Passed GCIA (SEC503)

MalwareMikeMalwareMike Senior MemberMember Posts: 147 ■■■□□□□□□□
Disclaimer: I'm enrolled in the SANS master program and now have completed GSEC, GCIH. GWAPT, and GCIA.

I have to say I really enjoyed this course after I started to actually absorb the information. Going through book 1 and 2 the first time was mentally draining but after the 3rd go around, everything started to come together. So for anyone taking this class in the future, don't get overwhelmed with the first two books, give it time and you'll start absorbing the concepts. Once you grasp the information in the first two books, I believe books 3,4, and 5 are cake...just understand how to use tcpdump, tshark, wireshark, snort, and bro (run through the labs 2-3 times and you'll be a good spot).

Tips for the exam:
**Bring the following with you**
1) A chart that shows you the conversion between decimal/hex/binary (very useful, you dont' want to be converting hex during the exam if you don't have to)
2) Print out a few IP and TCP headers in hex format and label each field...doing this alone helped me solve 8-10 problems
3) Print out all of the ICMP codes (I used this: erg.abdn.ac.uk/users/gorry/course/inet-pages/icmp-code.html)
4) Print out a list of examples for: tcpdump commands, wireshark commands, tshark commands, snort rules, bro scripts, silk commands
SANS provides a book with tcpdump and wireshark commands but I found my personal list to help more
5) The practice exams will tell you where you stand...I received a 87% on my second practice exam and received an 87% on my actual test
6) Great website to test your skills during and after the class: www.malware-traffic-analysis.net/

Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
Twitter: https://twitter.com/Malware_Mike
Website: https://www.malwaremike.com

Tagged:

Comments

  • DJVeritasDJVeritas Junior Member Member Posts: 40 ■■■□□□□□□□
    Thanks for the tips!  Congrats on your pass!
  • chrisonechrisone Senior Member Member Posts: 2,276 ■■■■■■■■■□
    Thanks man! I just finished all 5 books. I need to go over the books a second time and listen to the class mp3s. I hope to take the test at the end of Feb. 
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • MalwareMikeMalwareMike Senior Member Member Posts: 147 ■■■□□□□□□□
    @chrisone how did you like the FOR508 course?
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • chrisonechrisone Senior Member Member Posts: 2,276 ■■■■■■■■■□
    @chrisone how did you like the FOR508 course?
    I am not taking it until SANS Network Security in Vegas in Sept 2019. My signature displays 2019 goals (courses and certs), as you can see I have a lot on my plate. I just finished AppSec Cali Red Team Attacks and next will be SANS West in San Diego May 2019. I will be taking the SEC660 course and hopefully pass the GXPN sometime in the summer. Before May/SANS WEST I want to knock out GCIA and GCIH. I was hoping to pass GCIA at the end of Feb and GCIH at the end of April.  
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • MalwareMikeMalwareMike Senior Member Member Posts: 147 ■■■□□□□□□□
    @chrisone I found GCIH to be super easy, I think I passed the exam in a month. I just started the SANS SEC573 (Automating security with Python) yesterday, just patiently waiting for the books and labs to come in.
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • chrisonechrisone Senior Member Member Posts: 2,276 ■■■■■■■■■□
    Good deal! you are giving me lots of motivation and hope that I can finish GCIA and GCIH by May :smile: 

    The SEC573 looks like a very good course. I am sure the labs will be loads of fun! Id like to eventually take SEC573 and SEC505 Powershell courses but that will be sometime in 2020. 
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • E Double UE Double U Senior Member Member Posts: 2,164 ■■■■■■■■■■
    I found GCIA to be a beast so congratulations to anyone that passes and good luck to anyone pursuing it. 
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS2022 goal(s): CRISC, new job, AWS Certified Cloud Practitioner"You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • chrisonechrisone Senior Member Member Posts: 2,276 ■■■■■■■■■□
    I found GCIA to be a beast so congratulations to anyone that passes and good luck to anyone pursuing it. 
    what is your assessment on GCIH? was it as easy as Malware Mike mentions it to be?
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • BlucodexBlucodex Senior Member Member Posts: 430 ■■■■□□□□□□
    I just passed (challenged) GCIH two weeks ago after a couple weeks of self-study--so I did not take the 6 day course.

    Difficulty is going to depend on your experience/knowledge level.  I didn't find it particularly difficult but you really need to know attacks/tools/defenses to make things easier.  

    Having passed both, for me personally....  If GCIA is a 9 for difficulty I would give the GCIH a 7.
  • E Double UE Double U Senior Member Member Posts: 2,164 ■■■■■■■■■■
    edited January 2019
    chrisone said:
    I found GCIA to be a beast so congratulations to anyone that passes and good luck to anyone pursuing it. 
    what is your assessment on GCIH? was it as easy as Malware Mike mentions it to be?
    Malware Mike described it as super easy, but that was not the case for me (my official score was 76%). But our differences in opinion is not relevant. Like Blucodex said, the level of difficulty depends on your experience/knowledge going in to it. At the time of taking that exam, my day-to-day job focused more on firewalls, vpn, ids, web filters, etc. All of those exploits covered during the course were things I had only read about, but never actually tried. I had not used most of those tools I learned about in the SANS course (including nmap) and some I never heard of. 
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS2022 goal(s): CRISC, new job, AWS Certified Cloud Practitioner"You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • MalwareMikeMalwareMike Senior Member Member Posts: 147 ■■■□□□□□□□
    E Double U/Blucodex/Chrisone,

