Gcih - sans 504

laughing_manlaughing_man Member Posts: 84 ■■□□□□□□□□
Just signed up for SANS SEC504 with a GCIH attempt. Can't wait to get the books and study hard icon_cool.gif

I will post with my progress and impressions for those who are interested.
«1

Comments

  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    It would be interesting to hear your impressions of the class on a day-by-day perspective, although I know that's asking for quite a bit since each day covers a lot of ground with the resulting mental exhaustion at the end of each day. Seeing how things progress and reinforce the previous day's material would be great though.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    I'm more than half-way through. It's a great class.
  • laughing_manlaughing_man Member Posts: 84 ■■□□□□□□□□
    I am excited and not near as nervous as I was with GSEC. I feel after going through one SANS class I have a good idea of what to expect and what I will need to bring attitude and energy-wise to do well. This way I can focus more on the material. :)

    Here is hoping GCIH goes into a little more detail than GSEC, which was a bit too broad I think.

    I am doing the OnDemand course, so doing a daya by day would be tedious. But certainly I plan on posting at times when I think I have something meaningful or helpful to post. Reading old posts by folks who have gone through an exam are always helpful, so I intend on leaving something for others.
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    Funny that you mention that, I've come to think of the GCIH as an introduction to ethical hacking and network forensics.
  • laughing_manlaughing_man Member Posts: 84 ■■□□□□□□□□
    Funny that you mention that, I've come to think of the GCIH as an introduction to ethical hacking and network forensics.

    So is your feeling that the GCIH is casting too wide a net in terms of material? I felt that the very nature and purpose of the GSEC was to be broad, hence the security essentials bit.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I think 504 is relatively broad as it covers what would be considered a number of speciality subsets. It's definitely tailored to incident handling and wraps around that for sure, but that in itself covers a lot of different skill sets.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    So is your feeling that the GCIH is casting too wide a net in terms of material? I felt that the very nature and purpose of the GSEC was to be broad, hence the security essentials bit.

    No. It's definitely not GSEC. 504 is what it is: Hacker Techniques, Exploits and Incident Handling. I was expecting it to be mostly Incident Handling and Network Forensics with some hacking knowledge. In reality it's more like 25% IH and 75% Hacker techniques that also happens to cover how to prevent each attack.
  • laughing_manlaughing_man Member Posts: 84 ■■□□□□□□□□
    Checking in with 90 days to go. Doing the OnDemand and self study with the texts. I agree with what veritas said, this course is definitely 25% IH and the rest hacking techniques, which is great for me! My boss wants to emphasize the IH, hence why he requested I take the course. In any event, I will find a way to make the experience beneficial.

    I got to say after slogging through the IH material, I am hitting my stride with the hands on. Truly a great course. I enjoy the work so much , I have to remember to keep making my index :).
  • lemondlemond Member Posts: 2 ■□□□□□□□□□
    same just got the material, here we go!
  • chanakyajupudichanakyajupudi Member Posts: 712
    Its a great course covering a lot of areas. Best of luck for your exams !
    Work In Progress - RHCA [ ] Certified Cloud Security Professional [ ] GMON/GWAPT if Work Study is accepted [ ]
    http://adarsh.amazonwebservices.ninja


  • laughing_manlaughing_man Member Posts: 84 ■■□□□□□□□□
    I can't remember where I read this, but someone recommended a method for indexing for GCIH: a general/traditional index, an "attack" index, and a tools index. The more I get into the material, the more this seems to make sense. I am still making my traditional index, but I think I will start creating these parallel indexes.
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    Obviously do what works for you; however I would fear miscategorizing something, or being annoyed when a subject spans multiple categories and multiple indexes. I created my GCIH index with the same methodology as my GSEC index, and didn't have any issues with it.

    It's a fun course, good luck
  • laughing_manlaughing_man Member Posts: 84 ■■□□□□□□□□
    Getting down to the wire. I sit for my test in less than 3 weeks. I am going back and touching up my index. I plan to sit for my first practice test soon. Just getting a healthy dose of pre-exam jitters is all icon_study.gif
  • ITforyearsITforyears Member Posts: 35 ■■□□□□□□□□
    I am studying for GCFA. Good luck.
  • laughing_manlaughing_man Member Posts: 84 ■■□□□□□□□□
    Thanks! Good luck to you too!

    Just finished my first practice test. Scored an 81%, which is lower than I hoped. The GCIH material is proving to more difficult than I had expected, but still enjoyable.

