their corresponding CIPP cert.
I do think that you summed it up best - it's really about the class and what you gain from it and not the exam. I guess I will need to get over that part.
My only consternation about signing up is the cost. And I'm not really willing to spend a week at an onsite course.
Thanks for sharing your experiences. -
NIKKI7 Registered Users Posts: 1 ■□□□□□□□□□Hi
I am looking to sit the GLEG exam but since I cant find any pass papers, was wondering if anyone who has passed it has any exam tips or tips on what to expect/cover?
Any help would be great.
Thank You -
docrice Member Posts: 1,706 ■■■■■■■■■■The areas which this exam covers are listed here: GIAC GLEG Certification | Law of Data Security
The course syllabus which the exam should represent: https://www.sans.org/course/law-data-security-investigationsHopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
JDMurray Admin Posts: 13,091 AdminPeople, check the date on the original post. The OP hasn't been on TE in over a year, but maybe this activity will bring him back.
-
the_Grinch Member Posts: 4,165 ■■■■■■■■■■LOL I didn't even look at the posted date! Had a nice answer in regards to the topic, but probably moot at this point.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff