+ Reply to Thread
Results 1 to 10 of 10
  1. Junior Member Registered Member
    Join Date
    Jun 2015
    Location
    BR
    Posts
    4

    Certifications
    OSCP, CEH
    #1

    Default I want to take GCIH without the course

    I did a research in this thread but it looks like almost everyone who took the certification went throught the material.
    But since my employer won't pay me for this and I have no money to buy the course, are there alternatives?

    Is there a book or material I can go through that will be enough to pass in the exam? I have a little experience with incident response already.

    Thanks!
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Feb 2016
    Posts
    148
    #2
    Quote Originally Posted by andrecvnt View Post
    I did a research in this thread but it looks like almost everyone who took the certification went throught the material.
    But since my employer won't pay me for this and I have no money to buy the course, are there alternatives?

    Is there a book or material I can go through that will be enough to pass in the exam? I have a little experience with incident response already.

    Thanks!
    I am 100% confident if you spend 45 seconds searching the threads you will find what people have used to pass the exam without the course material.

    It is not suggested but possible.

    Have a wonderful day.

    Thanks,

    GG
    Reply With Quote Quote  

  4. Junior Member al88's Avatar
    Join Date
    Sep 2015
    Location
    Dallas, TX
    Posts
    23

    Certifications
    GNFA, GCIH, Sec+
    #3
    Everything related to IR can be answered without books. Its the tools that kills .. just so many of them! Commands can be overwhelming a little too.

    I'd highly recommend taking the course, not to pass the cert only, but the experience is really worth it Especially if you take it with one of the lead instructors/authors.

    If you just taking the certificate it for a certain requirements.. I'd recommend looking for an alternative honestly.

    Good luck.

    PS: Work-study program costs as much as the certificate attempt.. except you attend the course, take it on-demand and attempt the certificate
    Reply With Quote Quote  

  5. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,689

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #4
    SEC504 is more about incident handling than incident response. If you're looking for response specifically, consider looking through the syllabus for FOR508 and FOR572.

    https://www.sans.org/course/advanced...nting-training
    https://www.sans.org/course/advanced...nsics-analysis

    That said, knowing the overall incident handling workflow is pretty fundamental. 504 packages the viewpoints of both defense, offense, and incident handling management aspects.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
    Reply With Quote Quote  

  6. Member
    Join Date
    Dec 2015
    Location
    McKinney, TX
    Posts
    47
    #5
    Quote Originally Posted by al88 View Post
    Everything related to IR can be answered without books. Its the tools that kills .. just so many of them! Commands can be overwhelming a little too.

    I'd highly recommend taking the course, not to pass the cert only, but the experience is really worth it Especially if you take it with one of the lead instructors/authors.

    If you just taking the certificate it for a certain requirements.. I'd recommend looking for an alternative honestly.

    Good luck.

    PS: Work-study program costs as much as the certificate attempt.. except you attend the course, take it on-demand and attempt the certificate
    Spot on. The tools are why it will be difficult (not impossible) to pass without the books. SANS courses/labs are packed with tools; and they are usually well represented on the exams. Work study may be your best bet.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    May 2006
    Posts
    2,071

    Certifications
    CISSP, CCSP, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #6
    I'm sure if you go through this list

    https://pen-testing.sans.org/resources/downloads

    you can then research and dive deeper on the tools, plus ypu can take all that use it as your index.
    Reply With Quote Quote  

  8. Senior Member Kasor's Avatar
    Join Date
    Jul 2003
    Location
    Statue of Liberty
    Posts
    902

    Certifications
    x^n
    #7
    I will not recommend. If you are experience incident handler, then you still need to read the book. You want to pass because the exam fee is pricey. You shall prepare yourself as much as possible.
    Kill All Suffer T "o" ReBorn
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Apr 2014
    Posts
    155
    #8
    Work study is far and away the best option as it’s less expensive than the voucher alone.
    Reply With Quote Quote  

  10. Completely Clueless TechGromit's Avatar
    Join Date
    Oct 2015
    Location
    Galloway, NJ
    Posts
    1,436

    Certifications
    A+, Network +, GSEC, GCIH, GREM, Lunatic+
    #9
    Quote Originally Posted by andrecvnt View Post
    Is there a book or material I can go through that will be enough to pass in the exam? I have a little experience with incident response already.
    Best answer I can provide is find someone who recently took the GCIH exam and is willing to share their index with you. Use the index to study what topics you need to know for the exam. Ideally an index that has topic, book, pages and short definition of the topic, as well as detailed as possible. I've seen indexes that were only a few hundred entries long and others thousands of entries. You want the most detailed index possible as reference material. While the book and Page information is useless to you without the books, the topic and definition is very valuable information. I also would not rely on someone's index for the exam, use the index as a blueprint what topics you need to be knowledgeable on.
    Last edited by TechGromit; 12-29-2017 at 04:21 PM.
    Still searching for the corner in a round room.
    Reply With Quote Quote  

  11. Senior Member yoba222's Avatar
    Join Date
    Jun 2013
    Posts
    499

    Certifications
    LFCS, GCIH, eJPT, CCNA, CAPM, Trifecta
    #10
    You'd really need the official course books. Technically it's against the agreement to sell/give away the books to someone. But it's not against the agreement to buy them. I've seen them on eBay before.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks