.

Have GCIH taking CEH

<<

bigwhiff

Newbie
Newbie

Posts: 14

Joined: Mon Jan 28, 2008 2:29 am

Location: Alaska

Post Mon Jan 28, 2008 2:31 am

Have GCIH taking CEH

Hi All,

This is my first post on here and I am getting ready to schedule the CEH exam.  I have my GCIH from SANS and I was wondering if anyone could compare the two exams for me and how much more I might need to study for the CEH?

Cheers,
Jack
Jack Campbell
CCNP CCDP GCIH GHTQ C|EH
http://secauditor.wordpress.com
<<

oleDB

User avatar

Recruiters
Recruiters

Posts: 236

Joined: Thu Jul 20, 2006 8:58 am

Location: HOA

Post Mon Jan 28, 2008 1:10 pm

Re: Have GCIH taking CEH

Off the top of my head, the main reason you would want to study more for the CEH is the fact that the GIAC stuff is open book over the web and your only tested on material directly from the books. Whereas the CEH covers a lot of tool specific stuff, like switches or flags, that if you don't know it right away your not gonna guess it.
<<

bigwhiff

Newbie
Newbie

Posts: 14

Joined: Mon Jan 28, 2008 2:29 am

Location: Alaska

Post Tue Jan 29, 2008 2:46 am

Re: Have GCIH taking CEH

Thanks alot for the post.  I have the NMAP flags down, I am having a hard time memorizing all the freakin' ports associated with the various trojans and DOS tools.

I have to say I really enjoy the way that SANS lays their testing out.  If you don't know the material you won't make it through the exams cold with just the books.  Very similar to a real world event happening.  I am constantly going back to other resources that I know about to help during an incident.

Thanks Again,
Jack
Jack Campbell
CCNP CCDP GCIH GHTQ C|EH
http://secauditor.wordpress.com
<<

rance

User avatar

Full Member
Full Member

Posts: 212

Joined: Thu Jan 03, 2008 5:24 pm

Location: Earth

Post Tue Jan 29, 2008 3:06 pm

Re: Have GCIH taking CEH

When I took the exam a month ago, I was surprised by the number of questions dealing with:

-Snort Signatures (what does the following sig detect? which of the following sigs would you use to detect x? etc.)
-Packet Analysis
-What programs are used to do what (Loki is use for what?)
-Poor interpretation of the English language

G'luck!
Poking at security since 1986.  +++ATH
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Mon Feb 04, 2008 6:27 pm

Re: Have GCIH taking CEH

Several years ago the CEH examine was also filled with snort signatures and what tool does what kind of thing.  Make sure you know what all the most common tools do.  The more common tools like nmap and netcat you should know  the options. As far as packet read out, make sure you can read some hex. What they will do is blank out some of the letter equivalents and then you need to make sense of it. If you haven't memorized your hex that still is not a biggy because there is usually enough info available to put it together. That is, if you see what letter repeats you can figure out what the hex value is and then hopefully translate the appropriate hex line with the missing ascii into something readable and then pick the correct answer.
Last edited by Kev on Mon Feb 04, 2008 6:31 pm, edited 1 time in total.
<<

bigwhiff

Newbie
Newbie

Posts: 14

Joined: Mon Jan 28, 2008 2:29 am

Location: Alaska

Post Tue Feb 05, 2008 1:23 am

Re: Have GCIH taking CEH

Hi All,

Well I passed the CEH exam with an 82% not great but I spent about 8 hours studying for the test after passing my GCIH.  It is funny though the previous write up on the forum with the CEH study guide made it sound like I had the same exam.  THOUGHTS:

About 1/4 of the test was log reviews. Snort/tcpdump/etc.
NMAP and all the associated switches was huge maybe 15 questions
I used the CEH exam study guide (condensed book) and Testking practice tests and about 25 questions were exact duplicates on the test.

Over all I felt cheated some what by the test.  It has a sense of almost being something valuable, it has a good breadth of knowledge but it is such a patchwork that it doesn't really seem to accomplish anything.  Pretty much what most have said here on the forum.  Since I had already scheduled the test before finding this forum, I didn't put much effort into studying for the test.

Now onto completing my paper for the GCIH gold and trying to run through the GCFA material.

Cheers,
Jack
Jack Campbell
CCNP CCDP GCIH GHTQ C|EH
http://secauditor.wordpress.com
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Tue Feb 05, 2008 2:09 am

Re: Have GCIH taking CEH

Well good job!
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Tue Feb 05, 2008 2:19 am

Re: Have GCIH taking CEH

Congrats bigwhiff, 82% isnt bad at all.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Feb 05, 2008 11:56 am

Re: Have GCIH taking CEH

Congrats and good write up. It's these kind of posts that really help people in determining what and how to study.

Don
CISSP, MCSE, CSTA, Security+ SME

Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software