First GIAC Certification Attempt

I passed my first GIAC certification attempt yesterday.

I can't disclose specific questions from the exam, but I can give a few tips.

I did work-study.  I got the OnDemand bundle.  I highly recommend going this route if you can.  It is less expensive.  During class, since the days are so long, you will notice that towards the end of the day, when you're tired, your attention wanes during the more difficult course material that is covered near the end of the day.

Why take the live course then?  The instructor provides personal experience, real life examples, and you can ask them questions.  You can benefit from the questions/knowledge of your peers as well.  They often ask questions that you didn't know that you had until they asked them.  You also have networking opportunities with your other peers and during the vendor expos.

The OnDemand bundle is important because if you miss anything during the course, you can listen to them at your own leisure.  You feel yourself getting tired, give yourself a break until the next day.  Also, the recordings are usually from a conference before the one that you attended, so you'll hear questions/answers from other classes.  You'll get different examples as well, that really help to re-enforce the concepts.  My instructor was excellent.  He added videos of himself doing each of the labs.  If you felt like something in the labs was unclear, these videos usually helped to make it clear.

Everyone saying to make an index are correct.  GIAC exams are open-book.  That doesn't make them easy.  I'm not going to say whether or not I felt that my GIAC exam was easy.  What I think is easy or difficult doesn't apply to everyone else.  We all have different levels of experience.  I don't want people to either have a false sense of security or to be intimidated by the exam.

As I mentioned before, Hacks4Pancakes has an excellent guide for indexing.  https://tisiphone.net/2015/08/18/giac-testing/  I suggest that you find as many examples of indexing as you can and modify them to suit your learning method.

My method is the following:

I open a spreadsheet while I'm reading the books.

I named the spreadsheet "SEC 301 Index".  In the first row, I merged and centered the columns that I would be working in, made the font a little bigger for this row, and named it, you guessed it, "SEC 301 Index".

In the next row, I added the columns:  Topic, Book, Module, Page, Notes.  Most of these are self explanatory.

In the "Book" section-Some people mention adding colors to differentiate each book.  I didn't add colors in my index for the different books.  That's personal preference.  I find the colors distracting.  However, if there were full page examples in the books, I highlighted that line yellow in my slide sheet, as a cue to look at that page if I needed an example.  For instance, like a page with the TCP header info and descriptions about what each part of the header was for.  There are cheat sheets for the headers, so you may consider taking those.  Just remember, if they are separate pages, and they fall out, you are out of luck.

In the "Module" section-I've only seen one set of SANS books, and it did have modules.  Other people have mentioned that their SANS books have different modules.  The modules will usually have objectives and titles like "Introduction to Networking".  Then the next section would be like "Networking Hardware".  Just separate the books up into sections covering different subjects, logically.  (A couple of places, I added my own sections because they were placed as part of one module, but it spanned 100 pages-the point is to help you find things.)  I put dividers in these different areas to make it easier to find things if I need to look through the books.  Instead of having to look through a whole 173 page book, I'd have to look through a 20 page section, for example.

In the "Notes" section-I put anything that I think that may be important to remember-bullet points, lists, major points on each page.  My reasoning behind this is that these are timed exams.  It will make the index longer, but it's worth it.  You can spend a lot of time looking through multiple books about a subject, or you can have it in your index-one book to look through.  Usually, anything that I needed to find was in my index.

I would label different types of firewalls, for example, "Firewall, Stateful Inspection", "Firewall, Proxy".  The reason being is that so if I needed to compare different types of firewalls, they were in the same place in the index.

If I had a subject with multiple names, i.e., "IP Address", "Internet Protocol Address", I would add both names.  During a test, you will get nervous, and you may not remember exactly which name you put the subject under, so having multiple names for the same subject may help.

If I had any stages, lists, steps... I put those in my index, as well as in a separate section at the end.  I put a divider between the index and these pages.  If, for some reason, I forgot to print the separate pages, it's still in my index.  I had the separate pages with the steps so that I didn't have to look through 50 pages of index to find out the different steps.  I also put what happened in each of the steps, so I ddin't have to consult the books to find stuff.  I plan on taking other exams.  I think that I'll make a separate, alphabetically sorted section for tools, in an exam that covers certain tools, for example.  Another one for commands, and common flags.  I will put dividers between each of these sections as well.

I do the index before listening to the OnDemand content.  While listening to the OnDemand content, I have my spreadsheet open, and my book open to the place in the OnDemand course.  That way, if I have any typos, I can see them while looking at the spreadsheet, and correct them.  If I missed some information the spreadsheet is open so that I can note it.  I do not sort my index until I've watched all of the OnDemand and made sure that there are not typos.  That way, my index is in book/module/page order and correcting it is easier.

I sorted my index, alphabetically, by topic.  I didn't get the alphabet tabs, but I think that others should.  Looking back on my attempt.  I think that those would have helped.

I don't hand-write my tabs for the index/books-I have a label template that I have in Word where I can type the labels, and then print them out.  I use plastic dividers.  (My handwriting isn't the best when I'm in a hurry.  I want them to be legible and neat.)  I need to find dividers that are for spiral binders.  If anyone knows of dividers like these, please send me the info about it in the comments.  Mine didn't exactly fit, so they were just barely sitting in there.  If the books were dropped, they would have fallen out.

People say to get your index professionally bound.  That's personal preference.  I simply printed mine double sided, and hole punched and placed them in a binder.  I find that flipping through a binder is easier than trying to flip through those spiral bound pages.

It's tempting, not to take your books, if you make the index in this way, however, you will not find all the important stuff.  Take the books just in case.

Good luck to anyone attempting any certification exams!