Passed GSEC - tips and thoughts
I passed the GSEC a few days back with 90%. I lurked this forum a lot while preparing for the exam. Now that I'm done, I figured I should give back. I'm not much of a writer so this will be brief.
I took the 401 boot camp in the OnDemand format. I was completely satisfied with OnDemand and would choose that over a classroom setting the next time (if there is a next time) my employer decides to pay for SANS training. I did the 6 days of classroom training in a month, which allowed me to absorb the material and keep up with work and family commitments.
Then I spent 9 weeks studying for the exam. I read each word in all 6 books, twice. I did every lab 3 or more times. I went through the end of module questions (available in the OnDemand format, my colleague who attended bootcamp in person had never heard of it) twice.
Instead of creating a master index that included content from all 6 books, I created an individual index for each book. I was worried this may be a mistake but it turned out fine.
I then took my first (of 2) practice exams. I scored an 83. I identified areas of weakness and spent 3 days reinforcing them. I then took the second (and last) practice test about three days before the actual exam. My second practice test score was unchanged - still 83. The 3 days of studying appeared to have no impact.
I didn't study much during the three days before the real exam. Maybe an hour each day, that too while watching TV. I focused on writing notes in my book index documents and on reading modules that I realized I had not read in a while (Information Warfare, OPSEC, physical security).
I showed up to the exam with the 6 SANS books, a UNIX reference and the CISSP Exam Cram. I ended up using all 8 texts to answer questions during the exam.
The questions were mostly quite easy. Many of them were conceptual, tying together multiple concepts covered in multiple books. These are not questions that can be answered by looking up texts. You either know them or you don't. Many questions were fact-based. Those questions can be looked up and if you know your texts like you know an old friend and your index documents are easy to read, that lookup can be done in seconds.
And there was 1 question (the last I answered, 1 of my 5 skips) that I could not answer. I could not find an answer in any texts and I did not know the answer. It was related to traceroute. I never thought I'd miss a traceroute question but I think I did. I guessed but based on the star rating I got on ICMP (zero stars) I think I guessed wrong.
My advice to anyone who wants to pass the GSEC is simple. Read the books, do the labs. Read the books, do the labs. Repeat and rinse until you're comfortable with the material. If you do the work, you'll pass the exam. No tricks necessary.
If anyone has questions, feel free to ask and I will respond when I can.
Editing to add one more point about the practice exams vs real exam: I found them to be comparable in terms of difficulty. What changed is that I realized 5 hours is a lot more than I thought (the practice exams took around 2 1/2 hours each) and I'm a worse guesser than I thought. So in the real exam even when I was 80% sure I looked it up. I still finished the exam in 3 1/2 hours with plentyyyyy of time to spare. There is no award for finishing quickly. It's not a race. You get 5 hours and you get books.. use it all.
I took the 401 boot camp in the OnDemand format. I was completely satisfied with OnDemand and would choose that over a classroom setting the next time (if there is a next time) my employer decides to pay for SANS training. I did the 6 days of classroom training in a month, which allowed me to absorb the material and keep up with work and family commitments.
Then I spent 9 weeks studying for the exam. I read each word in all 6 books, twice. I did every lab 3 or more times. I went through the end of module questions (available in the OnDemand format, my colleague who attended bootcamp in person had never heard of it) twice.
Instead of creating a master index that included content from all 6 books, I created an individual index for each book. I was worried this may be a mistake but it turned out fine.
I then took my first (of 2) practice exams. I scored an 83. I identified areas of weakness and spent 3 days reinforcing them. I then took the second (and last) practice test about three days before the actual exam. My second practice test score was unchanged - still 83. The 3 days of studying appeared to have no impact.
I didn't study much during the three days before the real exam. Maybe an hour each day, that too while watching TV. I focused on writing notes in my book index documents and on reading modules that I realized I had not read in a while (Information Warfare, OPSEC, physical security).
I showed up to the exam with the 6 SANS books, a UNIX reference and the CISSP Exam Cram. I ended up using all 8 texts to answer questions during the exam.
The questions were mostly quite easy. Many of them were conceptual, tying together multiple concepts covered in multiple books. These are not questions that can be answered by looking up texts. You either know them or you don't. Many questions were fact-based. Those questions can be looked up and if you know your texts like you know an old friend and your index documents are easy to read, that lookup can be done in seconds.
