Passed the GIAC G2700 Exam Today
Went in this morning, took it and am finally glad I am finished. This means I can finally graduate from the MSISA program! Cause im feelin good today, I thought I would include somewhat of a blank index template. By no means is the format something to be restricted to but rather an idea of how to build your notes. I used the material that WGU provided and watched some of the CISSP learnkey vids. I also got alot of information from the free toolkit offered on iso27001security.com
[DEAD LINKS DELETED]
Hope this helps!
[DEAD LINKS DELETED]
Hope this helps!
Comments
-
Hypntick Member Posts: 1,451 ■■■■■■□□□□Congrats on the pass! And congrats on the graduation!
Appreciate the shares of the information as well. Did you use any particular books? I picked up the IT Governance book as well as a couple of the CISSP books in order to study for this thing, hope that's enough. Anything else you might suggest that helped you? Once again congrats!WGU BS:IT Completed June 30th 2012.
WGU MS:ISA Completed October 30th 2013. -
Agent47 Member Posts: 103Hi Everyone, thanks for your congrats and your welcome on the docs. It was hard for me at first to grasp how to start on this so I wanted to help others. It has definitely been a journey
Here are the resources that I used for the most part:
The Soomo learning environment through wgu which goes through each domain and tells you what chapters in the books to find the topics in or which videos to view from learnkey.
IT Governance: An international guide to data security and IS027001/ISO 27002 (5thEd.) - ISBN:978-0749464851
How to achieve 27001 certification: An example of applied compliance management - ISBN: 978-0849336485
Official ISC2 Guide to the CISSP CBK - ISBN:978-0849317071
The CISSP Learnkey Videos (to a lesser extent but I looked here and found extra info If I didn't find enough in the books)
CISSP Operations Security
CISSP Cryptography Session
CISSP Physical (Environmental) Security
(There were other videos but I did not go through them all)
I also had the official 27001, 02 and 05 standards printed out. WGU offers this if you are enrolled.
If anyone needing to take the exam isn't doing this through school, the free ISO toolkit will work just as well. That is what I started out with originally (doing research before I was enrolled in the class).
You do not have to have every single document in this toolkit in your notes. Pick and choose based on the topic areas. So for example, you will need to know what an SOA is. You can find this in the toolkit and include if you like in your appendix.
If you can get the books mentioned above as e-books it will be alot better mainly because you can "find" specific terms or information and copy them into your index. When I wanted to find a specific term when reading on books 24/7 I put "quotes" around them to make finding what I needed quick.
For anyone who might be interested I will share what worked for me below.
This is my first GIAC cert. When I first started, I was looking for information on how to study for this and mainly how others approached building exam ready notes. Good info was pretty scarce. I mean that as in even searching for GIAC G2700 study guide or study tips brought up BD websites and I hated it.
This is my personal experience, do what is right for you.
1. I went to the GIAC site to view a list of the exam objectives and the topics. Ensure your notes have it because YOU WILL be tested on it in the practice and/or real exam.
2. I built the index/notes based on that list going domain by domain. (The the attached document above is an example)
3. Develop your notes but don't make it too terribly dense. I used 1.5 spacing for better readability and calibri font.
4. Build your index (i.e. get information from the books copy, paste or type it in) and study from that. Bringing a stack of books to the exam, meh not my thing. I wanted 1 binder with everything in one place.
5. Wikipedia is your friend. Google too. I found some items hard to find in the resources available.
6. The controls attachment is VERY important so include and read that. I highlighted the objectives to make finding items easier.
7. Make it a goal that your actual index will be under 90-100 pages or less. Because I am a newb starting out, I needed more info than was probably necessary but preparation was the thing for me. The appendix doesn't really count throw what you want in there as they are supporting documents (glossary, standards, etc)
Look, the standards are a ton of pages. Probably almost 240pgs alltogether (01, 02,05). I did not read through it all, but I did read the 27001. It was 30 something pages and I needed to understand this management standard.
