How To Pass SANS GIAC Certification Exams

How To Pass SANS GIAC Certification Exams

As I mentioned in a previous post, I recently took SANS SEC 504 and have since been studying for the accompanying GIAC Certified Incident Handler (GCIH) certification.  I’m happy to say that over the weekend I passed (thank you, thank you) and wanted to share my strategy on studying for GIAC certification exams.

Don’t put off studying

SANS classes are intense experiences and you may feel worn out after a long week of technical material has been thrown at you.  But if you’re serious about passing the GIAC exam, don’t wait too long after class is over to start studying.  This will keep the material fresh and allow you to recall information quicker.

Build an index of the course material

GIAC exams are all open book and open note — sounds easy, right?  False.  The SANS books are thick and highly detailed.  In order for the books and notes to be useful, you need to create an index that allows you to quickly find what you’re looking for.  You’ll obviously still need a good understanding of the material, but the index will help you quickly research trickier questions.  Building the index will also help you review the material since you’ll need to go through each page to determine keywords and concepts.  I usually take a highlighter and highlight key points on each page.  You can follow my guide on how to create a good index.  Finally, remember to print out the index since you can’t bring any electronics with you to the exam.

Set aside about two months to study and prepare

We’re all busy people, and depending on your situation, you may need more time.  In my experience, two months allows you to review one book a week (taking notes and building an index) and then take the practice exams.

Take the practice exams

You get two practice exams and they tend to be accurate representations of the type of questions you should expect on the real exam.  You should have a “draft index” built by the time you take your first practice exam.  Treat the experience like the real exam and see how effective your index is.  If you find the practice exam difficult either because you don’t know the material or your index did not effectively help you, take notes on the questions that stumped you, study the material again, and add to your index.  Then take the second exam and repeat this process.

Label your books

At first glance, each SANS book looks the same.  During the exam you want to be able to quickly grab the book you need that has the answer you’re looking for.  To help me quickly identify a book, I take a sticky note and write the number of the book on it and place it on the front cover of the book like a bookmark.  This way, I can just look at the sticky note and see the big bold number rather than having to read a monotonous book cover.  It’s a small thing but I’ve found the speed increase noticeable.  See the image below for an example.

The process is long and time consuming but in the end well worth it.  I’ve done it twice now and scored 90% on my GCIA and 98% on my GCIH.  I’m confident the process will work just as well for you as it did for me.  Best of luck!

Stuff I Like

Web Hosting: SiteGround is proudly hosted by SiteGround. Performance and customer service are top notch. Quick and easy https implementation via built-in Let's Encrypt integration.

VPN: Private Internet Access

When I'm using a public internet access point, I use Private Internet Access to secure my connections. Easy to use, fast speeds, and no logs.

14 thoughts on “How To Pass SANS GIAC Certification Exams”

  • Hi Eric,

    Thanbkyou for your web blog sharing your GCIH exam tips.

    Would you know what is the difference between GCIH and ECIH? Pro and Cons?


  • Hi
    First of all congrats on your certification. I wanted to know where do you obtain those books. I am not that strong financially, their online courses are very expensive. Please let me know your source of books.
    Thank you.

    • Hi Satnam, the source of my books is SANS, the developer of the courses and certifications. You receive a set of books as part of their courses.

  • Thank you for this guidance. I have just been accepted to the SANS Women Academy starting in March and was wondering what to expect in terms of the certification tests. I like your method of building an index. Your tips have greatly put my mind at ease that I too can do well on these courses and certs with the hard work I plan to put into them.

    • Congratulations on your acceptance, Amy! I’m happy to hear you enjoyed this post. Sounds like you’re going into it with a great attitude and I’m sure you’ll do well. 🙂

  • Could you tell me what is best practice test to get GIAC security essentials
    could you tell me the process of creating the index sheet. give me example or send me the sample of index sheet

  • Hello Eric,
    Good day to you, thanks for the tips and guidance. But for the 5th recommendation, may i know how its look like (maybe a picture of the book)? i still cant imagine on that. sorry

    Thank you.

  • ditto stuart – the .doc file describing index build process is not accessible.
    eric, could you share it in another way?

  • Eric,

    The link to the page detailing how to build a good index has gone.. you dont happen to have a different link or the document to hand do you?


  • Thanks for your guidance on preparing the index sheet. But can you please share the one which you have developed which will definitely help us.

    • It turns out the process of creating the index yourself — reviewing each section, highlighting key points, and taking notes — is actually what will help you more effectively pass the exam. If I simply provided my own index, it would create a false sense of confidence and level of knowledge that would ultimately not be helpful to you.

      Best of luck!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.