It has been such a long time since my last post. I have been very busy. Last week I took GCIA exam and passed it. I thought I could share my experience. So far I took 3 exams from GIAC. Those are GCFA, GCIH and GCIA. GIAC certifications are very valuable certifications and it is always a plus to have them in your resume. Personally I value those certifications in the interviews I conduct.
GCIA exam was the hardest GIAC exam I had so far. If you want to pass this exam make sure you know followings:
- Snort (yes, lots of question about snort and they are very detailed.)
- Very deep level understanding of TCP/IP
- How to calculate ip header
- How to calculate tcp header
- How to calculate data in a packet
- Shortly interpreting hex
- SIEM tools
I didn’t have time to study but my experience in network forensics helped a lot to answer the questions in the test. Here some strategic test tips:
- You can skip 5 questions. If you want to go back and answer those questions you have to answer all 5, you cannot skip any other questions unless you answer those questions. My suggestion do not use skip questions option too quickly. I did that because I didn’t know that…
- Watch your progress in every 15 questions. GIAC tells you what percentage of questions you answer correctly in every 15 questions. Don’t stress out if you score very low, some questions hard some are very easy so you will have chances to increase your score later.
- If you don’t know the answer of an question, try to eliminate wrong answers in multiple choices.
- You have 240 minutes, it is more than enough, relax… If you think it is not enough for you to solve 150 questions, do not take this test. It is not for you.
- The test is not easy, study material or if you have experience use that. Some questions are directly related with giac material (testing your memory not really your knowledge i.e. some not popular command line options in snort) so knowing study materials will do better than trusting your experience in some questions. In real world you have google,yahoo,bing or man pages for command line options. I am not good for memorizing and don’t really think it is very important. IF you know how to get information then you’re good in real world. You don’t need to overload your memory with them. However in the test it is a different story.