Monday, June 22, 2009

GCIA exam Passed

The last Friday, I sat the GCIA exam, and passed (*crowd cheers wildly*). I offer the below observations for anyone running accross this post and looking for wisdom on this exam:

1) Either you know it or you don't! Have confidence in your answers so that you aren't second guessing yourself. As a perfectionist, and being competitive, I looked up EVERY answer for the first 100 questions. Out of this bunch, there was probably four that I really needed to look up. I missed 5 questions in the first 80, but was then rushing to complete the last 70 in little more than an hour...needless to say, the bulk of my wrong answers came at this point!!!

2) Manage your time wisely. Four hours goes by quickly if you do what I did in #1 above. I ended up not answering three questions due to time expiration!

3) Mark your books well...and study before the test, not at the test site. This goes along with numbers 1 and 2.

4) If you are a perfectionist, limit your options for "open book." Create notes on your weak areas and bring only those notes and corresponding (well-marked) books to the test table. If you are like me, then too many options to verify answers is only going to bog you down. (See #1, first sentence).

5) If the software is discussed in the book, or in the class, USE it, TEST, it, LIVE it, LEARN it! This was a big help to me as the questions regarding specific tools were the easist and the answers where right in the front of the cranial housing.

6) Have a good mentor. The mentor I had, [name withheld to protect his reputation :-)] did an excellent job with presenting the material and then took a lot of the topics a "step-further."


  1. Hi Dave!

    First of all, congratulations! I am GCUX (Gold) and I know how difficult SANS Certs are...

    BTW, I do not have any books to study for this cert, but I do well in Snort and TCPDump. What books or tutorials do you recommend?

    I do not have 2k dollars to pay for self study material, available at SANS Portal!


  2. know yer wireshark too!