Just know how to navigate to find the information that you need.
This is what my index looked like after I was done.
I did have a TOC but the stickies will help in remembering where things are alot better because you have to sit and write it all out yay!
All I wrote on the stickies were the titles or topics of the main sections like PDCA or InfoSec MGR Roles.
The Exam Process:
If you take the practice exam (you can either purchase from GIAC or it is supplied through wgu if your taking the class) yes it is true that the format of it is similar to the real exam. I personally thought the practice exam was more specific and the real one was like a little more broad in asking the question? Or rather you really need to look at the elements in the question and not think of the question directly (as in read through it once and assume an answer?).
Anyways,
I had 2 practice exams. The first one, was really a test run to get a feel for what I needed to expect. I did not do well on this as a result of alot of second guessing for whatever stupid reason. However it provided a great opportunity to improve my index and look up topics I had trouble with.
The second practice test however, I blew it out of the water and took it 1 week prior to my exam date. You can do this when you feel comfortable.
The actual exam. Whew ok.
All I can say is this. You have checkpoints after answering a certain amount of questions, which after that will tell you your current percentage (whether or not you are passing). You need 70.7% from 75 questions.
Do not panic if early on your percentage is below that. You still have many questions to go. Take advantage of your break (you have 15 min). I took the break around the 40th question and it really helped.
You print your results from the SANS website on your own, request your plaque and there you go.
Aaaaaaand thats all I got. Take it easy! -
Hypntick Member Posts: 1,451 ■■■■■■□□□□Awesome breakdown of everything, just one other question if I may. How long from start to finish would you say it took to fully study, compile the index, and then sit the test? I am working with a timeframe of around 3.5 months and feel that it's probably overkill, but want to be certain.WGU BS:IT Completed June 30th 2012.
WGU MS:ISA Completed October 30th 2013. -
emerald_octane Member Posts: 613<<sigh>> still not happy they got rid of this cert for new recruits.
-
Agent47 Member Posts: 103Sure! Please feel free to ask any questions you have! In regards to your question Hypntick it took me around 2 months to gather everything up and study. One thing to remember is, everyone has their own study style. It might take you alot less than 3.5 months. Once you get into the material, you will know how long it takes you to complete information for each section. I had created some study guides a while back for my Security + exam which helped to speed up the process of adding the content I needed. Also, don't burn yourself out with this. There were days where it was getting close and I did absolutely nothing for the whole day (its how I deal ).
Emerald_Octane yeah, there were quite a few certs they dropped it's unfortunate. They should drop the EC Council entirely, leave GIAC and add the CCNA and/or Microsoft certs because I think they hold more weight. Maybe its just the amount of time it takes to gain these certs? To be honest, this GIAC class was kinda nerve wracking in the beginning because I couldn't find anything on it like a step by step guide to putting notes together or the examples im sharing. I wasn't looking for an easy way out but rather something that would adequately prepare me for finding information quick. Alot of students may have voiced concern that maybe they don't have enough of what they need or that they would rather have official material which I think is about $3,500 from GIAC. I suppose they could make it optional? I dunno anyways with Cisco, Microsoft and whatever there are tons of resources many of which are free. At first I was trying to get out of taking this exam because I wasn't confident that the material would be enough. Im really glad that I didn't. -
Hypntick Member Posts: 1,451 ■■■■■■□□□□Ooooh that's sharp! Hope to have my own sometime in the next few months. Congrats again!WGU BS:IT Completed June 30th 2012.
WGU MS:ISA Completed October 30th 2013. -
colemic Member Posts: 1,569 ■■■■■■■□□□Agent47, thanks for posting you samples... i am a bit stuck though on one thing. In 27001:2005, you reference a 3-stage certification process, and so does the wikipedia article for 27001, but where, oh where in hell's bells is it in the standard??? I have almost convinced myself I am not looking at the right document. I have the docs from ANSI (courtesy of WGU) and I have read through most of it (since it's fairly short) and skimmed the rest multiple times, and I just don't see the external audit process covered anywhere. (Internal ISMS audits are covered in section 6.)
I strongly suspect I am about to have to put my dunce cap on.Working on: staying alive and staying employed -
forestgiant Member Posts: 153Hey Colemic,
Saw your PM and I just thought to post here as a pro bono of sort.
The only three suggestions would add are:
1) take every question seriously, but the first two dozens are more important. It's best if you're above 80% after the first check point (15 questions). Then again at the second check point. So time-wise, really give yourself enough room to get the right answers early on. Odds are against "catching up" if you're at the 60-questions mark (last check point) with the final 15 questions, and still below passing grade.
2) Read everything the course mentor gave you, and know where to find it quickly. You do not have to memorize much, but you have to think like a super librarian. Also bring with you the CISSP Prep Guide by Ronald Krutz. The book had answers to several off-the-wall technical questions that I didn't encounter in my study.
3) Join the private WGU MSc ISA google group and read all the lessons-learned from others.
EDIT: The plaque was exactly as Agent posted; quite nice by itself. First thought when I opened the package was "so this was what they did with my money" -
Agent47 Member Posts: 103Hi Colemic,
You're welcome. And no you don't need to put your dunce cap on. Watch, from doing all that reading, you will end up answering questions you didnt even know you knew the answer to.
So If you are talking about the area that starts with:
The ISO/IEC 27001 certification usually involves a three-stage external audit process:
Stage 1 is a preliminary, informal review of the ISMS...........................
This was simply some supporting information from wiki that I thought was interesting so I put it in my index. I think of this section as somewhat of a common starting approach amongst auditors of how they do external audits based on elements derived from the standard. Not so much that this section (mentioned above) is there word for word in the standards.
Glad you tried to read up on it though haha Like I said, some of the things that I chose to include may not make sense at first but once you start developing the index you'll be like ooooooh ok that's what that's there. -
Agent47 Member Posts: 103forestgiant wrote: »EDIT: The plaque was exactly as Agent posted; quite nice by itself. First thought when I opened the package was "so this was what they did with my money"
-
deshiman Registered Users Posts: 4 ■□□□□□□□□□What is the format of the G2700? Multiple choice, short answers, fill in the blanks? The only information i have is the exam has 75 questions and two hours long.
-
putergod Member Posts: 4 ■□□□□□□□□□Hi Colemic,
You're welcome. And no you don't need to put your dunce cap on. Watch, from doing all that reading, you will end up answering questions you didnt even know you knew the answer to.
So If you are talking about the area that starts with:
The ISO/IEC 27001 certification usually involves a three-stage external audit process:
Stage 1 is a preliminary, informal review of the ISMS...........................
This was simply some supporting information from wiki that I thought was interesting so I put it in my index. I think of this section as somewhat of a common starting approach amongst auditors of how they do external audits based on elements derived from the standard. Not so much that this section (mentioned above) is there word for word in the standards.
Glad you tried to read up on it though haha Like I said, some of the things that I chose to include may not make sense at first but once you start developing the index you'll be like ooooooh ok that's what that's there.
You're allowed to bring stuff into this exam?? -
Agent47 Member Posts: 103Yes, the test is open book. Do not let that fool you though because honestly you only have a min and a half per question. Once you'll start studying for it you will see why its open book..
-
Psyco32 Member Posts: 104 ■■■□□□□□□□Agent47,
CONGRATS and great writeup!!! Hopefully if my job has training funds I will probably take the G2700 next year. Will book mark your post..2014 GOALS
> GMOB [MAR_2014] OSCP [MAY_2014] GREM [OCT_2014] -
nateysmith Registered Users Posts: 3 ■□□□□□□□□□I am actually going in to take the GIAC 2700 today. Then Monday I present my capstone and I am all done with my Master's from WGU. Wish me luck
-
cutch69 Member Posts: 12 ■□□□□□□□□□Nate what did you use ive been going over this all seem like i am loss i got 75 on the pratice exam with no notes with 75%. i have a hard time lining up the objectives with the exam and the 3 manuals.
