Failed GSEC last month

5ekurity

My suggestion would be to write down the different concepts being covered in the exam, and write out / explain the meaning of each one in your own words. Then you can cross reference the study materials you have, and it might help you to pinpoint your weak areas. Better yet, a study group would be great for you, if you have some people around you studying for or interested in the same thing.

InfoSecTechie

I am scheduled to take my exam on Tuesday and basically went through the books and made note of where key words were throughout. So, my index contains the word, page number and book. When I went through the practice test the first time I spent a lot of time flipping pages and second guessing myself. On the second practice test, it was a lot more smoother with my index. Best wishes.

cyberguypr

You didn't put a 'description' column in your index?

InfoSecTechie

No descriptions. A decent amount of the material I feel comfortable with and feel like I am good with the page numbers to reference just in case. Tuesday will confirm or deny my theory.

cyberguypr

Interesting approach. I just took my second practice test for GCIH and having that description column definitely saves me from flipping through the books. Best of luck on your test.

YYZ

I know exactly how you feel, as I am in the same boat! Trying my third attempt and really, really stressed as I need to get this under my belt.

docrice

If you've failed twice already, it sounds like you're rushing to cram the information in your head without really being grounded well in the course material. Foundational topics sometimes take a while to sink in, and the exam may push you to have a second-nature sense about them. What are your weak areas as indicated by your previous exam reports and what were your scores?

If you're too reliant on an index, you're not ready.

ohioguy1

One of my main weaknesses is reading packets and converting ip address header into bytes. Is converting the IP address header into bytes even really necessary in the real IT security world? It doesn't seem that way but it seems required for this exam.

ohioguy1

By the way, thanks again for all your input.

docrice

It's generally not typical to be converting decimal to hex or binary for IPs, but it's important to be able to visualize what's taking place when a network-enabled system is looking at a stream of bits on the wire. As you start getting in-depth in the security aspect of the business, it becomes important to see things as the equipment does and beyond, otherwise you end up blindly trusting the tools as vendors would like you to.

This is dangerous from an infosec perspective because it means you're lacking insight into the potential limitations a solution may have when evaluating events. There are a lot of shiny boxes on the market which impresses the naive (which makes up a lot of people in IT), but those who see past the glossy marketing slick and able to critically assess its application in a use-case scenario add the most value. There's a ton of over-promised, under-delivered solutions out there and far too often I see professionals who assume the solutions' capabilities can perform as advertised. Hardware and software solutions are human inventions with human-sourced design flaws and software bugs.

Firewalls and intrusion detection systems are a direct example of this. There's a lot of "NextGen" hype which work up to a point, but unless you think in-depth you're probably not going to realize that the appliance is making assumptions. If you don't have a low-level understanding of things, you may end up taking the output at face value without realizing there's much more going on than meets the eye. I've met too many firewall admins who know how to configure devices per best practices, but lack an understanding of the attacks they're mitigating against. These types tend to look at IPS events as beeps on a dashboard and not as indicators of specific attacks with payloads, triggers, and exploits against client/server/app defects which are all represented by a stream of zeroes and ones on the wire which could potentially be interpreted differently depending on the target and alarmed (or not) depending on how the triggering structure is composed.

So being able to have a "binary sense" about IPs is a good skill to have, even though you might not use it day to day. It allows you to start seeing the network from the perspective of protocols, potential differences in their implementation between vendors, how hosts and devices parse them, and on and on. The mass of inter-weaved products and services we leverage creates an ever-evolving system of complexity which you have to manage and unless you can think in-depth, you won't realize the software bugs and incompatibilities which may exist while you troubleshoot issues.

klevdav

I took the practice test for the frist time saturday night, it was late around 10pm. Im not makeing any exscuses. i made a 58% on the frist practice test. i did have an idex,a nd though it was 5hours, you dont want to spend too much time on any given quetion becaue its 180. You have to actually know them material. Indexing helps me some, but allot of times i found myself not knowing where the material was in which book but by the time i found it, more than 5mins passed, this went against me as i did not answer 21 of the 180 questions. So my stratagey this week is to book up on the stuff missed. And have a better index, then take the second practice test this coming staturday. I kinna expected this a little, but atleast now i know what i need to work on to atleast shoot for the 75% mark.