I passed the first part of the GSE today. The GIAC Security Expert (GSE) consists of a multiple choice exam, this is what I passed today, and a two-day lab.
The certification bulletin for the exam portion of the GSE is a bit light. I’m not sure that page is actually linked anywhere. It is missing the number of questions (150), passing score (75%) and length of time allowed (3 hours). The exam bulletin lists the prerequisite certifications (GSEC, GCIH and GCIA) as the test objectives. I would suggest looking at the exam bulletin for each of those quite carefully. Consider these certifications your practice tests. There are no GSE practice tests.
In preparing, one of the first things I did was re-read Preparing for the GSE. Kevin Bong’s advice on preparing for the multiple choice exam applies to all GIAC tests. If you’re smart you’ll follow this advice on all certs and not have to redo the indexes. I don’t follow his advice exactly.
When preparing, the first thing I do is create an Excel doc and create headers for Term, Book, Page, and definition. Under cell formating, you’ll want to enable word wrap on the term and definition columns. The page column needs to be treated as text if you have any old style SANS books that number using the section-page method (e.g. 2-35). Otherwise Excel will think you’re entering a formula.
I next go through the book page by page, entering terms and key concepts. I use the definition field as much as possible so during the test, I may quickly be able to gather the answer without opening the book.
After I’ve made it through all the books, I’ll review the test goals in the certification bulletin. In the case of the GSE, that would be the certification bulletins for the GSEC, GCIH and GCIA. Review each item and make sure it is covered in your glossary. If you did a good job, you shouldn’t have to add too many things to the glossary/index. The last thing you do before the test is sort into alphabetical order and print (preferably doublesided and stapled)
Depending on the course and the age of your books, you may not have a table of contents. I have books with no table of contents, table of contents that are wrong, and table of contents without page numbers. Take the time to create your own table of contents. If you get a question you don’t know, and it’s not in your index, then you’ll be able to find the correct section that much more easily.
Next I printed all of the SANS Cheat Sheets I could find: Netcat Cheat Sheet by Ed Skoudis, Google Hacking and Defense Cheat Sheet, Intrusion Discovery Cheat Sheets for Linux and Windows, IPv6 TCP/IP and tcp dump Pocket Reference Guide, Windows Command Line Cheat Sheet by Ed Skoudis, Misc Tools Cheat Sheet by Ed Skoudis, TCP/IP AND tcpdump Pocket Reference Guide .
I printed out the wikipedia page for the SIP protocol and the MAN pages for SNORT, netcat, syslogd, tcpdump. I also printed out the headers spreadsheet from Mike Poor. I also had the Nmap Network Scanning book by Fyodor but that is abit of overkill.
Where I take the exams they tend to not lump SANS test takers in with genpop. I guess they’ve had experiences with us flipping through the book and disturbing other people. So instead of taking the test in a cubicle, we take them at a L shaped desk. Plenty of room to organize the open-book portion of the exam. The limitation on the amount of things you can bring in remains the same. This can be kind of rough because the test is drawn from 3 courses. I found the SANS bookbag to hold a good amount of things, and I think it falls under the “bookbag” size limit.
So that’s it for part one. The next GSE lab is scheduled for Orlando at the end of March.
Congrats on passing the exam well done! Any other certifications you have your eye on for the future?
Regards
Mark
Congrats on passing the GSE multiple choice exam! Good luck in Orlando!
Regards,
Doug Burks, GSE #24
thanks. I was worried about the exam, but did well. Now I’m 10 times as worried about the lab.
Hey Roger,
Congrats on passing the GSE. Been reading your blog here when I can. You are really starting to collect the certs my friend. Impressive. I’m not sure (at this point) that I’d go for any more certs myself, but it did get me to think about them after seeing how many you’ve amassed. I also know how exclusive the GSE is. Was the written part harder than the CISSP?
Take care,
Steven
Steven,
nice hearing from you.
I’m only half way there on the GSE. Hands on lab/test in Orlando at the end of March. No jinxing me!
Its hard to compare the CISSP and the SANS certifications. CISSP lines up more with the GSEC (security essentials). I dont recall if I blogged that comparison when I picked that cert up earlier this year or not.I got the CISSP SANS testing format is a lot easier. I got the CISSP in 2005. I have so much more experience now that things are much easier.
The SANS exam format is makes things easier as well. Its (limited) open book. life is open book. But as you know from our courses, that can allow the questiosn to be much more specific. The GSE covers Intrusion Analyst (snort and IP). I understand packet analysis now so much better than when we took networking.
I know some people don’t like certs and think less of those than have them, but its just something I collected. As a single guy I have more free time, and I want to make the most of it. Also, my company pays for one course per year. I feel that I owe it to them to get the cert. Along the way, I decided to make the GSE a goal.
At this point I think I’m over halfway to the SANS Institute Masters degree. trying to decide if that is something I want to work on or not. A Masters degree unlike certifications will never expire. On the other hand I have two masters already. Personal development-wise, It may be better for me to become a SANS mentor. Teach some of these things.
Roger,
The very best of luck with the GSE exam in the next few days.
Drink plenty of liquids, keep a cool head and one eye on the clock!
Hope to see your name on the GSE list in the coming weeks.
Chris Mohan – GSE #30
thanks Chris,
going to watch Fringe and go to be early. not much else to learn at this date.
Day 1 in the books. It was a lot of fun if I pass. :).
Do you mind if I quote a small number of your blog posts as
long as I provide credit and sources returning to your site:
http://www.infosecblog.org/2011/01/gse-multiple-choice-exam/.
I most certainly will aslo be sure to give you the
proper anchortext link using your blog title: GSE Multiple Choice
Exam | Roger’s Information Security Blog. Please be sure to let me know if this is okay with you. Many thanks
given this was posted with a fake address, I’m going to assume that you aren’t real and didn’t want a response. If you are real, ask using the content form.