-
nateysmith Registered Users Posts: 3 ■□□□□□□□□□cutch, since this was my last class and exam for WGU, I didn't end up using much except for what I had already learned throughout the program. I took the first practice exam and got 68%. Second I got 76%. I passed the exam with 87%. I finished my presentation and I am now officially a graduate! I didn't take anything into the exam except for the ISO-27001 and ISO-27002 standards. I didn't use them though and I gave them to the lady to recycle the paper at the end.
-
Hypntick Member Posts: 1,451 ■■■■■■□□□□The exam was very comparable to the practice tests actually. Not really harder or easier, almost exactly the same type of questions and difficulty.WGU BS:IT Completed June 30th 2012.
WGU MS:ISA Completed October 30th 2013. -
mkstead Registered Users Posts: 1 ■□□□□□□□□□Thank you for posting this. I am getting close to finishing my Masters at WGU. This class took me a bit off guard. This post has really helped me get a grasp as to which direction to head and dig into the course.
Thank you! -
putergod Member Posts: 4 ■□□□□□□□□□I just took this test yesterday, made an 86.67, and would like to provide feedback based off of my experience.
First, the notes I took, and all the instructions and such (two 2" binders of stuff) proved to be rather useless. I think I referred to my notes, successfully, maybe twice. The ISO 27000 publications helped with about 5 questions. The rest of them had to come from my head. I found this test to be extremely difficult, compared to what I was expecting. Many of the questions seemed very vague, with vague answer choices in which many would seem correct, yet many of the questions wanted the "best" or "most" etc. (with only one "correct" answer of course). Therefore, it required a LOT of thinking.
Personally, if I was going to prepare for this test again, I would forgo "creating the binder", and just print off all the ISO 2700 series, spend time getting familiar with them, and taking some instructional class (skill soft or something). Get as many "practice tests" from GIAC as you can and be sure to set them to show explanations for "all answers". In those explanations something might be noted that you either didn't know, or hadn't thought about, that could aid in increasing the knowledge required for this test. WGU gives you two, but if I was doing it over again, I would pay for at least 1 or 2 more. In those two practice tests I made a 73.33 and a 78.67 respectively. Those were probably the biggest help, as they really show the type of questions being asked, and they give really good explanations (whether you know the answer or not, they are informative). Also, if you are not well experienced in the IT field, preferably security related, this test will be almost impossible to pass. And, I will agree with Hypntick in that the real test and the practice tests are on par with each other - in every aspect.
Finally, if you're a believer... Prayer ALSO helps!
P.S. to put it into perspective on how "hard" this was to me - I made a 100 on the CHFI exam, and a 93 on CEH. 86 is low to me, but I felt I should have scored even lower with the difficulty. -
ctx Member Posts: 11 ■□□□□□□□□□Hello Putergod.
Will the practice tests allow you to review your answers or is it like the real exam where once you answer it, its history and cannot go back ?
Apart from 3 ISO's , what other topics are the questions asked from ? -
putergod Member Posts: 4 ■□□□□□□□□□Hello Putergod.
Will the practice tests allow you to review your answers or is it like the real exam where once you answer it, its history and cannot go back ?
Apart from 3 ISO's , what other topics are the questions asked from ?
It had a few technical questions related to security and vulnerabilities. If you're doing this through WGU, then you should have already taken several classes and the CEH and CHFI tests that are all based on that topic, so you shouldn't have an issue with those questions.
The harder ones for me where based on "industry opinion". There were questions that were concerning procedure, best practice, organization, ethics, and law that were the more vague ones and really required you to think hard about them. Read through the answers and using your own intelligence, experience, and common sense to ascertain what the "best" answer is. "Most" of the test comes from the ISO instructions though - and it touches on more than 3 of them, but centers on 27002:2005 the most.