    I don't mean to make the certifications sound easy because they aren't. Having taken 4 of the SANS certs, I understand the way they ask questions so when Im going through the books I can now highlight things I think will be on the test and I'm pretty accurate. Mix that in with a damn good index and knowing exactly where to go when you see a question...for example: when I see a DNS question that I didnt know or wanted to double check, I already know to look at Book 3/page 64 (and that was from memory). But everyone correlates info differently, so I just wanted to throw that out there.
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • chrisonechrisone Senior Member Member Posts: 2,276 ■■■■■■■■■□
    No worries Mike, I understood what you and the others were saying. In the end these are just peoples personal experiences. I take all this input and formulate a guess as to how I may experience the exam. Everyone is correct that each persons level of experience will influence their own personal level of difficulty for any exam. I feel I may take a month and a half for the GCIH, well see :smile:


    Thanks guys!
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • E Double UE Double U Senior Member Member Posts: 2,164 ■■■■■■■■■■
    E Double U/Blucodex/Chrisone,

    I don't mean to make the certifications sound easy because they aren't. Having taken 4 of the SANS certs, I understand the way they ask questions so when Im going through the books I can now highlight things I think will be on the test and I'm pretty accurate. Mix that in with a damn good index and knowing exactly where to go when you see a question.
    I have gotten to that point as well. It took me several months to prepare for my first two GIAC certs (GCIH/GCIA), but I passed GPEN a few weeks after completing the course. 
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS2022 goal(s): CRISC, new job, AWS Certified Cloud Practitioner"You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • Randy_RandersonRandy_Randerson Member Member Posts: 115 ■■■□□□□□□□
    Easily the hardest one I took -- Thank you for the insight! I need to tackle the beast again soon! 
  • unrealskillz06unrealskillz06 Member Member Posts: 37 ■■■□□□□□□□
    Great job! I'll be sitting for this one later this week
  • MalwareMikeMalwareMike Senior Member Member Posts: 147 ■■■□□□□□□□
    Great job! I'll be sitting for this one later this week
    Make sure you know DNS in detail or at the very least, you know where to go to review the information
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • eng11meng11m Member Posts: 1 ■■□□□□□□□□

    how ware the lab questions.?

     was the time limit enough ?

  • tboetboe Member Member Posts: 44 ■■■□□□□□□□
    Congratz and welcome to the club!
  • SATartSATart GSEC, CCNA, CCNA Sec Member Posts: 2 ■■□□□□□□□□
    edited February 2019

    I am curious about how time intensive the labs/hands-on portion is as well. SiLK was covered only briefly in book 5, yet the practice test lab on it was quite intensive and required a lot of time (IMO/for me). Also, the labs appear to be weighted more heavily in score than the multiple choice questions. The practice test suggest they are at least.

    GSEC, CCNA, CCNA Sec

    Next: GCIA
  • MalwareMikeMalwareMike Senior Member Member Posts: 147 ■■■□□□□□□□
    If I recall correctly, there were 11 lab questions on the practice exam and the real exam follows that rubric. The lab questions are very similar from the practice exams to the real exam, so if they asked you to use SiLK, it will probably be on the exam. But I dont recall it taking a long time, you just have to understand the syntax
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • SATartSATart GSEC, CCNA, CCNA Sec Member Posts: 2 ■■□□□□□□□□
    If I recall correctly, there were 11 lab questions on the practice exam and the real exam follows that rubric. The lab questions are very similar from the practice exams to the real exam, so if they asked you to use SiLK, it will probably be on the exam. But I dont recall it taking a long time, you just have to understand the syntax
    Thanks for the feedback. 
    GSEC, CCNA, CCNA Sec

    Next: GCIA
  • charismaticxcharismaticx Junior Member Member Posts: 158 ■■■■□□□□□□
    @MalwareMike would you say indexing the lab book help for reference? I’m debating on what I can do to tackle the vm questions better. 
    Goals: AWS Solutions Architect; OSCP; GPYC; GSE; CISSP
  • Randy_RandersonRandy_Randerson Member Member Posts: 115 ■■■□□□□□□□
    @MalwareMike would you say indexing the lab book help for reference? I’m debating on what I can do to tackle the vm questions better. 
    I would. Especially things like specific commands with their options for quick reference. Nothing is really tricky, but it'll speed things up a bit if you know how to correctly open Snort conf file and edit it. I found the lab books much quicker for that information than the actual books themselves since its over a few slides.
  • charismaticxcharismaticx Junior Member Member Posts: 158 ■■■■□□□□□□
    I’ve tabbed out my lab book for quick reference. I think I have an idea of what to expect. I’m not sure what kind of questions they’ll ask so I guess I’ll just be prepared.  
    Goals: AWS Solutions Architect; OSCP; GPYC; GSE; CISSP
  • quogue66quogue66 Senior Member Member Posts: 193 ■■■■□□□□□□
    There are a few things in the lab book that aren't anywhere else in the material.  For the GSE multiple choice test I actually took apart the lab book and added sections to each of the 5 books.  The time is so short for GSE that I didn't look at it very often but it made it easier to study with.  I also didn't have to carry the lab book with me all the time.
  • charismaticxcharismaticx Junior Member Member Posts: 158 ■■■■□□□□□□
    I just passed the GCIA a little while ago. I have to admit it was significantly harder than both practice exams. The lab book definitely helps but you have to be creative on the labs.  
    Goals: AWS Solutions Architect; OSCP; GPYC; GSE; CISSP
  • Chris200712Chris200712 Member Posts: 1 ■□□□□□□□□□
    I am taking mine next week. How was the admissions process for the Masters program?
  • quogue66quogue66 Senior Member Member Posts: 193 ■■■■□□□□□□
    It's pretty easy.  You send your transcripts, write two papers and make a video of yourself giving a talk on one of the papers.
Sign In or Register to comment.