I passed the first part of the GSE today. The GIAC Security Expert (GSE) consists of a multiple choice exam, this is what I passed today, and a two-day lab.
The certification bulletin for the exam portion of the GSE is a bit light. I’m not sure that page is actually linked anywhere. It is missing the number of questions (150), passing score (75%) and length of time allowed (3 hours). The exam bulletin lists the prerequisite certifications (GSEC, GCIH and GCIA) as the test objectives. I would suggest looking at the exam bulletin for each of those quite carefully. Consider these certifications your practice tests. There are no GSE practice tests.
In preparing, one of the first things I did was re-read Preparing for the GSE. Kevin Bong’s advice on preparing for the multiple choice exam applies to all GIAC tests. If you’re smart you’ll follow this advice on all certs and not have to redo the indexes. I don’t follow his advice exactly.
When preparing, the first thing I do is create an Excel doc and create headers for Term, Book, Page, and definition. Under cell formating, you’ll want to enable word wrap on the term and definition columns. The page column needs to be treated as text if you have any old style SANS books that number using the section-page method (e.g. 2-35). Otherwise Excel will think you’re entering a formula.
I next go through the book page by page, entering terms and key concepts. I use the definition field as much as possible so during the test, I may quickly be able to gather the answer without opening the book.
After I’ve made it through all the books, I’ll review the test goals in the certification bulletin. In the case of the GSE, that would be the certification bulletins for the GSEC, GCIH and GCIA. Review each item and make sure it is covered in your glossary. If you did a good job, you shouldn’t have to add too many things to the glossary/index. The last thing you do before the test is sort into alphabetical order and print (preferably doublesided and stapled)
Depending on the course and the age of your books, you may not have a table of contents. I have books with no table of contents, table of contents that are wrong, and table of contents without page numbers. Take the time to create your own table of contents. If you get a question you don’t know, and it’s not in your index, then you’ll be able to find the correct section that much more easily.
Next I printed all of the SANS Cheat Sheets I could find: Netcat Cheat Sheet by Ed Skoudis, Google Hacking and Defense Cheat Sheet, Intrusion Discovery Cheat Sheets for Linux and Windows, IPv6 TCP/IP and tcp dump Pocket Reference Guide, Windows Command Line Cheat Sheet by Ed Skoudis, Misc Tools Cheat Sheet by Ed Skoudis, TCP/IP AND tcpdump Pocket Reference Guide .
I printed out the wikipedia page for the SIP protocol and the MAN pages for SNORT, netcat, syslogd, tcpdump. I also printed out the headers spreadsheet from Mike Poor. I also had the Nmap Network Scanning book by Fyodor but that is abit of overkill.
Where I take the exams they tend to not lump SANS test takers in with genpop. I guess they’ve had experiences with us flipping through the book and disturbing other people. So instead of taking the test in a cubicle, we take them at a L shaped desk. Plenty of room to organize the open-book portion of the exam. The limitation on the amount of things you can bring in remains the same. This can be kind of rough because the test is drawn from 3 courses. I found the SANS bookbag to hold a good amount of things, and I think it falls under the “bookbag” size limit.
So that’s it for part one. The next GSE lab is scheduled for Orlando at the end of March.