And there was 1 question (the last I answered, 1 of my 5 skips) that I could not answer. I could not find an answer in any texts and I did not know the answer. It was related to traceroute. I never thought I'd miss a traceroute question but I think I did. I guessed but based on the star rating I got on ICMP (zero stars) I think I guessed wrong.
My advice to anyone who wants to pass the GSEC is simple. Read the books, do the labs. Read the books, do the labs. Repeat and rinse until you're comfortable with the material. If you do the work, you'll pass the exam. No tricks necessary.
If anyone has questions, feel free to ask and I will respond when I can.
Editing to add one more point about the practice exams vs real exam: I found them to be comparable in terms of difficulty. What changed is that I realized 5 hours is a lot more than I thought (the practice exams took around 2 1/2 hours each) and I'm a worse guesser than I thought. So in the real exam even when I was 80% sure I looked it up. I still finished the exam in 3 1/2 hours with plentyyyyy of time to spare. There is no award for finishing quickly. It's not a race. You get 5 hours and you get books.. use it all.
Comments
-
chanakyajupudi Member Posts: 712Congratulations ! I am hoping to pass this exam soon with a good percentage !
Planned exam date is Decemeber so lots of time to prepare !
I have taken the Live Course - BootCamp Style in July. But was studying up for the GCIH which i passed just yesterday !
I hope to follow your method. Study study and study. Lab along with study !Work In Progress - RHCA [ ] Certified Cloud Security Professional [ ] GMON/GWAPT if Work Study is accepted [ ]
http://adarsh.amazonwebservices.ninja -
analyst Member Posts: 48 ■■□□□□□□□□cyberguypr wrote: »Congrats on the pass and welcome aboard!chanakyajupudi wrote: »Congratulations ! I am hoping to pass this exam soon with a good percentage !
Planned exam date is Decemeber so lots of time to prepare !
I have taken the Live Course - BootCamp Style in July. But was studying up for the GCIH which i passed just yesterday !
I hope to follow your method. Study study and study. Lab along with study !
Thank you and good luck! -
Technician82 Registered Users Posts: 1 ■□□□□□□□□□Congratulations on passing your exam. I too took the 401 On Demand course. My course finished in mid may. Were you in my class? My exam is scheduled in the second week of October. I'm still working on my index. Would you happen to be able to share what a page or so looks like? Also, what unix reference guide did you use? Did you need the TCP/IP and tcpdump pocket reference guide? Thank you for time.
-
LionelTeo Member Posts: 526 ■■■■■■■□□□Congratulations for passing.
@Tech here are my tips for the index
Book Labelling Tips
- Start labelling from the back to the front
- Use the same color label for the same chapter
- Once you finish labelling for a chapter, label the top of the book for quick reference to the chapter
- Dont label base on the sans book chapter sub category, label base on your own judgement on sub catgory
For example, if they put packet headers, analysis techniques and common network device into a section call network analysis. You should learn to split them.
- For weaker chapters, spend more time labelling more index
- For stronger chapter, you can use less label
- Go through the book at least 2 times
- Read through for the first time
- For the second time, write down (U)(*)(RO) and (R) for each topic, which means understand, important, reference only or read. This will help you to know which topic require understanding, reading or important.
- For the second time, use a highlighter to highlight the key words as you go through the book
- Spend some time to complete at least 70% of the lab cover in the book
- Use a marker to write at the bottom of the book 1,2,3,4,5 respectively. During exams when the book stack up in front of you, you will know which book is which at a glance
- Never rely on the practice test question and answer for the exam, I have known candidates who copy all the questions from practice test into the exam hoping that they would pass, they won't, if you get a practice test answer wrong. Go to the section and write it down and improve your notes
- after a practice test review your index and improve them
- dont follow the book name for index, use your own name that your familiar with. For example, the book may use cryptography, i will label mine as encryption as it is easier for my mind
- some book cover the same topic in multiple part of the book , example kerberos may be covered in 3 different areas of the book explaining different concept, at each of this pages, write down the quick reference to other pages that have the same topic. Example: at the bottom i will write, see also: page xxx-xxx for keberos architecture.
- Read through all the highlighted points days before the exam.
During Exam/Practice Test
- flip the book for every answer. Even if you know the answer, it is good to double check to ensure you are correct
- Use skip for skipping hard to find answer. You may find in the book later by accident
- Use skip to skip the same type of question if you are tired to flip the book at the end of the exam. You can answer them together once u get 2 or 3 skip question in the same chapter.
- Aim to take a break after 60% of the question at the exam. At 90th Question for 150 Question Exam, or at 105 Question for 180 Question Exam. This helps against exam fatigue.
- Spend additional time resting.
- Once you notice yourself unable to concentrate, stop and massage your head a little
- Use the given board to rephrase questions which have 4 similar answer to prevent carelessness
- Read the question, then the answer, then read the question again
- During break, try to find a greenery or tree to look at for about 5 mins.
Lastly, I wish all the best for your upcoming exams and hope that you will score a great passing mark. -
analyst Member Posts: 48 ■■□□□□□□□□Technician82 wrote: »Congratulations on passing your exam. I too took the 401 On Demand course. My course finished in mid may. Were you in my class? My exam is scheduled in the second week of October. I'm still working on my index. Would you happen to be able to share what a page or so looks like? Also, what unix reference guide did you use? Did you need the TCP/IP and tcpdump pocket reference guide? Thank you for time.
I took it on OnDemand starting in mid June.
I can't share what a page looks like since it's not in soft copy but I basically made a table of contents for each book, not an index per se. I used the course outline as the starting point, put plenty of whitespace between entries and then fleshed it out with hand written notes. Subject-PageNumber. More detail on the areas I was weaker (like Windows) and less detail on the rest.
UNIX reference, I used the one from O'Reilly.
And yes I did need the tcp/ip pocket reference guide. -
hfoss Member Posts: 1 ■□□□□□□□□□Excellent site! Question: were allowed to take the TCP/IP Pocket Reference Guide into the exam with you?
Thanks... -
veritas_libertas Member Posts: 5,746 ■■■■■■■■■■Thanks for the story and advice guys. I just finished the GCIH vLive course. Six books is a lot of data to sift through :P That being said, it's the best class experience I have ever had.
-
Cyrix2k Registered Users Posts: 3 ■□□□□□□□□□Excellent site! Question: were allowed to take the TCP/IP Pocket Reference Guide into the exam with you?
Thanks... -
klevdav Member Posts: 8 ■□□□□□□□□□hey do you think its a good idea for them to allow you to go back and see the questions you missed on the practice test? i scored a 58% on my first practice test on saturday i plan to study harder and passs with atleast a 75% or more.
-
Khaos1911 Member Posts: 366Just copy and paste the ones you missed and the explanation of why you missed to a word document as you take the practice test.
-
SephStorm Member Posts: 1,731 ■■■■■■■□□□or use the score report, re-read those chapters in their entirety. the questions themselves will not be useful, but that subject area will be something to review.
-
RootBeard Member Posts: 11 ■□□□□□□□□□For the practice exams given to you when purchasing the actual exam, are the practice exams timed?
-
MattSC Member Posts: 25 ■□□□□□□□□□For the practice exams given to you when purchasing the actual exam, are the practice exams timed?
Yes, the practice exams and the actual exam follow a similar format. Both are timed and display a score update after every 15 questions. One difference with the practice exams is that you can choose to see the correct answer and explanation after every question, after every incorrect response or not at all. -
RootBeard Member Posts: 11 ■□□□□□□□□□Yes, the practice exams and the actual exam follow a similar format. Both are timed and display a score update after every 15 questions. One difference with the practice exams is that you can choose to see the correct answer and explanation after every question, after every incorrect response or not at all.
Thanks for the heads up! Now about your last sentence, does this pause the time to see the correct answer and explanation or is this built into the 5 hour time frame? -
MattSC Member Posts: 25 ■□□□□□□□□□Thanks for the heads up! Now about your last sentence, does this pause the time to see the correct answer and explanation or is this built into the 5 hour time frame?
I'm almost certain that the clock does not stop while you review the correct answer. You can take a break on both the practice and actual exams which pauses the clock briefly (15 minutes?). If you skip questions, you cannot take the break until you've answered those questions.