+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 42
  1. Senior Member Agent47's Avatar
    Join Date
    Oct 2011
    Posts
    102

    Certifications
    Security +, CCNA
    #1

    Default Passed the GIAC G2700 Exam Today

    Went in this morning, took it and am finally glad I am finished. This means I can finally graduate from the MSISA program! Cause im feelin good today, I thought I would include somewhat of a blank index template. By no means is the format something to be restricted to but rather an idea of how to build your notes. I used the material that WGU provided and watched some of the CISSP learnkey vids. I also got alot of information from the free toolkit offered on iso27001security.com

    [DEAD LINKS DELETED]

    Hope this helps!

    Last edited by JDMurray; 12-31-2013 at 02:58 PM.
    Reply With Quote Quote  

  2. SS
  3. Member
    Join Date
    Mar 2013
    Location
    Prague, CZ
    Posts
    61

    Certifications
    GNFA, GCIA, SSCP, CSA+, Security+, CCNA (expired), several IBM certs
    #2
    Congrats! And thanks for the info
    Last edited by rscrt; 05-05-2013 at 10:22 AM. Reason: typo
    Reply With Quote Quote  

  4. Custom User Title Hypntick's Avatar
    Join Date
    Sep 2010
    Location
    Charlotte, NC
    Posts
    1,436

    Certifications
    N+, A+, S+, CCENT, P+, CSSA, Datto Tier 2, MCTS Win 7 Config, CEH, CHFI, G2700, FCNSA, MCSA: 2012
    #3
    Congrats on the pass! And congrats on the graduation!

    Appreciate the shares of the information as well. Did you use any particular books? I picked up the IT Governance book as well as a couple of the CISSP books in order to study for this thing, hope that's enough. Anything else you might suggest that helped you? Once again congrats!
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Oct 2012
    Location
    Arizona
    Posts
    113

    Certifications
    CISSP, GCFA, GPEN, GCIH, GCIA, GWAPT, GSEC, GCFE, CEH, CHFI, AS|PT
    #4
    Congrats on the pass!
    Reply With Quote Quote  

  6. Senior Member Agent47's Avatar
    Join Date
    Oct 2011
    Posts
    102

    Certifications
    Security +, CCNA
    #5
    Hi Everyone, thanks for your congrats and your welcome on the docs. It was hard for me at first to grasp how to start on this so I wanted to help others. It has definitely been a journey

    Here are the resources that I used for the most part:

    The Soomo learning environment through wgu which goes through each domain and tells you what chapters in the books to find the topics in or which videos to view from learnkey.

    IT Governance: An international guide to data security and IS027001/ISO 27002 (5thEd.) - ISBN:978-0749464851

    How to achieve 27001 certification: An example of applied compliance management - ISBN: 978-0849336485

    Official ISC2 Guide to the CISSP CBK - ISBN:978-0849317071

    The CISSP Learnkey Videos (to a lesser extent but I looked here and found extra info If I didn't find enough in the books)
    CISSP Operations Security
    CISSP Cryptography Session
    CISSP Physical (Environmental) Security

    (There were other videos but I did not go through them all)

    I also had the official 27001, 02 and 05 standards printed out. WGU offers this if you are enrolled.

    If anyone needing to take the exam isn't doing this through school, the free ISO toolkit will work just as well. That is what I started out with originally (doing research before I was enrolled in the class).

    You do not have to have every single document in this toolkit in your notes. Pick and choose based on the topic areas. So for example, you will need to know what an SOA is. You can find this in the toolkit and include if you like in your appendix.

    If you can get the books mentioned above as e-books it will be alot better mainly because you can "find" specific terms or information and copy them into your index. When I wanted to find a specific term when reading on books 24/7 I put "quotes" around them to make finding what I needed quick.


    For anyone who might be interested I will share what worked for me below.

    This is my first GIAC cert. When I first started, I was looking for information on how to study for this and mainly how others approached building exam ready notes. Good info was pretty scarce. I mean that as in even searching for GIAC G2700 study guide or study tips brought up BD websites and I hated it.

    This is my personal experience, do what is right for you.

    1. I went to the GIAC site to view a list of the exam objectives and the topics. Ensure your notes have it because YOU WILL be tested on it in the practice and/or real exam.

    2. I built the index/notes based on that list going domain by domain. (The the attached document above is an example)

    3. Develop your notes but don't make it too terribly dense. I used 1.5 spacing for better readability and calibri font.

    4. Build your index (i.e. get information from the books copy, paste or type it in) and study from that. Bringing a stack of books to the exam, meh not my thing. I wanted 1 binder with everything in one place.

    5. Wikipedia is your friend. Google too. I found some items hard to find in the resources available.

    6. The controls attachment is VERY important so include and read that. I highlighted the objectives to make finding items easier.

    7. Make it a goal that your actual index will be under 90-100 pages or less. Because I am a newb starting out, I needed more info than was probably necessary but preparation was the thing for me. The appendix doesn't really count throw what you want in there as they are supporting documents (glossary, standards, etc)

    Look, the standards are a ton of pages. Probably almost 240pgs alltogether (01, 02,05). I did not read through it all, but I did read the 27001. It was 30 something pages and I needed to understand this management standard.

    Just know how to navigate to find the information that you need.

    This is what my index looked like after I was done.

    I did have a TOC but the stickies will help in remembering where things are alot better because you have to sit and write it all out yay!

    All I wrote on the stickies were the titles or topics of the main sections like PDCA or InfoSec MGR Roles.
    photo.jpg

    The Exam Process:
    If you take the practice exam (you can either purchase from GIAC or it is supplied through wgu if your taking the class) yes it is true that the format of it is similar to the real exam. I personally thought the practice exam was more specific and the real one was like a little more broad in asking the question? Or rather you really need to look at the elements in the question and not think of the question directly (as in read through it once and assume an answer?).

    Anyways,

    I had 2 practice exams. The first one, was really a test run to get a feel for what I needed to expect. I did not do well on this as a result of alot of second guessing for whatever stupid reason. However it provided a great opportunity to improve my index and look up topics I had trouble with.

    The second practice test however, I blew it out of the water and took it 1 week prior to my exam date. You can do this when you feel comfortable.

    The actual exam. Whew ok.

    All I can say is this. You have checkpoints after answering a certain amount of questions, which after that will tell you your current percentage (whether or not you are passing). You need 70.7% from 75 questions.

    Do not panic if early on your percentage is below that. You still have many questions to go. Take advantage of your break (you have 15 min). I took the break around the 40th question and it really helped.

    You print your results from the SANS website on your own, request your plaque and there you go.

    Aaaaaaand thats all I got. Take it easy!
    Last edited by Agent47; 05-05-2013 at 09:04 PM.
    Reply With Quote Quote  

  7. Custom User Title Hypntick's Avatar
    Join Date
    Sep 2010
    Location
    Charlotte, NC
    Posts
    1,436

    Certifications
    N+, A+, S+, CCENT, P+, CSSA, Datto Tier 2, MCTS Win 7 Config, CEH, CHFI, G2700, FCNSA, MCSA: 2012
    #6
    Awesome breakdown of everything, just one other question if I may. How long from start to finish would you say it took to fully study, compile the index, and then sit the test? I am working with a timeframe of around 3.5 months and feel that it's probably overkill, but want to be certain.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Feb 2012
    Posts
    604
    #7
    <<sigh>> still not happy they got rid of this cert for new recruits.
    Reply With Quote Quote  

  9. Senior Member Agent47's Avatar
    Join Date
    Oct 2011
    Posts
    102

    Certifications
    Security +, CCNA
    #8
    Sure! Please feel free to ask any questions you have! In regards to your question Hypntick it took me around 2 months to gather everything up and study. One thing to remember is, everyone has their own study style. It might take you alot less than 3.5 months. Once you get into the material, you will know how long it takes you to complete information for each section. I had created some study guides a while back for my Security + exam which helped to speed up the process of adding the content I needed. Also, don't burn yourself out with this. There were days where it was getting close and I did absolutely nothing for the whole day (its how I deal ).

    Emerald_Octane yeah, there were quite a few certs they dropped it's unfortunate. They should drop the EC Council entirely, leave GIAC and add the CCNA and/or Microsoft certs because I think they hold more weight. Maybe its just the amount of time it takes to gain these certs? To be honest, this GIAC class was kinda nerve wracking in the beginning because I couldn't find anything on it like a step by step guide to putting notes together or the examples im sharing. I wasn't looking for an easy way out but rather something that would adequately prepare me for finding information quick. Alot of students may have voiced concern that maybe they don't have enough of what they need or that they would rather have official material which I think is about $3,500 from GIAC. I suppose they could make it optional? I dunno anyways with Cisco, Microsoft and whatever there are tons of resources many of which are free. At first I was trying to get out of taking this exam because I wasn't confident that the material would be enough. Im really glad that I didn't.
    Reply With Quote Quote  

  10. Senior Member Agent47's Avatar
    Join Date
    Oct 2011
    Posts
    102

    Certifications
    Security +, CCNA
    #9
    Example Giac Cert that they send in the mail if you get the plaque.
    giaccert.jpg
    Reply With Quote Quote  

  11. Custom User Title Hypntick's Avatar
    Join Date
    Sep 2010
    Location
    Charlotte, NC
    Posts
    1,436

    Certifications
    N+, A+, S+, CCENT, P+, CSSA, Datto Tier 2, MCTS Win 7 Config, CEH, CHFI, G2700, FCNSA, MCSA: 2012
    #10
    Ooooh that's sharp! Hope to have my own sometime in the next few months. Congrats again!
    Reply With Quote Quote  

  12. Senior Member Agent47's Avatar
    Join Date
    Oct 2011
    Posts
    102

    Certifications
    Security +, CCNA
    #11
    Thanks! You can do it!
    Reply With Quote Quote  

  13. EC Council #1 fan colemic's Avatar
    Join Date
    Apr 2010
    Location
    Tejas, Baby!
    Posts
    1,535

    Certifications
    CISSP, CISA, GIAC 2700, MCSE:Security, CEH, CHFI, CCNA:Security, CCENT, Sec+, Net+, ITIL v3 Foundations
    #12
    Agent47, thanks for posting you samples... i am a bit stuck though on one thing. In 27001:2005, you reference a 3-stage certification process, and so does the wikipedia article for 27001, but where, oh where in hell's bells is it in the standard??? I have almost convinced myself I am not looking at the right document. I have the docs from ANSI (courtesy of WGU) and I have read through most of it (since it's fairly short) and skimmed the rest multiple times, and I just don't see the external audit process covered anywhere. (Internal ISMS audits are covered in section 6.)


    I strongly suspect I am about to have to put my dunce cap on.
    Last edited by colemic; 05-30-2013 at 01:52 PM.
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Dec 2011
    Posts
    151

    Certifications
    MSc ISA, CISSP, CISM, MCITP:EA, CEH, CHFI, GIAC 2700, Sec+, Net+, Project+, A+, Strata Green IT
    #13
    Hey Colemic,

    Saw your PM and I just thought to post here as a pro bono of sort.

    The only three suggestions would add are:

    1) take every question seriously, but the first two dozens are more important. It's best if you're above 80% after the first check point (15 questions). Then again at the second check point. So time-wise, really give yourself enough room to get the right answers early on. Odds are against "catching up" if you're at the 60-questions mark (last check point) with the final 15 questions, and still below passing grade.

    2) Read everything the course mentor gave you, and know where to find it quickly. You do not have to memorize much, but you have to think like a super librarian. Also bring with you the CISSP Prep Guide by Ronald Krutz. The book had answers to several off-the-wall technical questions that I didn't encounter in my study.

    3) Join the private WGU MSc ISA google group and read all the lessons-learned from others.

    EDIT: The plaque was exactly as Agent posted; quite nice by itself. First thought when I opened the package was "so this was what they did with my money" =)
    Last edited by forestgiant; 05-31-2013 at 12:22 AM.
    Reply With Quote Quote  

  15. Senior Member Agent47's Avatar
    Join Date
    Oct 2011
    Posts
    102

    Certifications
    Security +, CCNA
    #14
    Hi Colemic,

    You're welcome. And no you don't need to put your dunce cap on. Watch, from doing all that reading, you will end up answering questions you didnt even know you knew the answer to.

    So If you are talking about the area that starts with:
    The ISO/IEC 27001 certification usually involves a three-stage external audit process:

    Stage 1 is a preliminary, informal review of the ISMS...........................

    This was simply some supporting information from wiki that I thought was interesting so I put it in my index. I think of this section as somewhat of a common starting approach amongst auditors of how they do external audits based on elements derived from the standard. Not so much that this section (mentioned above) is there word for word in the standards.

    Glad you tried to read up on it though haha Like I said, some of the things that I chose to include may not make sense at first but once you start developing the index you'll be like ooooooh ok that's what that's there.
    Reply With Quote Quote  

  16. Senior Member Agent47's Avatar
    Join Date
    Oct 2011
    Posts
    102

    Certifications
    Security +, CCNA
    #15
    Quote Originally Posted by forestgiant View Post
    EDIT: The plaque was exactly as Agent posted; quite nice by itself. First thought when I opened the package was "so this was what they did with my money" =)
    That's awesome.
    Reply With Quote Quote  

  17. Junior Member Registered Member
    Join Date
    May 2012
    Location
    Mars
    Posts
    4

    Certifications
    A+, Net+, Sec+, Proj+, CWNA, CEH, CHFI, CCNP, CCDP, CISSP, SSCP, CASP
    #16

    Default Test Format

    What is the format of the G2700? Multiple choice, short answers, fill in the blanks? The only information i have is the exam has 75 questions and two hours long.
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Jun 2008
    Posts
    200
    #17
    multiple choice
    Reply With Quote Quote  

  19. Junior Member
    Join Date
    Mar 2007
    Location
    Warner Robins, GA
    Posts
    4
    #18
    Quote Originally Posted by Agent47 View Post
    Hi Colemic,

    You're welcome. And no you don't need to put your dunce cap on. Watch, from doing all that reading, you will end up answering questions you didnt even know you knew the answer to.

    So If you are talking about the area that starts with:
    The ISO/IEC 27001 certification usually involves a three-stage external audit process:

    Stage 1 is a preliminary, informal review of the ISMS...........................

    This was simply some supporting information from wiki that I thought was interesting so I put it in my index. I think of this section as somewhat of a common starting approach amongst auditors of how they do external audits based on elements derived from the standard. Not so much that this section (mentioned above) is there word for word in the standards.

    Glad you tried to read up on it though haha Like I said, some of the things that I chose to include may not make sense at first but once you start developing the index you'll be like ooooooh ok that's what that's there.
    You're allowed to bring stuff into this exam??
    Reply With Quote Quote  

  20. Senior Member Agent47's Avatar
    Join Date
    Oct 2011
    Posts
    102

    Certifications
    Security +, CCNA
    #19
    Yes, the test is open book. Do not let that fool you though because honestly you only have a min and a half per question. Once you'll start studying for it you will see why its open book..
    Reply With Quote Quote  

  21. Senior Member Psyco32's Avatar
    Join Date
    Feb 2011
    Location
    Alexandria, VA
    Posts
    103

    Certifications
    CISSP, C|EH, GCFA, GCIA, GSEC, GCIH, GSNA, GCWN, Sec+, ITIL, TCSE
    #20
    Agent47,
    CONGRATS and great writeup!!! Hopefully if my job has training funds I will probably take the G2700 next year. Will book mark your post..
    Reply With Quote Quote  

  22. Senior Member Agent47's Avatar
    Join Date
    Oct 2011
    Posts
    102

    Certifications
    Security +, CCNA
    #21
    Thanks Psyco32! I hope that you're able to get what you need to take the exam! Would definitely be a boost in regards to marketing yourself and your skills. Glad that this thread will help in your endeavors!
    Reply With Quote Quote  

  23. Junior Member Registered Member
    Join Date
    Jan 2012
    Posts
    3
    #22
    I am actually going in to take the GIAC 2700 today. Then Monday I present my capstone and I am all done with my Master's from WGU. Wish me luck
    Reply With Quote Quote  

  24. Junior Member
    Join Date
    Oct 2013
    Location
    Detroit, MI
    Posts
    12

    Certifications
    A+, Net+, Sec+, Server+, MCP, MCSA, MCSE, CEH, CHFI, VCP4/5, G2700
    #23
    Nate what did you use ive been going over this all seem like i am loss i got 75 on the pratice exam with no notes with 75%. i have a hard time lining up the objectives with the exam and the 3 manuals.
    Reply With Quote Quote  

  25. Junior Member Registered Member
    Join Date
    Jan 2012
    Posts
    3
    #24
    cutch, since this was my last class and exam for WGU, I didn't end up using much except for what I had already learned throughout the program. I took the first practice exam and got 68%. Second I got 76%. I passed the exam with 87%. I finished my presentation and I am now officially a graduate! I didn't take anything into the exam except for the ISO-27001 and ISO-27002 standards. I didn't use them though and I gave them to the lady to recycle the paper at the end.
    Reply With Quote Quote  

  26. Junior Member
    Join Date
    Oct 2013
    Location
    Detroit, MI
    Posts
    12

    Certifications
    A+, Net+, Sec+, Server+, MCP, MCSA, MCSE, CEH, CHFI, VCP4/5, G2700
    #25
    Nate would you say the real exam harder or easier
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks