SANS Exam and study Strategy
Are you about to embark on the journey of taking a SANs exam or looking into making the investment into your education but are not sure how to prepare for the exam? Or what to expect? Great! You have come to the right place.
First let's quickly go over what SANS Institute is and why someone might want to invest in their training and exam materials. SANS Institute is a well known and respected organization specializing in information security and cybersecurity training and certifications. They offer a variety of courses and certifications tailored to different specialties and aspects of cybersecurity from penetration testing , incident response, network defense and more. SANS is highly regarded in the cybersecurity community for its practical, in-depth and hands on training programs. SANS takes care to employ industry experts to develop, maintain and teach their classes. With how quickly cybersecurity changes this is no small lift but they are up to the task!
Common Exams
GIAC (Global Information Assurance Certification) exams cover a wide range of topics within information security. GIAC exams are highly regarded in the industry and are known for their practical approach to testing real-world skills. Here are a few of the most well known exams.
Certified Incident Handler (GCIH): This certification focuses on incident handling and response techniques. It covers topics such as detecting and responding to security incidents, analyzing malware, and managing incident response teams.
Certified Intrusion Analyst (GCIA) focuses on network intrusion detection and analysis. It covers topics such as network traffic analysis, intrusion detection systems (IDS), and packet analysis.
Certified Penetration Tester (GPEN) This certification focuses on penetration testing, techniques and methodologies. It covers topics such as reconnaissance, scanning, exploitation, and post exploitation techniques.
Certified Forensics Analyst (GCFA) focuses on digital forensics and incident response. It covers topics such as disk and memory forensics, forensic analysis techniques, and incident response procedures.
These exams are typically a combination of multiple-choice questions, hands on lab exercises, and practical assessments. The student will register for the full course prior to the exam (not included in the course tuition) and be provided a variety of study materials including printed books, a live or recorded session of the instructional walkthrough and additional supporting materials depending on the instructor and course.
You've chosen the course you want to take! Now what?
Now that you have chosen the course that is right for you it's time to look for an instructor! This step is not necessary and is more applicable to live online or the on demand classes. If you are going in person you are in for a treat, but will likely not be instructor shopping. I take this step because I connect better with particular teaching style and want to optimize my experience. All of the SANS instructors have profiles with testimonials on the SANS website that you can explore and see if any of them resonate with you.
The course is chosen, the class is on the books, adrenaline is pumping, NOW WHAT? Wait...They typically get the books out pretty quickly but I would say definitely wait for your books before you start your course which will be available in your SANS portal. The best method is slow and stead for these exams.
Fast-forward You got your books and are ready to get started, Let's get to...
How to Prepare for a SANS Exam!
The SANS exams are open book, you can also bring a handful of printed notes. You may be thinking open book? No problem! Not so fast... It is ALOT of material, we are talking 6-8 books of testable materials at minimum 100 pages. The exams are also timed so you do not have very long to dig through your materials. I didn't mean to stress you out just setting expectations, don't worry I'm going to share my strategy with you! This strategy works for me, please tweak and apply as needed.
1st Read your books once through, go slow and make a comprehensive index. I use Excel but you can use any private sheets solution. Make it simple and easy to move quickly through. It's a no go to share SANs material publicly so I've made a sample out of ransom cybersecurity terms and cmds. When you do your index it will look like this but with key words from your materials.
4 Columns
Key Word: Keywords from your learning material
Book: Indicate which book the key word is found in
Page: Indicate which page of the book the key word is on
Comments: Any supporting information or details about the keyword.
The red text in the above sample are notes about index specifications. It explains how I like to bold important key words in the comments, and change input variables in commands to a different color. Sample would be Net Cat for port scanning nc -v -n 8.8.8.8 1-1000 which tells netcan to scan ports 1-1000 on IP 8.8.8.8. I do this to quickly decipher what the cmd is and what type of input information I will likely need. This method is applicable with most commands and tools.
Ok now we have a sweet index! To be transparent mine end up around 30 pages with hundreds (sometimes in the thousands) of rows. It's a lot but this method works for me! Next up I would watch the videos and focus on labs. You can make a totally separate index for your Labs or add it to your existing index. I like to make a separate index and instead of alphabetical lay it out by tool then step by step how to accomplish the task. Some people like to watch the videos, read the books and index in tandem. I find jumping different learning styles to be challenging so I prefer to really focus on reading the books then kicking back and absorbing the videos and doing labs. I don't heavily focus on labs during that first read as there are sometimes additional resources for the labs provided in the instruction and I really like the hands on walk through especially for new tools.
First round reading: Check
Solid Index: Check
Videos and Labs: Check
Now what? PRE TEST!
Your exam will come with two pre tests. Utilize them to your best advantage. Once you have a solid grasp on the information, print out your index and any other materials then take the first pre test, don't rush treat it like the real thing. This is the time to identify any knowledge gaps. Once you complete your pre test you will get a report of the tested domains and in star rating how well you did. Take this information and get back to studying! Go to the areas that you where not as strong in and brush up, clean up your index and skim over all the books again with special focus in those areas you where weaker. Do this for another week or two depending on how much you have to review and then take the second pre test. By this point you should have a really good understanding of the materials you need to focus on to hit the real test out of the park on the first try!
Ready to roll? Book your exam! You can take your exam proctored online at home or at a test center. There are pros and cons to both.
Whatever you choose, book your exam and get ready to pass your SANs GIAC Exam! In the days before your exam don't try to last second cram, your mind will need some rest. Be methodical, print out your most recent index, and get your materials organized. You've got this!
Lessons learned...From mistakes I've made...
Don't waste your pre tests. Really focus on these tests as tools to help shape your understanding of the material and practice using your index.
Don't trust an office supply store will print your index on time. Make sure to leave plenty of buffer room and double check the print.
You get breaks during the exam, TAKE THEM. You may want to just power through but these exams are intense. Take the breaks, get some water, recalibrate, don't rush.
Take care of yourself during the entire process. If you are burning out while you study, take a break. The night and days before the exam get good rest and stay hydrated. This is not the time to cram.
Really understand the labs, there had been a few times in labs I had to get the answer in a round about way because the step by step was not getting the results I needed. The more you know, the better you can trouble shoot.
Pace your time out. If you have 4 hours and 106 questions that leaves you just about 2.2 minutes per question. You'll want to factor in extra time for lab questions if your exam has them (called cyber live questions). Id recommend 10 minuets per lab question. Say there are 6 labs in the above scenario, that means you need to leave an hour for labs. At 100 remaining questions and 3 hours outside of labs that leaves you 1.8 minuets per question and the more you can cut that down the more time you will have for labs. Nothing is worse than that "oh @#$%" moment when you have run out of time on lab #2....yes it's happened...and re testing isn't cheap.
All in all you are absolutely capable, just put in the work and be mindful! If you have any questions or topic recommendations drop me a line. I'm happy to chat!