+ Reply to Thread
Results 1 to 18 of 18
  1. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,356

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #1

    Default Passed GCFA without Index - Warning

    I'll keep this short and sweet I passed the GCFA with a score of 76% without an index, I relied on SANS own provided index in book 5.

    BIG MISTAKE

    Create your own index because during the exam I realised that the index provided by SANS doesn't include every keyword...something you might wanna do - specially for keywords YOU think are important.

    you don't have to make the index too complicated as some of the people on the Internet make it out to be..a simple keyword - page number is enough...if you have time you can add description to some words but I didn't find this to be important. Again if you have time go for it, otherwise it's better to have a keyword - page number than nothing like I did.

    This is my first SANS cert and I admit I didn't study for it optimally.


    I finished the exam in 2 hours so I had a whole hour to spare...In hindsight I think if I took the time and just cross checked with the books MAYBE my score would be better - who knows. I was just answering most questions from my own understanding rather than referring to the books (if that makes sense).


    The other mistake I made is that I didn't experiment with all the tools...trust me if a tool is mentioned (even once) in any book then its fair game.

    Just read the books (not just the slide, but the explanation in the pages), make sure you understand the WHY behind everything...read the books more than once, and actually do the labs. A lot of people ignore the labs, but I found that doing the labs will make sure you understand the concepts and you are more familiar with the tools. I say this as a UnixGuy who doesn't even use windows on desktop/laptop...this course is Windows based so I struggled with some windows background, I'd imagine Windows admins will have an easier time than me...but hey I passed.

    Apart from that, I'm really happy that I passed, and now I'll be better prepared for future SANS exams
    Last edited by UnixGuy; 10-02-2017 at 06:49 AM.
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member cyberguypr's Avatar
    Join Date
    May 2007
    Location
    Chicago, IL
    Posts
    5,819

    Certifications
    GCFE, GCED, GCIH, CISSP, CCSP, and others that should never be mentioned
    #2
    Congrats and thanks for the feedback. I keep getting worried about those "indexes" SANS is providing as they may be getting some a false sense of security.
    Reply With Quote Quote  

  4. Member
    Join Date
    Jun 2011
    Posts
    70

    Certifications
    GCFA, GCFE, GCIA, GICSP, and some other junk.
    #3
    Congratulations. This was a tough test even being open book. Any passing grade is a good grade!
    Reply With Quote Quote  

  5. Completely Clueless TechGromit's Avatar
    Join Date
    Oct 2015
    Location
    Galloway, NJ
    Posts
    1,338

    Certifications
    A+, Network +, GSEC, GCIH, Lunatic+
    #4
    Congratulations.

    Quote Originally Posted by UnixGuy View Post
    Create your own index because during the exam I realised that the index provided by SANS doesn't include every keyword...something you might wanna do - specially for keywords YOU think are important.
    It certainly doesn't help that what keywords they do include are referenced in the index in several locations, in some cases dozens. Anywhere the keyword is mentioned in the books is listed in the index, but only one location has the definition. In most cases the first index location will have the definition, but I've seen examples when they first mention a tool / concept and only provide a short description of it, and it's better defined / explained later in the books, with options and perimeters it has. And one thing I love about SANS exams they always seem to ask you what does XYZ command do with options –d –X /g does.

    I think they do a real disservice to students, giving them an index that is subpar. Either give a good complete index or don’t include one at all. I would be curious to see what the pass/fail rates are before and after they started providing indexes. I’m sure a lot of people say, hey it has a built in index, why should I create my own. I would think after a practice exam, you would see how crappy the SANS index is. On the other hand, maybe the practice exam questions are limited to information is are on the SANS index, giving you a false sense of security, so when you take the actual exam, your fooled into thinking the SANS index is useful.

    How did you do on your practice tests UnixGuy using the SANS index?
    Last edited by TechGromit; 10-02-2017 at 05:27 PM.
    Still searching for the corner in a round room.
    Reply With Quote Quote  

  6. Senior Member billyr2009's Avatar
    Join Date
    Apr 2012
    Location
    CA
    Posts
    118

    Certifications
    C|EH v7, ITIL v3, CISSP, GSNA, GCIH
    #5
    Congrats!
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Dec 2015
    Location
    McKinney, TX
    Posts
    25
    #6
    Interesting about the new indexes. I have recently talked to one of the technical directors at SANS, and my take away was that the new indexes were NOT a substitute for the student created exam index. More of a reference to use when studying. Not sure what the instructors are saying to the students about how to use them.
    Reply With Quote Quote  

  8. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,356

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #7
    Quote Originally Posted by TechGromit View Post
    ..

    How did you do on your practice tests UnixGuy using the SANS index?
    I got a fail of 68% first practice exam and 81% second practice test..I used SANS index few times but for the most part I was treating it like a closed book exam, I just didn't know what to expect to be honest. I used the SANS posters a lot (more than the books).

    Look you can pass using SANS index but my conclusion is Don't risk it!


    Last edited by UnixGuy; 10-02-2017 at 10:53 PM.
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  

  9. Junior Member
    Join Date
    Sep 2015
    Posts
    12

    Certifications
    GNFA, GCIH, Sec+
    #8
    Congratulations!

    I'd say the process of building an index is where the real benefit is, as you highlight those terms that you believe you will return to since you aren't fully sure you grasped them, forcing you to go over it multiple times.

    This is why using some's else index (even SANS's) wouldn't be huge help to you.

