GCTI Prep

jcundiffjcundiff Member Posts: 486 ■■■■□□□□□□
Just finished my first practice exam for GCTI... No books, No index and failed with a 63%. So now to build my index which will be a full review of the books, and then take the second practice exam with the index to see where it needs tweaks and proceed to the actual exam.

Anyone see any flaws in this course of action?
"Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke

Comments

  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Nope pretty standard...I usually prefer to do my index before the first practice exam but especially if you have some prior exposure to the subjects I can see the argument.
  • jcundiffjcundiff Member Posts: 486 ■■■■□□□□□□
    TechGuru80 wrote: »
    Nope pretty standard...I usually prefer to do my index before the first practice exam but especially if you have some prior exposure to the subjects I can see the argument.

    Thats why I took it without the index, to gauge my actual knowledge from being in the space about 4 years :) I misread 3-4 questions not paying attention, so I should really be very close to the cut score without the books, made me feel pretty good :)
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
  • E Double UE Double U Member Posts: 2,228 ■■■■■■■■■■
    I don't see any flaws, but my approach is slightly different because I use the books and index on the first practice as well. Then I go through all of the material again while updating my index and take the second practice exam. I repeat this step again and sit for the real thing.

    I think you're in decent shape getting a 63% without using the material plus the misreading of questions.
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • rscrtrscrt Member Posts: 62 ■■□□□□□□□□
    sounds good. I failed first one with 67%, went quickly through the slides (during two evenings), wrote down a couple of things you need to memorize and did pass with 80%. No books or index used, I usually do not do the index thing.
  • cgrimaldocgrimaldo Member Posts: 439 ■■■■□□□□□□
    I like that approach - I may use that when I take the GCTI early next year.I'll be taking the course this September.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    jcundiff wrote: »
    Anyone see any flaws in this course of action?

    Since you only get two practice exams, EVER, I feel people should only use one when they completed their index and feel ready to take the exam. If you don't do well you can tweak your index and study what your weak on, before taking the second one, before going for the actual exam. I base my position on A. Only two practice tests (you can purchase more, but what I hear, they tend to duplicate questions you already been exposed to, so they are very limited value) and B. It's a frigging expensive exam.

    If this was a $250 Cisco exam I wouldn't be quite as cautious, Flunking this exam and not getting reimbursed by your employer, is a serious hardship to some people. Can't say I ever understood the "challenging youself" attitude. If you challenge yourself and fail, it's going to be an expensive lesson.
    Still searching for the corner in a round room.
  • Randy_RandersonRandy_Randerson Member Posts: 115 ■■■□□□□□□□
    TechGromit wrote: »
    Since you only get two practice exams, EVER, I feel people should only use one when they completed their index and feel ready to take the exam. If you don't do well you can tweak your index and study what your weak on, before taking the second one, before going for the actual exam. I base my position on A. Only two practice tests (you can purchase more, but what I hear, they tend to duplicate questions you already been exposed to, so they are very limited value) and B. It's a frigging expensive exam.

    If this was a $250 Cisco exam I wouldn't be quite as cautious, Flunking this exam and not getting reimbursed by your employer, is a serious hardship to some people. Can't say I ever understood the "challenging youself" attitude. If you challenge yourself and fail, it's going to be an expensive lesson.

    You can buy more. https://www.giac.org/exams/preparation . Click on the Register button. $146/ea for however more you want. The main reason they don't give you more than 2 is it detracts from people just trying to memorize those questions and answers. While you may see those answers on the real exam, it is extremely unlikely you'll see the same question.

    But ya, I don't think there is any of their certs with exception to GCFE I would ever attempt blindly. Just me though.
  • vynxvynx Member Posts: 153 ■■□□□□□□□□
    it is possible to get GCTI certification without take course? if yes any preparation material need to read ?
  • _nessie__nessie_ Member Posts: 39 ■■■□□□□□□□
    vynx wrote: »
    it is possible to get GCTI certification without take course? if yes any preparation material need to read ?

    You sure can take an exam without taking a course. SANS and GIAC are actually two seperate entities. Also, if you look at the GIAC page of the GCTI, https://www.giac.org/certification/cyber-threat-intelligence-gcti, they clearly state
    *No Specific training is required for any GIAC certification. There are many sources of information available regarding the certification objectives' knowledge areas. Practical experience is an option; there are also numerous books on the market covering Computer Information Security. Another option is any relevant courses from training providers, including SANS.*

    As for the materials, following topics are tested:

    - Analysis of Intelligence
    The candidate will demonstrate an understanding of the techniques employed in analyzing information. The candidate will also demonstrate an understanding obstacles to accurate analysis, such as fallacies and bias, and how to recognize and avoid them.
    - Campaigns and Attribution
    The candidate will demonstrate an understanding of identifying and profiling intrusion characteristics and external intelligence into campaigns. The candidate will demonstrate an understanding of the importance of attribution and the factors that are considered when making an attribution.
    - Collecting and Storing Data Sets
    The candidate will demonstrate an understanding of collecting and storing data from collection sources such as threat feeds, domains, TLS certificates, and internal sources.
    - Intelligence Application
    The candidate will demonstrate an understanding of the practical application of gathering, analyzing, and using intelligence. Additionally, the candidate will demonstrate an understanding of how well-known cyber attacks can inform cyber intelligence professionals today.
    - Intelligence Fundamentals
    The candidate will demonstrate an understanding of fundamental cyber threat intelligence definitions and concepts. The candidate will also demonstrate a basic working knowledge of technologies that provide intelligence analysts with data, such as network indicators, log repositories, and forensics tools.
    - Kill Chain, Diamond Model, and Courses of Action Matrix
    The candidate will demonstrate an understanding of the Kill Chain, Diamond Model, and Courses of Actions Matrix and how they are used together to analyze intrusions.
    - Malware as a Collection Source
    The candidate will demonstrate an understanding of malware analysis tools and techniques to derive intelligence.
    - Pivoting
    The candidate will demonstrate an understanding of pivoting to expand intelligence, pivot analysis, the ability to use link analysis tools, and ability perform domain analysis to expand intelligence collections.
    - Sharing Intelligence
    The candidate will demonstrate an understanding of methods and practices of storing intelligence from various sources. The candidate will demonstrate an understanding of the processes, tools, and techniques used in sharing intelligence. The candidate will demonstrate an understanding of effectively sharing tactical intelligence with executives by writing accurate and effective reports and using such capabilities as assessments.

    If you're looking for books, papers, go for (examples)
    Intelligence-Driven Incident Response: Outwitting the Adversary, Rebekah Brown and Scott J Roberts
    The Cyber Kill Chain of Lockheed Martin
    The diamond model from ThreatConnect
    Read through the threat intelligence papers on SANS
    Listen to Recorded Future podcasts/blogs
    Read through the APT notes

    good luck :)
  • _nessie__nessie_ Member Posts: 39 ■■■□□□□□□□
    TechGromit wrote: »
    Since you only get two practice exams, EVER, I feel people should only use one when they completed their index and feel ready to take the exam. If you don't do well you can tweak your index and study what your weak on, before taking the second one, before going for the actual exam. I base my position on A. Only two practice tests (you can purchase more, but what I hear, they tend to duplicate questions you already been exposed to, so they are very limited value) and B. It's a frigging expensive exam.

    I totally concur with that approach. Never failed me so far.
  • pcdoc826pcdoc826 Registered Users Posts: 2 ■■□□□□□□□□
    I failed the GCTI exam 3 times.  I am soured so much that I do not foresee taking it again.  I spent hundreds of hours reading, listening to the MP3's, going through the online slides - my index as approx 40 pages.  The cost of the exam and the course as well as the feeling that even though I have read the question and believe I understand what is being asked... I have doubt that the answer I have chosen is the correct answer.  My practice exam was a 79% and the exam results were 69%.   Even if you think you know it... go back and keep studying.  So disappointed.

  • bigdogzbigdogz Member Posts: 881 ■■■■■■■■□□
    As a general rule I create my index BEFORE I take the exam. I make multiple runs at my index to make my index and taking the exams more productive.
  • MrsWilliamsMrsWilliams Member Posts: 192 ■■■■□□□□□□
    pcdoc826 said:
    I failed the GCTI exam 3 times.  I am soured so much that I do not foresee taking it again.  I spent hundreds of hours reading, listening to the MP3's, going through the online slides - my index as approx 40 pages.  The cost of the exam and the course as well as the feeling that even though I have read the question and believe I understand what is being asked... I have doubt that the answer I have chosen is the correct answer.  My practice exam was a 79% and the exam results were 69%.   Even if you think you know it... go back and keep studying.  So disappointed.

    The last thing in the world that I am going to do is log into this site and tell people I failed an exam. Something about my pride won't let me do it.

    BUT. 

    I commend you and thank you for coming forth and letting others know. What you did was, show people that even with an open book exam you/I/we can still fail the exam. The exam being open book doesn't take away from the difficulty. With the prices of the exam, the last thing most people want to do is purchase a retake. 

    Everyone has a way THEY prefer to study the materials prior to THEM taking the exam. What works for them, works for them. It's been multiple ways people have used that are scattered 30 places on the internet and some here (which probably originated from the internet). What people AlWaYs leave out is, are they working in the field. Did experience come into play. Which exam attempt are they on. If I am taking an exam on SOC operations and I've been working in a SOC for 70 years, I am sure I'll see questions that I know on the exam. 

    I hope that you are able to bounce back and tackle the exam with a passing score. All of the practice test questions are a false sense of comfort and exam readiness. I don't see a difference between taking them and not taking them. People have passed the practice tests and turned around and failed the real exam. So, don't be fooled. 

    Are you going to attempt it a 4th time?

    I wish you the best of luck 
  • pcdoc826pcdoc826 Registered Users Posts: 2 ■■□□□□□□□□
    Thank you Mrs. Williams.  Yes, I knew putting this here was something not many do.  I wanted anyone that has failed to know that some of us fail until you are forced to wait a year.  If others can learn from what I posted, than my purpose behind the post was successful.

    At this point I don't think I will.  I have the knowledge that I use every day, I am a poor test taker... I wanted so badly to have those letters behind my name, but I have the knowledge and that will carry me further.

    Thank you for the positive words.
Sign In or Register to comment.