Updated Aug 28, 2015 – Minimum passing score is now 74% *started on or
after August 28, 2015*
Knowing the Exam
The GIAC GSEC exam is one of the more popular exams that GIAC is offering. As of this writing, there are 36000+ GSEC certified professionals. The exam has the following requirements.
- 180 multiple choice questions
- 5 hours
- Minimum passing score of 74%
- Open book
At 180 questions and 5 hours long, the GSEC exam is one of, if not the longest GIAC exam. You can register for the exam at roughly a week or two after you attend the course. Unlike many other vendor exams, GIAC’s exams almost requires you to attend the course in order to pass because it is based entirely on the course materials. Although they do offer you to challenge the exam independently without the course, it’s mainly for those who have already attended the course and probably have access to the latest materials. The course materials also refreshes fairly often to keep up with latest security and technology trends.
If you signed up for the exam along with the course, you have 4 months after you complete the course to write the exam. Although you can pay to get an extension, I wouldn’t recommend procrastinating as the course materials are always changing. In case you’re wondering, unlike those branded vendor exams there are NO exam dumps online. Anything you find online will most definitely be outdated, so don’t waste your money!
I don’t know how many people who take the exam pass, but every business day there’s roughly about 4-6 people who show up new on the GSEC site. You can find them on their search professionals page. I took the exam and passed with a score of 94%. At 90% you get invited to the SANS GIAC advisory board which currently has about 2000 members. It’s an exclusive mailing list where you will get to listen in and possibly influence on SANS training and course directions.
How I studied for the exam
Since the exam is open book, you can bring any written non electronic material into the test center. Making a very good index/contents page for the courseware is the very first and most important thing to do as the materials provided purposely don’t come with one. As I re-read through the course materials I recorded the key topics and the page number on the subject areas covered.
The contents page can be very simple. I used excel and created two columns – one for the topic and the other for the page number. On some of the topics I also added in keywords in the same column related to the topic, some of them are subheadings of the slides on the main topic or multiple subtopics that can appear on the same page. I also made sure I highlighted key points and acronyms in the book so that it was easier to locate during the exam. I created one such contents page for each of the six books, each book had about 1-2 pages worth of contents. If you are aiming to get 90%+ – the quality of your contents page is critical.
Aside from the contents page, I also brought in three printed cheat sheets – one of them is the TCP/IP and tcpdump pocket reference guide that I got from the course. The second one is a HEX to Binary to Decimal conversion sheet which helps with decoding TCP and IP headers. The third was a CIDR subnet quick reference sheet. All three of these sheets were invaluable as I recall using all three of these in the exam to help speed up answering some of the questions. You can find all of these online. Here are the ones I used:
You can take up to two practice exams at the comfort of your home before the real one. The practice exams gives you a very good idea of how the exam questions are going to look like as well as assess your level of knowledge and readiness for the exam. I used up both of mine. I used the first one after reading through the courseware once as a readiness gap check. The last one was used the day before the exam as a final check. Each time I took the practice exam I made sure I video recorded the process as once you complete it you will not get the chance to review the questions again. I simply downloaded the free version of Cam Studio for this. Obviously, you will not be asked the same questions from the practice exams as the real one but the topics and level of difficulty are very close. In fact the practice test screen looks exactly the same as what you will get in the real one. The timer, progress and score at each checkpoint all appear on the real exam. During the exam you get to take one 30 min break and skip up to 5 questions for answering later. I got 85% and 92% respectively on the practice exams – both of which I had finished at about the 3 hour mark. I took slightly longer on the real one because the testing center’s PC had crashed right in the middle which cost about 15-20 mins of my time. Nevertheless, if you know your materials well, you should be able to finish with plenty of time left.
Taking the exam
As with any exam, getting a good night’s rest the day before the exam is ideal. Make sure to check your exam center hasn’t moved and plan your travel route early. The reason I put this here is I committed both these mistakes for this exam. It’s not a good idea to panic when you reach the test center 15 mins before the exam to realize only it had moved. When arriving at the test center kindly ask the the proctor to put you in a seat where there’s a free seat beside you as you can make use of it to place all your books. If you are not lucky enough to get one you can move the keyboard out of the way to free up some space for your books. If you’ve done the practice exam you will have a good idea of your pace and timing. Once you are done with the exam, you get your results right away – in fact you will know if you pass almost 80-90% into the exam because of the checkpoint score. Unlike other vendor exams, you will not get a print out so just head home and wait for your email confirmation.
I hope this post helps all you potential test takers! Wish you all best of luck on your exam!
Done with your exam? Check out the top 5 most popular GIAC certifications!