    That been said, I rarely refereed to my index for my two certs. heck, i had jumped directly to the right book and right chapter since I remember marking it there, thanks to the "process" of building the index.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Jan 2015
    Location
    Chicago, IL
    Posts
    975

    Certifications
    Too many MCPs and MCTS, MCSA: Security, MCSE: Security, MCSA: 2003, 2008, 2012, MCITP: EA, CISSP-ISSAP, SCS DLP, GREM
    #9
    Congratz!
    Reply With Quote Quote  

  11. Junior Member Registered Member
    Join Date
    Oct 2017
    Posts
    11
    #10
    Congratulations
    Reply With Quote Quote  

  12. Junior Member Registered Member
    Join Date
    Nov 2017
    Posts
    3
    #11
    Congrats! By any chance do you have an extra GCFA Practice Test to give away?
    Reply With Quote Quote  

  13. Completely Clueless TechGromit's Avatar
    Join Date
    Oct 2015
    Location
    Galloway, NJ
    Posts
    1,338

    Certifications
    A+, Network +, GSEC, GCIH, Lunatic+
    #12
    Quote Originally Posted by UnixGuy View Post
    Create your own index because during the exam I realized that the index provided by SANS doesn't include every keyword...something you might wanna do - specially for keywords YOU think are important.
    I'm working on improving my GREM index now, using the SANS index to make sure I didn't miss anything on my index listed on SANS index. What I'm finding is many of the items they listed on the SANS index, that are not on my index don't exist. I look at the book and page number referred to by SANS index and the item is no where to be found of the page. I checked all the references they listed. And it's not just an isolated case, I've half done and came across at least 15 items that the index refers to are not one the pages they indicate. Apparently they do a poor job of keeping it updated between book revisions.
    Still searching for the corner in a round room.
    Reply With Quote Quote  

  14. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,356

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #13
    @Bodyguard: unfortunately I used up all my practice tests (and some)!


    @TechGromit: I think you are right, I noticed there are mistakes in the index as well (I noticed them during the exam though lol). You look up the word and it doesn't exist within the page so the SANS index is outdated/unreliable.
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  

  15. Junior Member Registered Member
    Join Date
    Sep 2017
    Posts
    3
    #14
    Quote Originally Posted by cyberguypr View Post
    Congrats and thanks for the feedback. I keep getting worried about those "indexes" SANS is providing as they may be getting some a false sense of security.
    If you know how they are made, then you have a better understanding of WHY they are giving people a false sense of security. It is just pulling those indexes from a wordlist that is generated by someone at SANS. So it isn't going to get everything.

    The purpose of those indexes was to help people create their own by giving them a starting point. Frankly, I use it as a backup index in the event my own doesn't have question or term within it. I'm also sure some people were complaining they weren't getting something like that and the daunting task of making their own was too much work. Mine typically take between 8-12 hours just on the index piece alone. But I've never failed one of those tests yet.
    Reply With Quote Quote  

  16. Completely Clueless TechGromit's Avatar
    Join Date
    Oct 2015
    Location
    Galloway, NJ
    Posts
    1,338

    Certifications
    A+, Network +, GSEC, GCIH, Lunatic+
    #15
    Quote Originally Posted by Randy_Randerson View Post
    Frankly, I use it as a backup index in the event my own doesn't have question or term within it.
    Using the SANS index was of value to me, I came across 25 to 30 keywords that I overlooked on my Index and was in the SANS index (and was correctly referenced in the books), but I merged there index into mine, I'm not going to refer to two indexes during the exam.
    Still searching for the corner in a round room.
    Reply With Quote Quote  

  17. Junior Member Registered Member
    Join Date
    Sep 2017
    Posts
    3
    #16
    Quote Originally Posted by TechGromit View Post
    Using the SANS index was of value to me, I came across 25 to 30 keywords that I overlooked on my Index and was in the SANS index (and was correctly referenced in the books), but I merged there index into mine, I'm not going to refer to two indexes during the exam.
    We all have different study habits . My indexes are based on some of the other folks out there who basically build an additional book of information to consolidate things together as much as possible. Think back to classes like SEC504 where Nmap and Netcat are discussed in 4 books alone. My index had it all in one spot so when the question came up, I didn't have to dig to find the book with that specific syntax or output. They've ranged in size from 20 pages (GCFA) to 75 pages (GAWN). Get it bound at UPS or Kinkos and call it a day. All color coordinated and matches up perfectly with my own index and the SANS index in one shot.
    Reply With Quote Quote  

  18. Completely Clueless TechGromit's Avatar
    Join Date
    Oct 2015
    Location
    Galloway, NJ
    Posts
    1,338

    Certifications
    A+, Network +, GSEC, GCIH, Lunatic+
    #17
    Nice, I did build a separate index for all the programs from SANS 504, grouped by type, but two staples in the corner holds my indexes together, black and white only. I do print out the full man pages for programs the books spend some time on, for example there's more than a few pages on Volatility in SANS 610, chances are good there will be questions about it on the exam.
    Still searching for the corner in a round room.
    Reply With Quote Quote  

  19. Junior Member Registered Member
    Join Date
    Sep 2017
    Posts
    3
    #18
    Quote Originally Posted by TechGromit View Post
    Nice, I did build a separate index for all the programs from SANS 504, grouped by type, but two staples in the corner holds my indexes together, black and white only. I do print out the full man pages for programs the books spend some time on, for example there's more than a few pages on Volatility in SANS 610, chances are good there will be questions about it on the exam.
    Oh absolutely! I take all the cheat sheets they provide and put them into mine as well. There are PDFs on their website. So when I upload it to UPS they put it right in my index. So I don't have the cheat sheets all over the place or forget them because they fall out or something. The biggest benefit I can say I have with these indexes is they become a terrific resource later on when actually doing my job. I have everything that is pretty darn important already written down...and if I need to dig into the books the index is right there as a quick reference.

    Haven't taken 610, too afraid lol. I've seen a few peers take it and their heads look like they are ready to explode. I'm in 560 (GPEN) right now and after have 542 (GWAPT) to go.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks