+ Reply to Thread
Results 1 to 10 of 10
  1. Senior Member
    Join Date
    Jun 2011
    Location
    Maryland
    Posts
    186

    Certifications
    GWAPT, CISSP, eJPT, CEH, Sec+, ITIL-F, BS:IS
    #1

    Question GWAPT - Tips/Advice?

    Hello TE,

    I took the SEC542 course over the summer. Unfortunately, shortly after completing the course had lots of crazy family/life type events. I am now finally able to focus again since early last week. I am listening to the seminar and should be done through it tomorrow. Then I will take my time and go over the material again this time taking notes and creating an index... at a slower more critical pace. I have the exam scheduled for end of the month as I have a work deadline for it, so that is helping with the discipline. I am officially in study zone.

    I do web app testing for a living granted I have only been doing it for 3+ months now. We do part manual and part Burp Pro. I am getting nervous for the exam especially since I will not get reimbursed for training until I pass the exam. Someone was telling me the exam is not that difficult but they have been doing web app testing for years. However, I was thinking since it is just a 5 day class of actual material, and it's open book would it really be that hard as long as I put in the work to study the provided material and index?

    I plan to take a practice exam end of this week and calibrate on weak areas from there. Do you have any other tips/advice/thoughts on the GWAPT? Anyone have an amazing index I could use as a template or good cheat sheets outside of what SANS provides?

    Thanks!
    Last edited by ZzBloopzZ; 09-11-2017 at 05:36 PM.
    Reply With Quote Quote  

  2. SS -->
  3. Completely Clueless TechGromit's Avatar
    Join Date
    Oct 2015
    Location
    Galloway, NJ
    Posts
    1,326

    Certifications
    A+, Network +, GSEC, GCIH, Lunatic+
    #2
    Your practice exam is really going to tell you were you stand of being ready for it or not. Usually if you put the study time in, and build a good index you'll pass. Don't recommend cramming all your studying a week before your exam.
    Still searching for the corner in a round room.
    Reply With Quote Quote  

  4. Senior Member E Double U's Avatar
    Join Date
    Apr 2014
    Location
    The Netherlands
    Posts
    1,156

    Certifications
    CISSP, CISM, GCIA, GCIH, C|EH, and more.
    #3
    ^^^^ Pretty much!
    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
    Reply With Quote Quote  

  5. Senior Member supasecuritybro's Avatar
    Join Date
    Jul 2015
    Location
    Miami, FL
    Posts
    165

    Certifications
    CISSP, GPEN, eJPT, CSA+
    #4
    +1 on the advice above
    Completed: CISSP, GPEN, eJPT, CSA+, M.S. Information Security
    Current Goal: eCPPT
    Five Year Plan:​ RHCSA, CISM, OSCP, more SANS as they come
    Book/CBT/Study Material:​ Python for Security Professional (Cybrary)
    Reply With Quote Quote  

  6. Senior Member 636-555-3226's Avatar
    Join Date
    Jul 2015
    Posts
    872

    Certifications
    Lots of security certifications, yet the more I learn, the further I have to go...
    #5
    From what I heard (and take this with a BIG grain of salt considering my less-than-reliable source), SANS/GIAC has been putting more effort into their exams lately with some of the newer material. SEC542 had a big rewrite this year (again, so I hear) and either the test has a lot of old material from stuff that isn't in the new books or they're upped their game with the new questions. Guy I know who took it said the exam was much harder than the practice questions which themselves were the usual run-of-the-mill straight out of the book stuff we all know and quasi-love.

    Not sure if your material was the old stuff or new stuff, or where it'd fall into the exam questions. Not trying to get you down, just letting you know what I heard. Post back afterward and give us the truth!
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Jun 2011
    Location
    Maryland
    Posts
    186

    Certifications
    GWAPT, CISSP, eJPT, CEH, Sec+, ITIL-F, BS:IS
    #6
    Thanks for the response 636. I will start cramming even harder now and assume the exam is super hard instead of the easy that I have been reading around granted the few people that said it was easy, they took exam back in 2015 or before.

    Hopefully someone that took exam in 2017 could post some feedback here.
    Reply With Quote Quote  

  8. Queen Bee kiki162's Avatar
    Join Date
    Jan 2011
    Location
    Somewhere
    Posts
    611

    Certifications
    VCP6-DCV, MCSEx4, CompTIAx3, GSEC, CISSP..and more
    #7
    I can confirm that earlier this year they had a major update to the GWAPT exam material. Yes, the exam was much harder then the practice, plus I saw a lot of questions that were not in my course material, which made me think WTF?! I missed it by 3 points, and decided a retake was not worth my time or money.

    One would think that if there was any type of updates for an exam, GIAC would provide that material to those who have taken the course. Although the courses are great, and you certainly learn a lot, SANS/GIAC really needs to up their standards when providing updates for course material. Even if they did have that available, they would be charging for that too.

    Sure if you have a lot of real world experience, then the exam would be a piece of cake. Since you are just starting out, my advice would be to take the information you learned from the course, and bypass the exam all together.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Jun 2011
    Location
    Maryland
    Posts
    186

    Certifications
    GWAPT, CISSP, eJPT, CEH, Sec+, ITIL-F, BS:IS
    #8
    Hello kiki,

    Thank you for your detailed response. Unfortunately, I do have to take the exam due to a work requirement. I am starting to stress out now based on your response. I do feel the material is pretty basic/foundational. The only area I really will focus on next weekend is the SQLi but the other stuff does not seem too bad. I will definitely be making a full index/cheat sheet for every tool and syntax mentioned in the material as I do not use most of them. What month did you take the exam? Hopefully they have the exam more in line with the material now.
    Reply With Quote Quote  

  10. Junior Member Registered Member
    Join Date
    Sep 2017
    Posts
    1
    #9
    I have a background in web app development. I took the GWAPT in the summer of '16. I can't speak to Kiki's claim that the material changed. However, I will say that the practice exams helps. While the questions will be different on the exam, they will be similar in context. Meaning, if you're missing questions on the practice exam related to NMAP parameters then I'd study all of the NMAP commands , not just -sV.

    The other advice I'd give you is do the labs. I did not. I regret it. Like a lazy ******* I didn't do it and it almost cost me. I barely passed.

    I read the books 3 times, made an index (!important), and studied the practice exams content. I don't actually think I watch all the lectures.

    I'm not smart. I struggle with reading and comprehension. I also forget a lot of things. For example, what was that command for identifying a blind SQLi again? I don't remember but it's on my index! I'm aware of my weaknesses and learned to cope by studying more and being resourceful. I learned a lot about recall and studying skills watching the crash course channel (https://www.youtube.com/watch?v=Ihuw...E1IJU6nMfHj86W) . Also watch the computer science Crash Course channel so you can learn about the basics which helped me to put some of the GWAPT content into context that i could relate to and understand. Which in turns helped me to remember.

    Make your index, make it good, and do it thoroughly. It will really help you to focus and remember. Dont be like me and wait the last week before studying. Dont be like me and avoid the labs. If you do all I said you'll be a lot more prepared than I was and I passed.
    Reply With Quote Quote  

  11. Completely Clueless TechGromit's Avatar
    Join Date
    Oct 2015
    Location
    Galloway, NJ
    Posts
    1,326

    Certifications
    A+, Network +, GSEC, GCIH, Lunatic+
    #10
    Quote Originally Posted by kiki162 View Post
    One would think that if there was any type of updates for an exam, GIAC would provide that material to those who have taken the course.
    I asked this exact question at the last SANS conference I attended. I was told that when you registered for your exam, your exam would be based on the course materials you possessed. Regardless if they had a complete rewrite of the material, your test should have been based on the material available before this re-write. If you believe your exam had significant content that was not in the material you possess, I would write SANS and ask them to confirm the exam you took was based on the material version you have, and not the new exam. If there's a discrepancy, perhaps they will give you a retake, or send you updated material. Can't hurt to ask.
    Still searching for the corner in a round room.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks