SANS is very good at starting at the beginning. All of the courses I've done with SANS have overlapped greatly. This like the TCP/IP model, WEP, WPA and more. The 560 I just passed was the second time I did it. I toke it in the passed but never toke the test. This time I toke the test. I've tried to look into certs like CEH/CHFI but I don't find them as in-depth as to how to use the tools. If you simply start of with the Incident handling course that is a great primer for the rest. I've attend one Community SANS and 3 normal SANS events. By fair the normal SANS events are better. Having said that any training is better than none. I have also take 4 OnDemand Courses and working on my fifth.
The tests are fairly in depth 150 questions and you get 4 hours to complete. They are all multiple choice, I found that two answers can be tossed out right away and the other two are pick the best answer for the question.
Obviously the SANS courses/tests are not for the weak at heart. They take dedication and many hours of studying and practicing. Having said that you do get a good feeling when you complete the test and pass it. BTW they have recently bumped up their pass mark to I believe 74%. Something along the lines of 111 correct.
The practice tests are very close to the actual test. During the test you see your running tally of correct and incorrect answers. I must admit this can be a little un-nerving to say the lest. They provide DVD's with extra information on them for practice.
All in all I like the amount of knowledge they provide you. They don't simple say use this to do this. They say here is tcpdump and with the switch you get hex, with this switch you change the snaplen. The you go through exercises to practice what you have learned. Simple capturing packets from your own machine to look at them is very interesting.
Well enough for now. Hopefully this help somebody out.
Certifications: EETN, CCNA, GCFW, GAWN, GCFA, GPEN, GCIA, GCWN