If available, get a keyword index, or create one with details as a study tool. I love the side benefit of having it index things across multiple courses. Thank you for sharing your tips! So that’s what I ended up with, 3 pages. My recent indexes have been 8-12 pages of indexed book content then some extras (common ports, tool cheat sheets etc). The GCFA is a tough exam and one I’ve very proud to have passed. They won’t hurt to take in but recent course books combined with a detailed index should be more than sufficient. SANS 504 book index. When someone fails, they always say they ran out of time. I don't think it comprehensive enough or a reason not to make an index yourself. I was starting to go through the books and adding their own tabs, but it struck me this it isn’t very helpful for finding items, especially under exam conditions. Second thing is : have your index (SANS FOR508 books). Are you ready to crush the Hacker Tools, Techniques, Exploits and Incident Handling and get certified? If you’ve taken a few GIAC tests and have had good results, then by all means keep doing what you’re doing. GIAC exam (obviously, being certified and depending on score eligible to Sans Advisory Board and Mentor Program I will discuss later.) They say the index should be “not too granular, but not too general” and 2-3 pages total. NOTE: I am unable to provide copies of this index so please do not ask. Hello all... long time reader, first time poster. Pingback: 504 Quick links – CalmDownPony! Building an index for SANS is part of the whole experience for me and gives me another opportunity to go over the material. Highlighted important facts, tools, and terms. I’m having a hard time deciding what goes where. Start studying SANS 504. I’ve used Chris Crowley’s script for generating an index for several of them and found it helpful. On the basic it course part, basic to one person may very well be advanced to the person sitting next to them I know things that would seem basic now would have looked like a foreign language when I started down this road two years ago. Assuming you took the class in person and have the courseware then I'd say the index included in the last book is good enough. It should also be noted that when I took SANS 504, the instructor actually gives links to unvetted SANS 504 indexes by previous students. So whether you used my index system or somebody else’s, let’s recap. My index had the following columns: Too bad I can’t attach the index here as an example. I followed up with a question on how he formatted his indexes and he offered to have his wife bring one of his when she came into town the next day. I’m glad you found it helpful . Thanks buddy I had to move the test to July but this gives me some time to tune my indexes. You’re last paragraph made me chuckle. The tool index is huge as it turns any tools based questions into freebies. Probably, but I’m so far from being a super genius that I needed all the help I can get. Great advice too. Index - Terms By Keyword (SANS 504-B) /dev/kmem | Kernel-Mode Rootkit Linux map of Kernel Memory. %PDF-1.5 Commands Index: 504 - Hacker Tools, Techniques, Exploits, and Incident Response: 2016: Hail Mary (All-in-1 mash up) 504 - Hacker Tools, Techniques, Exploits, and Incident Response: 2016: IR Phases Cheat Sheet: 560 - Network Penetration Testing and Ethical Hacking: 2017: Key Word Index This video will outline many of the features and benefits of SANS OnDemand, our battle-tested online platform that offers 4 months of anytime, anywhere access. Conrad and Cole talk about that a lot in the SANS CISSP prep course. The structure of the material in 504 makes it really easy to look stuff up. I 100% agree about needing to read the books and understand them in conjunction with an index. Congrats on the pass!!! I also recommend a short tools index, took cheat sheets, misc for quick wins on answers. Then taking a practice test, not for a score, but to validate understanding of the concepts, and the ability find the details with the index. I really appreciate you sharing images – well done with your passing score! Could you recommend this methodto prepare for the GCFA exam? 5 0 obj All stuff you would normally be fine without but after taking the GSEC, CISSP and GISP in a two-three month period my brain now fries early in the test process . I think they provide an "index" to show a sample of how you could design one. I am finishing up SANS 504 On Demand and am prepairing to take the GCIH. You’ll be glad you did for many reasons. At that point you should feel good. I’m working on my SANS 401 index while going back and reviewing the material and I thought my index was going to end up way to big and detailed and be rendered useless but it sounds like I’m on the right track! That means knowing the majority of SEC504 content is required because they test randomly on the many subjects available. Our SANS SEC504 exam material is good to pass the exam within a week. Remember that your index can include anything. SEC 504 itself. endobj 3 0 obj No 3 hole punch needed!!! SEC 505 isn’t on the top of my to-do list but it is on there. SANS classes are great. Password Guessing: use a valid ID and try a list of passwords, no brute force, slow Page 6 3. Pingback: Tips, Tricks, and Traps When Prepping for a GIAC Certification Exam – Br0nw3n's World, Pingback: GIAC Certified Incident Handler (GCIH) – @n3tl0kr, Pingback: SEC560 penetration testing course and GPEN review - chosenhacks.com, Your email address will not be published. Even after double exposure from two of the best instructors in the world that third exposure to the material (from the books) really helped solidify a few of the concepts. Index - Terms By Keyword (SANS 504-B) Attack Phase | 3 Phases of an Attack [ 1 / 20 ] Command Shell .vs Terminal | Ctrl Charactors are not handled correctly -- Cause Shell Collapse [ 3 / 150 ] Command Shell .vs Terminal Access | General Overview [ 3 / 149 ] Enum Accounts | Enum Syntax [ 2 / 159 ] Enum Accounts | Enum tool - Usage [ 2 / 166 ] For example, “503.1”, “503.2 + 503.3”, etc. Putting together a comprehensive index proved to be an incredible time investment but as I was going book by book putting it together I was also learning. Tracked down your SANS course tool and software cheat sheets! My index ended up being 31 pages I created plus a few pages I copied (IvP4 breakdown etc. He said that whatever course/book you’re going to use to study (I used the SANS 414 and Eric Conrad’s book) go through that then instead of spending time studying other resources start doing as many practice exams as you can. Thanks for the review and suggestive comments on preparing an index for GIAC certifications, preparing to take SEC505 in the upcoming week with a prepared index of around 40 pages. It worked great for me, I looked up many (probably more than half) answers in the books during the exam, mostly for verification. I’m kind of sloppy and would not want to attempt to three-hole punch everything and place into a binder, so a binding from a print shop would probably be best and look better. https://www.giac.org/certification/certified-incident-handler-gcih I’ve talked with Chris about his script before. I’ve never had an issue with that on the SANS test but that was huge for me with the CISSP since sometimes I disagreed with all four options. When I’m going through books I think of of a guy I know who is kinda tech savvy but not an infosec guy at all. Vendor: SANS; Exam Questions: 328; Last Updated: November 14th, 2020; Go To SEC504 Questions . View Notes - 2016 504 Key-word Index.pdf from SANS 504 at SANS Technology Institute. Thanks! My created content was broken down into two big sections (main and tools) and two small sections (windows commands and Linux commands). GIAC exam (obviously, being certified and depending on score eligible to Sans Advisory Board and Mentor Program I will discuss later.) I ended up getting a 94 on my GCIH exam which I was obviously thrilled with and I think the index (both preparation and usage) was a big reason why. All that said I usually get at least one message a week from someone telling me that my example and explanation really helped them with theirs and that is exactly what I was going for. You need to get familiar with the books by reading them, then create a basic index, oh and good luck. Thank you very much for posting your ideas. At some times I ended up answering some questions without checking the Index, I actually knew where the stuff was located. When I took my GCFA my books were four years out of date so I took in my course books, some cheat sheets (log2timeline etc. This being my first GIAC exam I would highly recommend doing this for ALL exams and plan to going forward. In short, 560 covers penetration testing and ethical hacking, while 504 addresses incident handling. I am a CISSP, still valid, but left the technical field a few years back. thank you very much for your tips and help. One thing you will need though, any "**** Sheets" they provide. Inceident Handling (Definition) Incident Handling Action Plan Initial 1 Initial 2 BK JU 1 1 RA Intellectual If you understand the concept, find the detail with concept index. Index - Tools By Keyword (SANS 504-B) DNS Transfer | nslookup set type=any ls-d...( 2 / 25 ) Dnscat | ports over DNS...( 3 / 7 ) DNSCat2 | Covert Ch trans via DNS...( 5 / 136 ) Sometimes you won’t like any of your options but you still need to identify the one that the test is looking for. Required fields are marked *. Your allowed to bring any printed material you wish into the exam but the exam questions will be based off content in the course ware books so those will be the one’s that you’ll want to reference an overwhelming majority of the time. Can you suggest some books in market or other resources for GCFA. Step 6: Take practice exams (see below). I did this exact same thing for my 504 class! I just got home from the 408 course down in VA Beach. Also, the GMON is a new certification, thus I have not heard how difficult it is from anyone yet. I took the SANS FOR 508 Computer Forensics course in 2008. And as mentioned, with the certification attempt, you’ll receive two practice tests to gauge your readiness for the real thing. Thanks man I appreciate you being honest about how you prepared. An index can’t be a crutch for not understanding the material, just a quick reference for verification. I really wanted to prepare for my GCIH exam the right way so while I was at the conference I asked several individuals how they prepared their index. This means that they don’t understand the concepts, and look up keywords only to run out of time. For the first course, I relied more on SANS index and barely made any edits. Do the instructor provide you with specific books to study for the certification during the course or you need to look for the material yourself? Overall I'm not a huge fan of the SANS style brain dump/fire hose approach but if you are going to do it then indexing the text is a great way to reinforce the material. This is all to focus,and save valuable time in a test. Gcih - sans 504. laughing_man Member Posts: 84 November 2013 in GIAC. I had four year old material from a course that had been completely revamped and no index. I’ve passed every single GIAC cert I’ve taken. Password Representations are stored hashed or encrypted passwords.Windows = SAM Linux = /etc/shadow 2. SANS course I cant afford . Index. I don’t think it would be possible to complete an exam if you were looking up each question. Every SANS class I’ve ever taken has 100% rewarded the hours I spent studying and making a detailed index. I only used the books from the SEC511 course. Harlan Carvey’s books on Windows operating systems and the new “Art of Memory Forensics” book by the Volatility devs are must owns. SEC 504 is a very popular SANS … I have linked as many as I am aware of below. I got some great advice recently on creating an index for SANS exams and I wanted to write a blog post to share it with others. Quite frankly, i probably spent as much time editing the index than i would have if i created from scratch. I haven’t had a chance to read “Network Forensics: Tracking Hackers through Cyberspace” yet but I’ve heard good things from people who do that style of work daily.