On October 16 2019, I passed GCIH exam with a score of 93%. Honestly, I was surprised I scored so high. I didn’t feel like I had a passing score until 2.5 hours (out of 4 hours) into the exam. The exam is designed to measure your knowledge on the many cyber attack types and tools discussed in their book material. In order to pass, it is important to understand in which stage of incident handling you are in. Additionally, you must understand how these tools are used, how the attacks manifests in the network and at the host.
The one advice everyone gave me was to have a good index. The perfect index depends on how you learn, what works best for you. There are many great indexing techniques out there but not all of them will fit your learning or testing style. A friend suggested that I follow the Pancakes Indexing method from @hack4pancakes (Lesley Carhart), which involves indexing all sections from each book and the page number, no additional information. A colleague suggested that I index every topic and add every important text from the book. These kind of indexing would take a long time to produce, relies on the index instead of using the books, and will only be useful if you can quickly find the topic that contains the answer.
My index was something in between. The columns used were: Section, Book+Page #, Brief description of topic. I found this method most effective for me because I could easily reference section or topic in the book to answer the question. For many questions, I could find the answer just by referring to the index and looking at the brief description of the topic. Additionally, knowing in which book each section is located will save you time. This is useful for when you can’t find the topic in your index. Here is a sample of my index.
Another thing that helped me a great amount was listening to the MP3’s. I added them as a Podcast entry, and I listened to them during my commute, at the gym, during my breaks at work, and so on. I recommend listening to them at 1.5x speed, in which you can still comprehend and absorb the knowledge, but still save time. For SEC504, I had John Strand’s MP3 recordings. He is a great instructor and I would have enjoyed to attend his class. Sadly, he is no longer teaching at SAN, but he makes webcast that are free and available on YouTube (link here)
If you have any question regarding SEC504 or how to index, send me a message. Note that I will not break GIAC’s Code of Ethics.