+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 29

Thread: Fail GCIH

  1. Junior Member Registered Member
    Join Date
    Dec 2017
    Posts
    3
    #1

    Default Fail GCIH

    Hi guys,

    I took two exams and failed both of them. the first score is 67% and the second is 70%. This would be the last time I can take before I can take again (provided I failed again the third time round). I took the practice test and pass with a score of 80%. The practice test and the exam is doesn't seem much related to the exam.

    Here's what I've done so far
    1) Create index
    2) Went thru ondemand course twice
    3) Flip the book (Just digusting important key words but not reading)
    4) Didn't listen to the mp3s

    How can I improve my scores? I know I had to read the book sooner or later. Any tips and advise, please? Thank you
    Reply With Quote Quote  

  2. SS
  3. Member
    Join Date
    Sep 2015
    Location
    Dallas, TX
    Posts
    60

    Certifications
    GCTI, GNFA, GCFA, GCIH, Sec+
    #2
    You have said it, read the book! I'm not sure how you created the index without reading it? If you using SANS index or someone's else then you doing it wrong.

    Plain and simple really. Good luck on the next one!
    Reply With Quote Quote  

  4. Junior Member Registered Member
    Join Date
    Dec 2017
    Posts
    3
    #3
    Lol. Well, I actually scan and read the top part of the section of the book and ignore those at the bottom details area and flip thru to create the index.

    Anyway thanks!
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Feb 2016
    Posts
    211
    #4
    Quote Originally Posted by methyl View Post
    Hi guys,

    I took two exams and failed both of them. the first score is 67% and the second is 70%. This would be the last time I can take before I can take again (provided I failed again the third time round). I took the practice test and pass with a score of 80%. The practice test and the exam is doesn't seem much related to the exam.

    Here's what I've done so far
    1) Create index
    2) Went thru ondemand course twice
    3) Flip the book (Just digusting important key words but not reading)
    4) Didn't listen to the mp3s

    How can I improve my scores? I know I had to read the book sooner or later. Any tips and advise, please? Thank you
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Feb 2016
    Posts
    211
    #5
    Quote Originally Posted by methyl View Post
    Lol. Well, I actually scan and read the top part of the section of the book and ignore those at the bottom details area and flip thru to create the index.

    Anyway thanks!


    I see the problem. No response needed ..

    I would highly suggest doing the opposite of what you mentioned Sir/Ma'am. That is my advice from multiple GIAC experiences.

    If not, you have 365 days to study for attempt number four.

    Good Luck!
    Last edited by GirlyGirl; 12-18-2017 at 09:09 AM.
    Reply With Quote Quote  

  7. Senior Member cyberguypr's Avatar
    Join Date
    May 2007
    Location
    Chicago, IL
    Posts
    6,310

    Certifications
    GCFE, GCED, GCIH, GSTRT, CISSP, CCSP, and others that should never be mentioned
    #6
    This makes zero sense: "This would be the last time I can take before I can take again".

    But anyway, as others said above, read the books!!! That's it. You need to make sure you understand every concept in detail. If something doesn't click go and research it. Care to post a pic/screenshot on the index you created? I have a feeling that could also be improved.
    Reply With Quote Quote  

  8. They are watching you NetworkNewb's Avatar
    Join Date
    Feb 2015
    Location
    Off the grid
    Posts
    2,985

    Certifications
    A+/Net+/Sec+, CCENT, CCNA:Sec, CCSK, GCIH
    #7
    All the answers are in the books and honestly there isn't that much material to read compared to almost every other cert exam. Not to mention it is open book exam. If someone fails this they know they didn't try very hard. Like you said, you didn't even read the material and got 80% on the practice test. They need to get rid of the "open book" part of this IMO.
    Reply With Quote Quote  

  9. Completely Clueless TechGromit's Avatar
    Join Date
    Oct 2015
    Location
    Ontario, NY
    Posts
    1,733

    Certifications
    A+, Network +, Sanity+ (Revoked), GSEC, GCIH, GREM
    #8
    Quote Originally Posted by methyl View Post
    2) Went thru ondemand course twice
    Just exactly what do you mean you "went thru" the course material twice? Did you follow along in the book and do the labs as the instructor lectured? Or did you stare glassed eyes as the instructor lectured, not paying attention? I can tell you from the Mp3's, it requires a lot of concentration to keep focus and absorb the material as the instructor is lectures. I sometimes have to stop, stand up, take an energy drink and repeat a section to make sure I fully absorbed the material, understood and completed the labs. In some ways the MP3's are better than when I took the course. I can pause the lecture, take my time doing the labs and try other approaches the instructor mentions. As well as explore some of the labs where there was not enough time to class to complete them. You obviously are not doing something right, if you properly prepare, I don't think the GIAC exams are too hard, but if you do not do the study and do what's required to learn the material, your going to fail.

    Quote Originally Posted by methyl View Post
    The practice test and the exam is doesn't seem much related to the exam.
    That hasn't been my experience, I scored a 80% on my second practice exam and got a 78% on the GCIH Certification exam.
    Last edited by TechGromit; 12-18-2017 at 02:47 PM.
    Still searching for the corner in a round room.
    Reply With Quote Quote  

  10. Senior Member yoba222's Avatar
    Join Date
    Jun 2013
    Posts
    832

    Certifications
    PenTest+, CySA+, LFCS, GCIH, eJPT, CCNA, CAPM, CompTIA Trifecta
    #9
    Quote Originally Posted by methyl View Post
    How can I improve my scores? I know I had to read the book sooner or later. Any tips and advise, please? Thank you
    1) Read the book
    2) Listen to the MP3s.

    I didn't make an index or even bring the books to the exam. But I read the books, cover-to-cover, twice. I also installed/played with every tool mentioned to the point where I could recognize a tool by its screen shot. I spent about 100 hours preparing for that exam.
    Last edited by yoba222; 12-18-2017 at 10:21 PM.
    Reply With Quote Quote  

  11. Junior Member
    Join Date
    Sep 2016
    Location
    Singapore
    Posts
    23

    Certifications
    GNFA,GCED,GCIH, ITIL v3
    #10
    Please read the books and not just flipping through. The OnDemand videos has better explanation by the author so you can focus on your weaknesses.

    Lastly, understanding the concept is key. It's not enough to memorize without understanding the content. I really hope you pass on your last attempt.
    Reply With Quote Quote  

  12. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,713

    Certifications
    CISM, GPEN, GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #11
    reiterating what everyone says...READ the books...

    not just read, but understand 100% of the topics. Don't skip a single topic

    Read something you understood 90% ..not enough..it has to be 100% understanding..if a topic sounds vague, read about it online...google it, ask questions in this forum


    Scanning and reading alone aren't enough, you need full understanding of each topic, only then you can make useful index and look for command options in books etc AFTER you understand what each topic really about
    Goal: MBA, March 2020
    Reply With Quote Quote  

  13. Member LWB250's Avatar
    Join Date
    Oct 2015
    Location
    Florida
    Posts
    50

    Certifications
    GCIH, GISP, GMON, A+, Security+, HP ExpertONE Accredited Platform Specialist – HP Desktops, Workstations and Notebooks
    #12
    Quote Originally Posted by NetworkNewb View Post
    All the answers are in the books and honestly there isn't that much material to read compared to almost every other cert exam. Not to mention it is open book exam. If someone fails this they know they didn't try very hard. Like you said, you didn't even read the material and got 80% on the practice test. They need to get rid of the "open book" part of this IMO.
    I disagree with this mindset strongly.

    I can't count the number of potential GIAC certification applicants who have asked me about the open book aspect of the certification exams. This is often a veiled effort on their part to determine if they can just go into an exam with the books and pass it.

    As a multiple GIAC certificate holder, I assure them that attempting to pass a GIAC certification exam by just using the books is an exercise in futility, and a very expensive one at that. I think we all know that even with a good handle on the material that the ability to reference it or looking for confirmation of terms/concepts by looking at the books is a necessity for passing the exams. I also emphasize that you must have an understanding of the concepts and how to apply them. You can't just read the material, walk into the test center and sit for the exam and expect to pass.
    Reply With Quote Quote  

  14. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,689

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #13
    GIAC tests are about methodology, data interpretation, using tools accordingly, and knowing how to apply skills in different respects for different situations. Unlike most vendor-centric exams, it's not just about tools. You need to fundamentally understand the material. You will not have enough time in the exam to flip through the books to figure out the right answer for every question.

    If you're solely relying on the books and/or an index to save you, you will fail ... and deservedly so.

    SANS courses are structured so you essentially go through the material several times, each time reinforcing it more. There's the first run through the class, then creating an index by reading through the books, then listening to the MP3s. If, after putting an honest effort into that routine, you're still not comfortable with the nuances of what's in the course, the material is either too advanced for your level of experience or you rushed through the course.

