使用煎饼进行更好的GIAC考试
上一章: 信息安全行业认证-应急响应
前言
GIAC是美国sans机构的顶级信息安全认证。
但是,中国人考不了。
我交钱了,但是sans把钱给我退了,还发了邮件告诉我,很遗憾不能对我提供服务。
以下是邮件原文
1 | |
正文
It’s no secret that I’m a fan of SANS and their associated GIAC infosec certifications. Certifications aren’t worth a ton of credibility in the information security arena, but the SANS training and testing mechanisms really do ensure that students have to have some clue about the topic to pass. The courses aren’t cheap, but SANS provides less costly community and self-study options. So, people going into the certification exams are in varying training situations.
众所周知,我是SANS及其相关GIAC信息安全认证的粉丝。在信息安全领域,认证可能并不代表非常高的可信度,但SANS的培训和测试机制确实确保学生必须对主题有所了解才能通过。这些课程并不便宜,但SANS提供了成本较低的社区学习和自学选项。因此,参加认证考试的人处于不同的培训情况。
When people see my complex-looking system for passing these exams (I was a GIAC proctor, and now hold GCIH, GCFE, GCFA, GREM, and GPEN), they often ask me how they can better prepare for the exams. Even though most SANS courses cover this to some extent at night or on day 1, let’s review some best practices for succeeding at SANS certifications.
当人们看到我那看起来复杂的通过这些考试的系统时(我是GIAC的监考员,现在拥有GCIH、GCFE、GCFA、GREM和GPEN认证),他们经常问我如何能更好地准备考试。尽管大多数SANS课程在晚上或第一天就在某种程度上涵盖了这一点,但让我们回顾一下在SANS认证中成功的一些最佳实践。
DISCLAIMER: I follow GIAC policies to the letter and I will never provide specific details about any certification exam. So don’t bother asking.
免责声明:我严格遵守GIAC政策,绝不会提供任何认证考试的具体细节。所以请不要费心询问。
There have already been a few blogs written about the study mechanisms for GIAC exams and I will link them at the bottom as others’ methods are similar but vary a bit.
关于GIAC考试的学习机制,已经有一些博客文章了,我会在底部链接它们,因为其他人的方法相似但有所不同。
WHAT YOU NEED TO KNOW
你需要知道的
GIAC tests change regularly with the SANS course material. If you tactically acquire books from a year ago, there is a good chance they will not be completely applicable to the current test. Same with your TestCheaty.ru practice tests, etc. Stick with your provided materials.
GIAC测试会随着SANS课程材料定期更改。如果你策略性地获取一年前的书籍,很可能它们并不完全适用于当前的测试。你的TestCheaty.ru练习测试等也是如此。请坚持使用提供给你的材料。
GIAC tests are open book, open note (no electronic devices allowed). There is enough detail in them that it is very likely you will not be able to score very high without books or notes in the room with you; they’re designed that way. Minutiae matters – read, don’t skim.
GIAC测试是开卷、开笔记的(不允许使用电子设备)。其中包含足够的细节,很可能你没有书籍或笔记在场的情况下无法得分很高;它们就是这样设计的。细节很重要——阅读,不要浏览。
Some SANS books have no detailed index. This is for a smart educational reason – if you plan on using the books during your test (and you should) you are pretty much obligated to create your own. This forces you to actually read every page of the books while you’re preparing, and take notes. While some SANS courses have now added an index to match industry standards, creating your own with proper tabbing and references is still highly advisable for referencing speed during the exam and as a study aid.
一些SANS书籍没有详细的索引。这是出于一个聪明的教育原因——如果你计划在测试中使用书籍(你应该这样做),你几乎有义务创建自己的索引。这迫使你在准备时实际阅读书籍的每一页,并做笔记。虽然一些SANS课程现在已经添加了索引以符合行业标准,但在考试中为了参考速度以及作为学习辅助,自己创建带有适当标签和参考的索引仍然是高度推荐的。
People’s indexing styles vary. I will show you my system and why I do it the way I do. See the links at the end for some variations. The bottom line is you need some organized way to find stuff in the books in a time crunch.
人们的索引风格各不相同。我将向你展示我的系统以及我为什么这样做。请参见最后的链接了解一些变体。最重要的是,你需要一种有组织的方式,在时间紧迫的情况下在书中找到东西。
GIAC exams are usually 3 hours long (a few some are longer or shorter) with around 115 questions. This means you have about a minute and a half per question. Unless you read quickly and your index is top notch, you will not be looking up every answer.
