The Certification Exam Index¶
What is it?¶
Well first, it's not rocket science. Certification exams like the ones required for Global Information Assurance Certification (GIAC), are open notes. As with any open notes exam, the information you are expected to be able to answer is so broad that merely having access to the information in paper form isn't enough. No electronics are allowed so having a method for how you will find the information you need quickly and being quite comfy with that method will be key.
Approaches to Making an Index¶
There are numerous blogs out there that provide insights as to what worked for different exam takers. Some rely heavily on having a short concise index with references to which books/pages will have the answers. Others find it more helpful to put copious amounts of content into the index itself so as to avoid a second look-up in one of the course books. Color-coding your index is often advised. Some spend extra on binding their index while others simply go in with a stack of papers. Working on what is now my third index, I decided it might be worth documenting my approach and why it works for me.
My Approach¶
My draft index starts with notes as I go through the lectures as well as attention given to each quiz I take. For the SANS On-Demand courses, every question's answer indicates on which page the information can be found so if I get the question wrong, I am noting the question, the answer, and the referenced pages. Almost any time there are charts, I'm noting them to decide later if they belong in the index. The quiz questions asked are from a larger bank of questions so if you go through the questions again, you will see some new questions you did not previously see. This act of documenting everything is not to memorize quiz answers, but to become more familiar with the content. The act of making the index, for me, is a form of studying that not only benefits me in learning the content, but also means I become more intimately familiar with the index. Once I've gone through the entire course, I go back and modify the notes/questions I'd noted to actually create the content that belongs in the index.
SANS offers two practice exams. I take one, note my weak points, and adjust my index accordingly. I also go back through the index to ensure that what I thought was important still seems important. Sometimes what I initially thought would need to be documented ends up being unnecessary once I complete the coursework.
With these adjustments, I take the second practice exam the following week. I make the last minute changes and then have the index bound.
Different courses can necessitate different index organization. Here are some thoughts on the ones I've taken thus far.
GCIH¶
This exam was four hours long and covered a wide array of content that focused on both the defensive and offensive aspects of incidents.
Things I wish I'd done differently:¶
- Bind it. I had a stack of papers and there was no desk space for anything.
- Add alphabetized tabs.
Things I am really glad I did:¶
- Color-coding.
- Duplication of content based on how I thought a question might be asked in different ways. For example, if a question asks about psexec, will I remember to look under "S" for SMB? I may not! So I put it in both the "S" section and the "P" sections.
- Index Columns
- Book.Page
- Broadest topic in the content covers (typically which portion of the attack or incident response phase) and then the more specific topic.
- A description of whatever I thought would be most helpful in answering a question on that topic.
- Code snippets were in monospace font.
GCFE¶
This exam was three hours and covered many nitty-gritty details of Windows forensic analysis. My approach to this index was slightly different in that I wanted a resource I would refer back to over and over well after the exam. Having a 40-page spiral-bound booklet with alphabetized tabs that I can easily thumb through to find a forgotten filepath or registry hive has come in super handy.
Things I paid particular attention to:¶
- The DFIR poster they give you with the course! I used this as my jump point for my broad categories in column 2.
- I color-coded the first two column backgrounds based on the book and then the broad topic category.
- I also bolded and changed colors of fonts in the description of things to call my attention to the most important part of the description so that I could include more content, but not get lost in it. This ended up being more helpful.
GCLD¶
This exam was two hours and covered knowledge on both cloud environments, in general, as well as the specific cloud environments for AWS, Azure, and GCP. I used much of the same approach as GCIH and GCFE (combined), but I opted to not color-code the second column so I could use color-coding in a different way. I decided to stick with the spiral-binding and tabs since it ended up being much quicker during the exam.
Specifically helpful for this exam:¶
- Color-code the Cloud Vendors and their native tooles, features, or services:
- AWS, red
- Azure, blue
- GCP, green
- Avoid using vendor colors anywhere else
A Word on Testing Centers¶
Book early and call the testing center beforehand to ask a couple of questions:
- Do you have desks with space for several books? Is it possible to ensure I will be scheduled for one of those specific desks?
- Other test takers may find page-flipping distracting if I am in the same room with them (I may find others' page-flipping distracting); do you schedule open-book exam takers in a private room?
If you feel comfortable with downloading the applications required for monitoring for the remote option, the ease with which that can be scheduled is night/day when compared to the limited availability at a testing center. While this isn't for everyone, the upside is clear if you have a quiet office available to you at home with sufficient desk space and a reliable wired or WiFi internet connection.
I had a need to move a test date earlier and realized I begrudgingly had to consider using the at-home option. I was pleasantly surprised at both the availability of times and dates as well as how much I liked being able to control the simplest of things that made testing more comfortable: desk space, room temperature, noise, etc.