Challenging the GCIH

martin_887

Hello all,

I am going to be challenging the GCIH hopefully on Monday. I don't have the spare $ laying around for the 504 course.

I picked up two books: Counter Hack: Reloaded Version 2 and Hacker Techniques, Tools, and Incident Handling.

I also heard that I will be given two practice exams for challenging the exam.

Since I already hold the Security+ certification, conduct vulnerability assessment using security scanners, and have McAfee's ePolicy Orchestrator experience, this should be fairly easy..

JDMurray

The GIAC certification exams are designed to test on the material that is presented in the corresponding SANS course. Make sure you find out everything you can about the SANS 504 material for creating your study plan. Obviously, information directly from people who have taken SANS 504 would be very valuable to you.

Good luck and let us know how your GCIH self-study is progressing.

martin_887

JDMurray wrote: »

The GIAC certification exams are designed to test on the material that is presented in the corresponding SANS course. Make sure you find out everything you can about the SANS 504 material for creating your study plan. Obviously, information directly from people who have taken SANS 504 would be very valuable to you.

Good luck and let us know how your GCIH self-study is progressing.

I've overlooked the actual class bulletin and looks like I have all the material that relates to it except for the main incident handling process which now worries me. Now my book (Certification Exam Preperation Course in a Book) outlines everything to study and gives me the main points, but not the cream of the crop.

JDMurray

You might try searching this forum for "GCIH" and "SANS 504" to locate posts from members that have reviewed the class or the cert exam. We don't allow posting specifics that would violate the provider's NDA, but you still might pick up some details that you weren't aware of.

dover

Haven't had the chance to take the course either.

A co-worker of mine did mention quite a bit of the actual incident handling processes resembled the NIST resources

[h=3]NIST SP 800-61, Computer Security Incident Handling Guide[/h]That link is the updated version from August 2012.

JD's on target, there have been a couple of really good reviews of the GCIH here.

martin_887

Thanks for the document and the tip! I'll let you guys know how I do on Tuesday the 19th.

azmatt

Good luck! I've never read the counter hack book but that's probably not a bad one to take in with you.

martin_887

Counter Hack Reloaded is highly recommended if you cannot afford the course materials.

It covers all of the exam objectives in great detail except for Format String Attacks and Virtual Machine Attacks. It lacks Incident Handling...

martin_887

So I zoomed through a practice test just now and got a 52% without looking up any questions/terms etc. There was a lot of questions I missed due to they were "what command does this" and such. I'm pretty sure if I would have looked the ones up I didn't know I would have easily gotten a 85+. My exam is Tuesday and I'm a little stressed as there's a lot on the line and I wish I had more time before I take this exam, but that's life.

gcih

I'm going to challenging the GCIH exam without taking SEC504 courses. As far as i know, GIAC exam is open book so COULD I take some book like Counter Hack: Reloaded Version 2 Ou Some manuscript notes (virus, worms' lists, steganography's tool) with me during the exam?
Thank you
Ken

JDMurray

You can take any paper you want into a GIAC exam. Along with all of the SANS 401 books and my personal notes, I also took Dr. Cole's Network Security Bible into my GSEC exam (and yes, it helped on verifying several of my answers). I do not see any prohibition on taking paper into a GIAC challenge exam, but I would email giac.org and ask to be sure.

docrice

Any paper-based material should be good. What you can't do as take a large wheelbarrow's worth into the exam room. As I just scheduled another GIAC exam, here's what the confirmation email says:

GIAC exams are open book format. You may bring an armful of hardcopy books and notes into the testing room, leaving all other personal belongings such as wallets, purses, hats (and other head coverings), bags and coats outside of the testing room. An erasable noteboard and pen will be provided for you. Workstation space is limited, so please plan accordingly.

GIAC exams are not open internet or open computer. Electronic devices including but not limited to extra computers, CD-ROM, USB flash drives, cell/smart phones, watches and cameras are strictly prohibited from being accessed during the exam. Personal writing implements are also not allowed. You will not be able to access anything stored electronically on any computer during the exam such as PDF or Word documents. You will be provided with an onscreen calculator, should you need one during the exam. A computer will be provided for you at the testing center.