    The whole point of the exam is to test your comprehension of the material (and in theory being able to apply it in the real world), not just being awarded a four-letter badge. I sometimes see too much emphasis on the certification and less on building the skill.
    Reply With Quote Quote  

  15. Senior Member E Double U's Avatar
    Join Date
    Apr 2014
    Location
    The Netherlands
    Posts
    1,401

    Certifications
    CISSP, CISM, CISA, GPEN, GCIA, GCIH, C|EH, and more.
    #14
    Quote Originally Posted by methyl View Post
    I know I had to read the book sooner or later.
    LOL better sooner than later
    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
    Reply With Quote Quote  

  16. They are watching you NetworkNewb's Avatar
    Join Date
    Feb 2015
    Location
    Off the grid
    Posts
    2,985

    Certifications
    A+/Net+/Sec+, CCENT, CCNA:Sec, CCSK, GCIH
    #15
    Quote Originally Posted by LWB250 View Post
    You can't just read the material, walk into the test center and sit for the exam and expect to pass.
    I'll agree to disagree with this. If someone read the books and created their own index I find it would be hard to fail the test. At least the GCIH one... I admittedly looked up ALOT of the questions when I took my exam. It was a total crutch when I didn't know something. With a good index you can find things very quickly. And I don't think exams should take into account someone's ability to look things up at all. Just my 2 cents from my experience.
    Reply With Quote Quote  

  17. Queen Bee kiki162's Avatar
    Join Date
    Jan 2011
    Location
    Somewhere
    Posts
    625

    Certifications
    AWSx2, ISC2x2, CCSK, VCP6-DCV, MCSEx4, CompTIAx3
    #16
    Best thing I can recommend is having some experience with the material going into it. Create your own index as the material in the course index doesn't include ALL of the material that could potentially be on the exam. GIAC exams are REALLY GOOD for spreading topics out across multiple books, so it's not all going to be in one place. Another tip... Read through ALL of the books 3x times over. You will miss a lot of stuff just going through it once.

    Personally, GIAC exams are great if you soak up the material, have your employer pay for it, and have some knowledge of the material ahead of time. I think the price alone is a bit of a turn off. If you can get in on Work Study, do that!
    Reply With Quote Quote  

  18. Completely Clueless TechGromit's Avatar
    Join Date
    Oct 2015
    Location
    Ontario, NY
    Posts
    1,733

    Certifications
    A+, Network +, Sanity+ (Revoked), GSEC, GCIH, GREM
    #17
    Quote Originally Posted by kiki162 View Post
    I think the price alone is a bit of a turn off. If you can get in on Work Study, do that!
    While I'm not fan of the price, I think it prices out a lot of your competition in the marketplace. There's 150K Security+ certification holders and only around 35k GSEC certification and 30k GCIH certification holders.
    Still searching for the corner in a round room.
    Reply With Quote Quote  

  19. Member
    Join Date
    Sep 2017
    Location
    Some Continent
    Posts
    77

    Certifications
    Knowledge is Power
    #18
    Quote Originally Posted by NetworkNewb View Post
    I'll agree to disagree with this. If someone read the books and created their own index I find it would be hard to fail the test. At least the GCIH one... I admittedly looked up ALOT of the questions when I took my exam. It was a total crutch when I didn't know something. With a good index you can find things very quickly. And I don't think exams should take into account someone's ability to look things up at all. Just my 2 cents from my experience.
    I will apologize if this comes off terse, I do not mean any direct response to you in general. I think you have some very valid points that are up for discussion! But as you just said, the GCIH one...a course that is based on extremely broad material over the course of multiple facets of Incident Response -- which is having background in Pen Testing, Forensics and Reporting. For some, that material is HARD to know...but it is designed to be the baby steps into the realm of Purple Teams and helping the student decide if they want to do Red/Blue Team or DFIR. But if you think you can learn the material in like SEC660 (GXPN) or FOR610 (GREM) and go take that test without the books, you are sorely mistaken. Even OSCP and OSCE allow cert takers to use materials they have been provided. Teaching people to cram for a test (much like CompTIA or ISC2) does nothing to actually teach a candidate the material. it merely teaches them to regurgitate an answer, regardless of why that is. At the very least, a candidate who is taking GIAC has actually used hands on labs and understand what they are looking at.

    I've seen prospective new hires who have CompTIA's Trifecta of intro certs and CCENT and not even know how the interpret a tcpdump of a pcap file and tell me what is actually going on with the IPv4 or IPv6 traffic. That is a massive problem in this field right now. Get the certs you feel you need to succeed, but I hope you are actually learning what that cert is trying to hold you to, too.
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Dec 2017
    Posts
    113
    #19
    Quote Originally Posted by TechGromit View Post
    While I'm not fan of the price, I think it prices out a lot of your competition in the marketplace. There's 150K Security+ certification holders and only around 35k GSEC certification and 30k GCIH certification holders.

    I can't give you positive rep at this moment. I need 10 people to give TechGromit positive rep for me.

    Thanks in advance.

    Mr. John Doee (don't forget the e)
    Reply With Quote Quote  

  21. Netlurker cisco_trooper's Avatar
    Join Date
    Aug 2007
    Posts
    1,421

    Certifications
    CCNP Security, ASA Specialist, Firewall Security Specialist, IOS Security Specialist, IPS Specialist, VPN Security Specialist
    #20
    Quote Originally Posted by Randy_Randerson View Post
    ...but I hope you are actually learning what that cert is trying to hold you to, too.
    ^^THIS is what you SHOULD be after.
    Reply With Quote Quote  

  22. Member
    Join Date
    Jan 2014
    Posts
    39

    Certifications
    CISSP, eJPT, OSWP, GCIH, eNDP, GICSP, GPEN, GCTI, eCPPT, GCFA, eCTHP, GRID, GCFE, GCWN
    #21
    Seems like you lot scared the OP off ...
    Or he/she's finally reading the 'small prints' in the books and recreating the index ...
    Reply With Quote Quote  

  23. Member
    Join Date
    Jan 2014
    Posts
    39

    Certifications
    CISSP, eJPT, OSWP, GCIH, eNDP, GICSP, GPEN, GCTI, eCPPT, GCFA, eCTHP, GRID, GCFE, GCWN
    #22
    Quote Originally Posted by TechGromit View Post
    While I'm not fan of the price, I think it prices out a lot of your competition in the marketplace. There's 150K Security+ certification holders and only around 35k GSEC certification and 30k GCIH certification holders.
    Agreed, but as long there are HR-filters that require a (Comptia, anything you want)+ and don't know about G(IAC, anything else you want), people will acquire these certs and may stop there .. unfortunatly
    Reply With Quote Quote  

  24. Completely Clueless TechGromit's Avatar
    Join Date
    Oct 2015
    Location
    Ontario, NY
    Posts
    1,733

    Certifications
    A+, Network +, Sanity+ (Revoked), GSEC, GCIH, GREM
    #23
    Quote Originally Posted by cyberguypr View Post
    This makes zero sense: "This would be the last time I can take before I can take again".
    I believe GIAC only allows you to retake the exam three times, before you have to repeat the course before making another exam attempt.

    Quote Originally Posted by _nessie_ View Post
    Agreed, but as long there are HR-filters that require a (Comptia, anything you want)+ and don't know about G(IAC, anything else you want), people will acquire these certs and may stop there .. unfortunatly
    If a companies Cyber Security organization never heard of GIAC's, it's probably not an organization I'm interested in working for in the first place.
    Last edited by TechGromit; 01-28-2018 at 02:47 PM.
    Still searching for the corner in a round room.
    Reply With Quote Quote  

  25. Member
    Join Date
    Dec 2015
    Location
    Georgia,Tbilisi
    Posts
    71

    Certifications
    GCIH, OSCP
    #24
    I passed GCIH almost 2 years ago.

    YOU HAVE TO READ BOOK slowly.
    YOU HAVE TO WATCH AND TAKE NOTES WHILE LISTENING TO VIDEOS.

    combine above two. take notes,read book slowly and watch videos. But take notes! do practical exercises. There is no other way

    Sorry, I'm honest but failing at GCIH is shame. It is an easy exam. Nothing crazy stuff like OSCP for example. Just A,B,C,D,E answers(sometimes less)
    Reply With Quote Quote  

  26. Member
    Join Date
    Jan 2014
    Posts
    39

    Certifications
    CISSP, eJPT, OSWP, GCIH, eNDP, GICSP, GPEN, GCTI, eCPPT, GCFA, eCTHP, GRID, GCFE, GCWN
    #25
    Quote Originally Posted by Higgsx View Post
    It is an easy exam.
    I kind of agree with you, *IF* you do what you mentioned
    What I usually do: read book slowly, read again build index, don't forget the labs, do research on the tools that are mentioned (output they provide, possibilities and limitations of the tools ..)
    I usually fall asleep when watching videos .. happens to me when I'm in class as well ..
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks