Prepping for a GIAC Exam

Career Development

TLDR

I use a method to prepare for GIAC certifications that isn’t the quickest or the easiest but it builds reference material that’s useful during and after the exam. The two outputs of this method are a binder of your notes boiled down from the full course content and a set of GIAC course books that have been carefully tabbed for quick reference.

This is not the ONLY method, but it has worked well for me.

ABOUT GIAC EXAMS/PREP

GIAC certifications are open-book tests which means you can bring any printed material to the testing center. A common mistake when people approach these types of exams is that they assume having the material on hand means they don’t need to study or prepare to pass the exam.

If you were to take the raw books into the exam without much prep you’d likely find it near impossible to locate information fast enough to complete the exam in the allotted time. The questions are written deliberately to force the student to APPLY the knowledge from the class and there’s just not enough time to LEARN the material during the exam.

“INDEX” CREATION

Once you have completed the class and given your brain time to recover, it’s time to start prepping for exam time.

The most popular strategy for preparing for GIAC exams involves a traditional “index” of terms with associated page numbers to help students find a topic within the stack of course material. While many people find that this method works for them, I take a different approach but still incorrectly refer to my test prep materials as an “Index”. This is the way.

BOOK TABS - MAKING THE COURSE CONTENT DISCOVERABLE

Goal: Decrease the time needed to locate information from the course books with the use of tabs.

This process of tabbing your books should also help you know where to find information as you go through it.

MAJOR TABS

Start by dividing the books into main sections with a handful of tabs along the top of the pages. Try your best to divide the book up into no more than 6-8 sections.

Tip: Feel free to use the section included in the book itself as a guide.

MINOR TABS

Once you have laid out the major sections, go through them and flag important ideas/references with tabs along the right side of the book. Ideally, you would match the color of the top tab for that major section. (Not required but does make things more uniform and organized)

There are a few benefits of laying things out this way:

  1. You can lay your books on top of one another and have a quick way to know which books contain certain topics.



2) The combination of major and minor tabs makes navigating to a specific passage extremely quick.


REFERENCE BINDER - BOILING THE CONTENT OCEAN

Goal: Build a reference binder with a condensed version of the course content in your own words that can be used in the exam as well as in your day-to-day security activities.

Go through the content page by page and extract any relevant information by writing notes in your own words. This process takes a ton of time but this is where I become most familiar with the content and learn where it resides among the tabs. It’s easy to handwave a section of content when it’s being taught live but having to summarize concepts will quickly highlight the areas you don’t fully understand.

Tip: This is also a great place to include other materials such as cheat sheets and man pages

Here are a few pages from different binders I’ve made:



CONSISTENCY

Consistency is essential for these notes to be useful for quick information retrieval because you can avoid spending extra time orienting yourself with your notes.

One of the first courses I took went through about half a dozen protocols. By standardizing the format, I was able to open up the binder to any of them and quickly find the protocol header diagram, the TCP/UDP ports the protocols uses, and how long the header is in bytes.

Another course covered a TON of CLI tools. I made sure that I could flip to any of them and have a brief description of the tool, basic syntax format, common flags, and a handful of examples of complete commands.

Tip: An added benefit of this step is that you can load these notes into a knowledge database like Obsidian and have quick reference sheets that you can use on the job.

PRACTICE EXAMS

With a completed Reference Binder and Tabbed Books in hand, it’s time to put them to the test! Practice exams are most useful when used as a proving ground for your reference materials.

STRATEGY/TIMING

During the first practice test, avoid using the internet to lookup answers and rely solely on the prepared materials. Treat it as if it were the real thing and attempt to lookup each answer, taking note of content that’s missing in the binder or hasn’t been tabbed well enough in the books.

Improving the binder and book tabs after a practice exam should only take a few days because you have already gone through all of the content with a fine-tooth comb. If I get a passing score on that first exam, both practice exams and the actual certification attempt all take place in course of about a week.

If things REALLY go south with the first practice exam, it may make sense to pump the brakes and go through all of the content again.

Tip: Something to remember is that the grade from the second practice test will likely be slightly inflated because you’ll see duplicate questions from your first practice test.

ANSWER EXPLANATIONS

There is a setting in the top right of the screen that changes when an explanation is given for a question. The options are:

  • All - Explanation is shown for every question regardless of how it was answered

  • Incorrect - Explanation is shown ONLY when a question is answered incorrectly

  • None - No explanations are shown

While it defaults to “Incorrect” I’d highly recommend setting this to “All” and reading each explanation. While it’s important to know why a certain answer is right, it’s equally important to know why the other ones are wrong. It also gives insight into the exam author’s thought process.

CERTIFICATION ATTEMPT

When you sit down at a testing center or in front of a proctored webcam for the cert attempt, you’ve got a lot riding on the next few hours. Prioritizing where you spend your time is the key to completing all the questions rather than stalling and running out of time. GIAC exams allow the candidate to skip up to 10 questions to answer at a later time in the exam. Leveraging the skip option is crucial to making the most of the time allotted.

I have an order of operations style flow to how I answer questions. It’s designed to quickly find the right answer while allowing more challenging questions to be skipped for the end of the test. Questions should be either answered or skipped in about a minute.

Here is the flow I use for each question:

  1. Knowledge - Can I answer this question with ~90% certainty?

You should know immediately if you can answer it from your own knowledge. If you have even a small doubt, don’t risk it.

  1. Binder - Look up the answer in the reference binder, it’s small and you should be incredibly familiar with your own notes.

If you can’t find the section or the answer within 15 seconds, it’s time to dive into the course books.

  1. Books - Use your tab system in the books to find the relevant section.

If you can’t find the section or the answer within 30 seconds, it’s time to move on.

  1. Skip and come back later.

Near the end of the exam you’ll have a better idea of how much time you have to spare on the more difficult to find answers.

Tip: There are some certifications that have a practical portion at the end of the exam with 8-10 questions that require hands-on interaction with a VM to answer the questions. If a certification has these types of questions the practice exam should have them as well. Be careful to allow for enough time at the end of the exam to complete these tasks.

MADNESS BEHIND THE METHOD

As stated at the beginning of this post, my method isn’t the quickest or the easiest way to pass a GIAC exam but it forces you to familiarize yourself with the content and you end up with great reference material that you can use on the job. All the prep material from past exams sits in my closet right next to my desk and gets regular use when I need to quickly lookup something that was covered in a class.

With the goal of making things more accessible, I’m in the process of organizing/digitizing these materials into a knowledge management system called Obsidian but that is a conversation for another day.

I am hardly the first person to put together a guide on how I prep for a GIAC exam. Please read other people’s guides and find a method that works for you.

Here are a few notable GIAC prep guides to check out:

Better GIAC Testing with Pancakes

Tips, Tricks, and Traps When Prepping for a GIAC Certification Exam – Br0nw3n’s World

How to Pass SANS Exams