GCIH Exam Tips

With some luck, you too can get a high or even perfect score!

TLDR

  • GCIH is a fairly simple exam. The cyberlive questions only requires you to key maybe one to a few commands at most and usually can be solved under a minute. The MCQs are mostly factual and answers are lifted straight from the notes/slides. You REALLY SHOULD NOT BE FAILING GCIH if you put in the effort.
  • Cyberlive weightage is huge. Getting all 10 of them correct goes a long way to passing and getting a high score
    • Do the labs multiple times until you are completely comfortable with them
  • Proper Indexing is key to getting a good score. More on that below.
  • Four hours is plenty of time. That said, keep at least 1.5 hours for the cyberlive as they can be laggy

The Exam

As of October 2024, the four hour exam consisted of 96 MCQ and 10 Cyberlive questions. Cyberlive questions are weighted much heavily than MCQs so it is important to get most if not all the Cyberlive questions correct if you want o get a good score.

It is an open book exam and you are allowed to bring in the books as well as any custom index you may have.

If given a choice to take it at a Pearson VUE location or remotely at home, I suggest doing it at the Pearson VUE location to avoid any potential issues with software incompatibility or banned applications on your host pc.

If you attended the live or on demand course and purchased the exam package, you will receive two practice exams. For all intent and purpose, the practice exams are a very good barometer of the actual exam. In fact, some questions do appear again either exactly or with slight modifications on the actual exam.

CTF is great and all but not tested so feel free to skip it if you dont have time.

Preparation

I took the OnDemand course but this should apply to the Live course as well. With all due respects to the Instructors who are fantastic, the exam will only test the stuff that is written on the slide or in the slide notes.

Indexing

My index was on an Excel sheet with four columns; keyword, description of the term, page number and book number. See example below.

Started indexing from the notes under each slide on the books. I indexed anything that looks like a keyword and write a short explanation in the index. My aim was to minimise flipping the books and to have the answer on my index to save time.

For the indexing I chose to group many of the terms by theme. What this means is that I grouped the different persistence mechanisms as Persistence: Service Creation, Persistence: WMI Subscription and so on. I find this easier for me to quickly flip to the right page in my index.

I went through the lightning labs and the labs. I indexed all commands that were used and provided a short description of what the command does. I also made sure to put a small explanation of any flags that were used for the commands. I did the same for the Power shell and Linux Olympics.

I did the labs three times at which point I felt comfortable with the commands and what they do.

Practice Exams

My first practice exam was solely used to gauge the strength of my index and to see how much time I needed for the exam. I used solely my index for the practice without referring to any of the books. I scored 89% and completed everything in 1.5 hours with full marks for the Cyberlive. At this point I knew I could afford to slow down and use the time to do book flipping. Cyberlive questions were surprisingly easy and took me anywhere from 20 seconds for the easiest question to maybe two minutes for the more tedious ones. The practice exams will provide an explanation if you get a question wrong so I used the explanation to further strengthen my index.

My second practice exam took me under 2 hours but I only managed to score 93% due to some careless mistakes on my part and what I thought was a poorly phrased question for one of the Cyberlive questions. The questions were for the most part similar to my first exam though there were a few new ones which I then updated in my index.

Afterwards I did not study the SEC504 materials at all till the exam itself because I was confident in my index and I had no issues with time management.

Actual Exam

I made sure to choose a good time after lunch. I had a nice cup of coffee and then went in with my index and all the books for the course including the labs.

I actually found the actual exam trickier than the two practice exams but this time I took the time to confirm any questions that I had even the slightest doubts on the answers by flipping the books. I skipped three questions as they involved some additional flipping and I wanted to finish my Cyberlive questions before heading back. My Cyberlive VM was not stable at all and restarted at least two times while I was keying commands. It was also very laggy and I had to slow down my keystrokes. That said the Cyberlive questions were fairly straightforward thankfully.

Finished the exam in 2.5 hours and was really honestly surprised by the score. I find the exam to be on the easy side compared to some of the other cyber exams that I have done.

Closing Remarks

Go crush it:D Best of luck to those taking GCIH!

Tags

Related Posts

Trending now

✨OSEP 2025 Review – The Non-Tech Mid-Careerist Edition
Malware Analysis – SillyPutty
GCIH Exam Tips
Struggle