GIAC考试通常持续3小时(有些可能更长或更短),大约有115个问题。这意味着你每个问题大约有一分半钟的时间。除非你阅读速度快且你的索引是顶级的,否则你不会查找每一个答案。
SANS instructors give you tools to help. Keep those handy SANS cheat sheets for tools, commands, and operating systems they give you in the class, and bring them to the test!
SANS讲师给你提供了帮助工具。保留他们在课堂上给你的那些方便的SANS作弊表,涵盖了工具、命令和操作系统,并带它们到测试中去!
GIAC gives you two practice tests you can take at home, and they can be given to others. We’ll talk about this in more detail, but these are really important!
GIAC为你提供了两个可以在家做的练习测试,而且它们可以给其他人。我们将更详细地讨论这个问题,但这些真的很重要!
WHAT YOU NEED FOR THE PANCAKES INDEX SYSTEM
煎饼索引系统所需物品
The SANS books for the certification you’re going to ace…
你将要精通的认证所需的SANS书籍…
Some of these colorful plastic tabbies (you can buy ’em at Walgreens or Target) 5-6 colors are best… tabs
一些彩色的塑料标签(你可以在Walgreens或Target购买),最好有5-6种颜色…标签
A fine tip permanent marker.
一支细头的永久性标记笔。
A highlighter.
一个荧光笔。
Excel or something that does the same thing.
Excel或类似功能的软件。
Word or something that does the same thing.
Word或类似功能的软件。
A color printer (or a handy Kinko’s).
一台彩色打印机(或一个方便的Kinko’s)。
THE PANCAKES INDEX SYSTEM
煎饼索引系统
First, we’re going to stop procrastinating and start the giant task of indexing. Hopefully, you’ve already read through the books during class, but I’m going to presume you have not, yet. Now, some people prefer to take one of their two practice tests before they do anything else, to get an idea of where they stand. That’s fine, but due to the short supply of two whole practice tests, I prefer to take them both after studying and initially drafting an index.
首先,我们将停止拖延,开始巨大的索引任务。希望你已经在课上阅读过这些书籍,但我将假设你还没有。现在,有些人更喜欢在做任何其他事情之前,先进行一次他们的两次练习测试,以了解他们的位置。这没问题,但由于两个完整的练习测试供应不足,我更喜欢在学习和初步草拟索引后再进行两次测试。
Be prepared for fully reading and indexing 5-6 SANS books to take a couple full work days. Take 2-3 days off, or block at least 12-16 hours over time off on your calendar if you’re that fortunate. I read pretty quickly; you may need a bit more time if you don’t.
准备好全面阅读和索引5-6本SANS书籍,这将花费几个完整的工作日。如果你那么幸运的话,休息2-3天,或者在你的日历上预留至少12-16小时的时间。我阅读得相当快;如果你不这样,你可能需要更多时间。
We are going to open up our spreadsheet software as we do this, and keep it running as we study. We are going to keep our colorful tabs and our markers handy as well.
我们将在做这件事时打开我们的电子表格软件,并在学习时保持运行。我们也将保持我们的彩色标签和标记笔在手边。
First, we’re going to place a uniquely colored tab at the top of every book, so we can quickly grab that book in the small heap of materials we use in the testing center. So our book .1 could be red, .2 could be purple, etc. It’s usually faster to see a color than read text. My method allows for both.
首先,我们将在每本书的顶部放置一个独特颜色的标签,这样我们就可以在测试中心使用的材料小堆中快速抓取那本书。所以我们的书.1可以是红色的,.2可以是紫色的,等等。通常看到颜色比阅读文本要快。我的方法两者都允许。
Then we will begin to read.
接下来我们将开始阅读。
Just because SANS books don’t have indices doesn’t mean they aren’t divided into chapters and sections. These are usually distinguished at the start of each section in a table of contents slide. They look something like grabs random book: So, we usually know roughly where we are going to put our tabs. We may decide logically to add or subtract one or two. We’ll normally ignore tabbing or noting the labs, capstone book, and appendices unless they contain useful references that compliment the text.
仅仅因为SANS书籍没有索引,并不意味着它们没有被分成章节和部分。这些通常在每个部分的开头通过目录幻灯片区分。它们看起来像是随机抓取一本书:因此,我们通常大致知道我们将把标签放在哪里。我们可能会根据逻辑增加或减少一两个标签。除非实验室、毕业设计书和附录包含补充正文的有用参考资料,否则我们通常会忽略给它们添加标签或做笔记。
As we read our book, we’re going to install our tabs lengthwise along the side of the book at logical points that will help us find important sections and tools. Because I’m a bit OCD, I like to use a rotating sequence of colors through the books. That way, I can quickly look for a color instead of a generic yellow or white tab. (Purple book, red tab. Yellow book, blue tab, etc, etc…)
在阅读书籍时,我们将在书籍侧边按逻辑点纵向安装标签,这将帮助我们找到重要的部分和工具。因为我有点强迫症,我喜欢在书籍中使用循环的颜色序列。这样,我可以快速寻找一种颜色,而不是通用的黄色或白色标签。(紫色书,红色标签。黄色书,蓝色标签,等等……)
So place a color tab of your choice at the start of the first chapter, and write on it what it is. Then, we shall read our chapter.
因此,在第一章的开头放置一个你选择的颜色标签,并在上面写下它是什么。然后,我们将阅读我们的章节。
If we find important information like tools, definitions, or keywords in the text, we’re going to use our highlighter to (you guessed it), highlight the critical information so we see it quickly on the page. Rocket science! We are also going to index as we read. Every time we find a new definition, critical fact, command, or tool, we’re going to add it to our spreadsheet. We’re going to take our fill button in our spreadsheet program and make the first column the book.page number and book color, and the second column the specific item and the section tab color it is in.
如果我们在文本中找到重要信息,如工具、定义或关键词,我们将使用我们的荧光笔(你猜对了),突出关键信息,以便我们在页面上快速看到它。真是高深的科学!我们也将在阅读时进行索引。每次我们发现新的定义、关键事实、命令或工具时,我们将其添加到我们的电子表格中。我们将在电子表格程序中使用填充按钮,使第一列成为书页编号和书的颜色,第二列为具体项目和它所在的部分标签颜色。
We are going to give a little thought to how we write these items because they’re all going to go in alphabetical order at the end. For example, if we think we would look up XSS before CSS, we should make our line item XSS & CSS, instead of CSS & XSS. Or maybe we will make two entries, one for XSS and one for CSS, with the same page number and colors, just to be extra sure we can find it later.
我们要仔细考虑一下如何编写这些项目,因为它们最终都会按字母顺序排列。例如,如果我们认为我们会先查找XSS而不是CSS,我们应该将我们的行项目写成XSS & CSS,而不是CSS & XSS。或者,我们可能会做两个条目,一个用于XSS,另一个用于CSS,页码和颜色相同,以确保我们以后能找到它。
If the items we are in all fall under one tool or subject, we might preface them with that tool so they end up in the same place once alphabetically sorted. For example, Meterpreter – priv module, and Meterpreter – Routing and Pivoting. We might put a couple word note next to a tool so we can quickly remember what it was for.
如果我们所在的所有项目都属于一个工具或主题,我们可能会用那个工具作为前缀,这样一旦按字母顺序排序,它们就会出现在同一个地方。例如,Meterpreter - priv模块,以及Meterpreter - 路由和转发。我们可能会在工具旁边加上几个词的注释,以便我们快速记住它是用来做什么的。
As we continue to fill our our index, we’ll start seeing a lovely, colorful list of book color and tab color develop. We now have two ways to reference any line in our index – reading the book and page number, or quickly glancing at the book and tab color.
随着我们继续填充我们的索引,我们将开始看到一个可爱的、多彩的书籍颜色和标签颜色列表的形成。我们现在有两种方法来参考我们索引中的任何一行——读书和页码,或者快速地看一下书和标签的颜色。
It’s going to take a long time to read everything. Take a break when needed. Proofread your index every so often, and make sure your colors match up.
读完所有内容需要很长时间。需要时休息一下。定期校对你的索引,并确保你的颜色匹配。
Eventually, our books will be tabbed, highlighted, and indexed in a spreadsheet from beginning to end. We’re then going to do some Office/Open-Office/Google Doc-fu. I’ll show you in Excel.
最终,我们的书将从头到尾被添加标签、高亮显示,并在电子表格中建立索引。然后,我们将进行一些Office/Open-Office/Google Doc操作。我将在Excel中向你展示。
Sort by the text column alphabetically (with no headers). Your index is now an A-Z list of stuff, and a explosion of colors.
