This exam is not your usual SANS exam, it's a proctored paper exam, containing 100 multiple-choice questions and has a six hour time limit. Unlike other GIAC certifications, this exam is not offered online and is not open book. The GSSP certification exam is only offered at specific locations given on a number of dates through the year. This time, SANS teamed up with secappdev to organize this exam in Belgium (I believe it was the first time this exam was organized in Europe). Proctor was Pieter Danhieux (GSE).
You have to be fluent in C to attempt this exam (I believe I wrote my first C program in 1984), because a lot of the questions will be code listings where you have to identify errors. The SANS C-handbook has sample questions that give a good idea what to expect. And if you just learned to program in C, you might be able to answer many questions, but I highly doubt you'll manage to provide enough correct answers in the allotted time limit.
Brush up your knowledge of the basic C I/O functions: what is their signature, how do they behave? Trust me, you'll need this during the exam (remember, this exam is not open book).
Read a couple of the recommended books, like Exploiting Software: How to Break Code and Writing Secure Code, Second Edition.
Be prepared for some really hard puzzles, I remember one question where I would have overlooked the error in the C program. It's only because I new the program was faulty, that I persevered and found the f*ing bug!
Another hurdle is the exam format. Tackling 100 questions in 6 hours and transcribing 100 answers correctly with a number 2 pencil on a form is not so trivial. I followed the same strategy I successfully applied during my CISSP exam. Here is my recipe:
I read the first question. If I don’t understand the question, or if I don’t like the question, or if I even don’t feel like answering the question right now, I just move on to the next question. However, even if I skip a question but I’m certain that one or more of the answers are not correct, I cross them out (every time I tell I write something down or make a mark, I do it on the question booklet, unless stated otherwise).
If I try to answer the question but I’m not sure of the right answer, I will cross out the incorrect answers and move on to the next question.
If I answer a question I’m sure about, I put a circle around the number of the question and another one around the letter of the correct answer.
After tackling the last question, I just start the process again from the beginning, skipping the questions I already answered (remember, there’s a circle around the number of an answered question). I repeat this process several times, each cycle gives me more answers. After a couple of hours, I’ve answered about 80% of the questions and I decide to transcribe my answers to the form (I have to be careful to skip the unanswered questions on the form). I review each answered question and transcribe the correct answer to the form. At the same time, I compile a list of all unanswered questions.
I decided to transcribe the answers after completing about 80% because:
1) I want to take the time to correctly transcribe the answers, I don’t want to make mistakes by rushing the job at the end of the 6 hour period allowed for the exam
2) I don’t want to start second-guessing my answers
After 30 minutes, I’ve transcribed all answered questions.
Now I focus on the list of remaining questions. I try to answer each question by eliminating all incorrect answers: what remains must be the correct answer. If more than one answer remains, I select one at random. I start guessing because I don’t want to stay until the end of the exam trying to find the correct answers, I feel confident because of all the other questions I answered. Since a wrong answer does not negatively impact your score, you’re better of answering all questions than leaving some unanswered. The main reason why I tackle the remaining questions like this, is that I don't want to start second-guessing my answers to the questions I felt confident about. Trust me, if you spend too much time toiling over a question where you're clueless, you'll start to doubt everything.
Finally, I transcribe the remaining answers to the form. The list of remaining questions I compiled helps me to identify which answers remain to be transcribed.
It's the first certification exam I really enjoyed, I had fun reviewing all that C code, it's a bit like discovering vulnerabilities.
Six weeks later, I got my detailed score report from SANS. Did I pass? I'll leave you too in suspense, for a couple of seconds...
http://www.giac.org/certified_professionals/listing/gssp-c.php
0 comments:
Post a Comment