    Anyway I have my printout with my results for each category on the test. I have 12 days to study hard on those weak areas and I have another practice test to use if I need it.
  • bkhayesbkhayes Member Posts: 39 ■■■□□□□□□□
    Thanks! Good luck to you too!

    Just finished my first practice test. Scored an 81%, which is lower than I hoped. The GCIH material is proving to more difficult than I had expected, but still enjoyable.

    Anyway I have my printout with my results for each category on the test. I have 12 days to study hard on those weak areas and I have another practice test to use if I need it.

    my 504 class begins tomorrow. i'm in virginia do you have any advice? i heard that creating an INDEX is helpful for the exam. do you feel you will pass this exam?
  • laughing_manlaughing_man Member Posts: 84 ■■□□□□□□□□
    bkhayes wrote: »
    my 504 class begins tomorrow. i'm in virginia do you have any advice? i heard that creating an INDEX is helpful for the exam. do you feel you will pass this exam?

    Best advice is read the books cover to cover, making your index as you go along. I have 4 columns in mine: term, book number, page number and description.

    I also make notes for each section, basically re-writing the material in my own words. I use that basically as a tool to help get the information in my head, not really as a study tool.

    I also listen to all the lectures, either in the car, on a walk or in the evening when I have time.

    After that I have read the books through once more, making additional entries or additions to my index.

    I feel confident I will pass. Honestly, I had about 10 questions on the practice test that were d'oh moments where I did not read the question and answers fully and I clearly knew the answer, but did not take my time.

    Having already done a SANS cert, I know the process and how the tests work. When I did my GSEC I tested in the mid to high 80s on my practice exams and got a 93% on my final. Basically again due to the fact that I rushed a bit on the practice tests but took my time on the actual exam.

    I think if you invest the time and effort to read and know the material, plus build a solid index, you will be fine. Its a lot of work yes, but then all good things are :)

    Good luck to you!
  • bkhayesbkhayes Member Posts: 39 ■■■□□□□□□□
    Best advice is read the books cover to cover, making your index as you go along. I have 4 columns in mine: term, book number, page number and description.

    I also make notes for each section, basically re-writing the material in my own words. I use that basically as a tool to help get the information in my head, not really as a study tool.

    I also listen to all the lectures, either in the car, on a walk or in the evening when I have time.

    After that I have read the books through once more, making additional entries or additions to my index.

    I feel confident I will pass. Honestly, I had about 10 questions on the practice test that were d'oh moments where I did not read the question and answers fully and I clearly knew the answer, but did not take my time.

    Having already done a SANS cert, I know the process and how the tests work. When I did my GSEC I tested in the mid to high 80s on my practice exams and got a 93% on my final. Basically again due to the fact that I rushed a bit on the practice tests but took my time on the actual exam.

    I think if you invest the time and effort to read and know the material, plus build a solid index, you will be fine. Its a lot of work yes, but then all good things are :)

    Good luck to you!

    okay my friend. when do you plan to take the GCIH? also do you mind if i post questions here for the next few days as i go thru the course? the exam is multiple choice and open book. yes?
  • bkhayesbkhayes Member Posts: 39 ■■■□□□□□□□
    cyberguypr wrote: »

    wow thanks man. i appreciate this very much. i have book #1 and the class starts in an hour. day 1 seems like an introduction day. should i take the primary terms there and index them?

    because this guy
    http://digitalforensicstips.com/2012/11/sans-index-how-to-guide-with-pictures/

    made he has things organzied according to "tools" "windows" "linux" and "miscellaneous" and it seems like -

    and day 1 seems like a general terms and processes ideas. Should i index and alphabetize terms in a "miscellaneous" section? because day 1 doesn't have any thing on the technical side. just the Linux commands in the appendix.
  • laughing_manlaughing_man Member Posts: 84 ■■□□□□□□□□
    I did the OnDemand training, not the boot camp. However, if I were you, I would spend this week taking notes on the lectures and doing the exercises and prepping for the hands on workshop for day 6. Doing those things will put you in the right frame of mind for the certification exam. Once home, I would focus on reading and indexing, taking the next few months to get familiar with the books.

    I indexed as I went and then reoordered my index alphabetically. I also would recommend doing 1 index, not 3. I toyed with idea, but it was too unwieldly.
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    ^ I concur with that. I wouldn't focus right now on indexing for two reasons: 1) what laughing_man said, focus on the material and discussion, they are extremely valuable. Class interaction is priceless. 2) going over the books later, without the pressure of possibly missing something said in class, will allow you to refresh the material as well as give you an opportunity to lookup and expand on concepts/tools/processes that you may have doubts on.

    I liked the idea of of 3 separate index sections. In my eyes things flow smoother if your only focus is searching
    alphabetically. If you subdivide and then blank out at a term, you will have to spend extra tome looking up through the sections.
  • bkhayesbkhayes Member Posts: 39 ■■■□□□□□□□
    cyberguypr wrote: »
    ^ I concur with that. I wouldn't focus right now on indexing for two reasons: 1) what laughing_man said, focus on the material and discussion, they are extremely valuable. Class interaction is priceless. 2) going over the books later, without the pressure of possibly missing something said in class, will allow you to refresh the material as well as give you an opportunity to lookup and expand on concepts/tools/processes that you may have doubts on.

    I liked the idea of of 3 separate index sections. In my eyes things flow smoother if your only focus is searching
    alphabetically. If you subdivide and then blank out at a term, you will have to spend extra tome looking up through the sections.

    thanks for this information. i really appreciate it very much. i still feel it's important to build up my index after each session. thanks for information. i will post my progress here and ask generic questions as i progress thru the course for the next 6 days.

    i'm in a rush to be honest. and i'm gonna take the practice exam a week after the class is over and then if i do well on practice exam. i will attempt the real thing.
  • bkhayesbkhayes Member Posts: 39 ■■■□□□□□□□
    bkhayes wrote: »
    wow thanks man. i appreciate this very much. i have book #1 and the class starts in an hour. day 1 seems like an introduction day. should i take the primary terms there and index them?

    because this guy
    How to Guide for making a SANS / GIAC Index with Pictures | Digital Forensics Tips

    made he has things organzied according to "tools" "windows" "linux" and "miscellaneous" and it seems like -

    and day 1 seems like a general terms and processes ideas. Should i index and alphabetize terms in a "miscellaneous" section? because day 1 doesn't have any thing on the technical side. just the Linux commands in the appendix.

    okay every one. i just finished the bootcamp. i will post my entire index within the next 4 days. i have been working on it. thanks for all the help.
    any suggestions for making it better will be helpful. thanks everyone.
  • azmattazmatt Member Posts: 114
    Best tip I can think of (outside of bigger is better) is that if a tool is mentioned, it goes into the tool index. Even if ten tools are lumped together at the bottom of a page all ten go in the index. You don't need great details on what they do, just where to find them.

    Also, make sure to tack on a few "extra" pages to the back of your index for **** sheets like common ports.
  • laughing_manlaughing_man Member Posts: 84 ■■□□□□□□□□
    I second the **** sheets. Take the ones included with your SANS materials, common ports, Nmap, tcpdump **** sheets, whatever you think will help. There are some good ones on SANS site here: SANS List of Penetration Testing Tips Sheets, Downloads and pdfs
  • bkhayesbkhayes Member Posts: 39 ■■■□□□□□□□
    wow. thanks fellas. i think my index will be on point. i got a good strategy for how to organize it. next 4 days it will be available for review and for anybody else who needs one.
  • laughing_manlaughing_man Member Posts: 84 ■■□□□□□□□□
    Just got back from my test. Passed with a 90%. I have to say I keep feeling like the practice tests are harder than the real thing. For GSEC I had 2 practice tests, scored 83% and 88% on the practices and a 93% on the real thing. This time around for GCIH, I scored 81% on both my practice tests (I was really disheartened by that second 81%). The real test was much easier. I was at 100% for the first 30 questions and then hovered in the low 90s/high 80s for the rest of the test.

    Anyway, glad to be done.

    Study suggestions for future test takers:

    Make a solid index (mine was a bit overkill at 40 pages). Basically if it was a proper noun, I made an entry. Creating the index is the single most helpful thing you can do while studying.

    READ ALL THE BOOKS

    When you have done that, read them again!

    Give yourself plenty of time. I used all 4 months for study time and put probably over 100 hours into studying.

    I think if you read the books through, make an in depth index and go over the ins and outs of the attack methodologies, you will do fine.

    Thats all for now. I will be prepping for the CISSP next and then who knows :)
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    How long did you take to finish the exam? I've always found the real exam to be a bit harder than the practice versions but perhaps it was the nervousness due to it being "the real thing." How much book/index-referencing was involved in your experience?
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • Heracles004Heracles004 Member Posts: 50 ■■■□□□□□□□
    Congratulations !! Great score!
Sign In or Register to comment.