按字母顺序对文本列进行排序(不带标题)。你的索引现在是一个从A到Z的列表,和一个颜色的爆炸。
But printing this will be lots of pages, so we’re going to open up Word and make two columns…
但打印这个将会是很多页,所以我们将打开Word并创建两列……
Then copy-pasta (or import) the contents of our excel doc into that two column doc. If the lines are two long to fit in the two columns, make your font size smaller, your margins narrower, or abbreviate specific lines accordingly. We don’t want those lines to take long to read or find, anyway.
然后复制粘贴(或导入)我们Excel文档的内容到那个两列的文档中。如果行太长,无法适应两列,请相应地缩小字体大小、缩小页边距或缩写特定行。无论如何,我们不希望那些行花费太长时间阅读或查找。
Now it will look something like this:
现在它看起来会是这样的:
This is a lot more manageable. We can even print this two-sided to make our index even smaller. We still have the alphabetical list of topics, the page number, and the book and tab color code for the item. Our index should only be a max of 6-7, or four pieces of paper, printed out.
这样管理起来方便多了。我们甚至可以双面打印这个索引,使我们的索引更加小巧。我们仍然有按字母顺序排列的主题列表、页码,以及项目的书本和标签颜色代码。我们的索引最多只需要6-7页,或者打印出来的四张纸。
We have an index, and tabs! They look really cool!
我们有了索引和标签!它们看起来真的很酷!
GETTING READY TO TEST
准备测试
So whether you used my index system or somebody else’s, let’s recap. You should now have:
无论你使用了我的索引系统还是别人的,让我们回顾一下。你现在应该拥有:
- Read the books.
阅读了书籍。 - Highlighted important facts, tools, and terms.
高亮了重要的事实、工具和术语。 - Made an index you can quickly reference (if it’s over 8 pages you had better have bound and tabbed the index, too!)
制作了一个你可以快速参考的索引(如果超过8页,你最好也将索引装订并添加标签!) - Tracked down your SANS course tool and software cheat sheets!
追踪到了你的SANS课程工具和软件作弊表!
And now we must, alas, take the practice tests and the actual exam.
现在我们必须,不幸地,进行练习测试和实际考试。
Relax. Tests make me nervous, and I like to ease myself into the first practice test. The first practice exam, I allow myself Google and the find function on my index document, neither of which I’ll have available to me on the actual exam. This practice test, I concentrate on finding topics that I missed and adding them to my index, and figuring out what SANS cheat sheets it will be a good idea to bring with me. I also use this test to gauge if there are sections I am very weak on and need to reread.
放松。测试让我紧张,我喜欢轻松地进入第一次练习测试。在第一次练习考试中,我允许自己使用谷歌和我的索引文档的查找功能,这两样东西在实际考试中我都无法使用。在这次练习测试中,我专注于找出我错过的主题并将它们添加到我的索引中,以及弄清楚带哪些SANS作弊表是个好主意。我还使用这个测试来评估是否有我非常薄弱的部分,需要重新阅读。
Some things to note:
注意事项:
On the practice tests, GIAC will tell you the correct answer of every question you get wrong (and why it more correct than the option you selected). You will not have a great deal of time to read and consider this. If the provided answer is confusing and you’re in a time crunch, take careful notes on what topics you got wrong (and why) to study later! (Keep in mind that GIAC policy prohibits sharing test questions and answers with other people.)
在练习测试中,GIAC会告诉你每个你答错的问题的正确答案(以及为什么它比你选择的选项更正确)。你不会有很多时间来阅读和考虑这个。如果提供的答案让人困惑,并且你时间紧迫,请仔细记录你答错的题目(以及为什么),以便稍后学习!(请记住,GIAC政策禁止与其他人分享测试问题和答案。)
GIAC will also give you a 1-5 star score on each topic in the books when you’re done with the test. If you’re getting 2 or less stars on a section, you definitely need to re-read it and check the quality of your indexing.
当你完成测试后,GIAC还会在书籍中的每个主题上给你一个1-5星的评分。如果你在某个部分获得了2星或更低的评分,你绝对需要重新阅读它,并检查你的索引质量。
Keep track on the first test of what you have to Google or can’t find, and make sure you add it to your index or cheat sheets.
在第一次测试中,记录下你必须谷歌或找不到的内容,并确保将其添加到你的索引或作弊表中。
At the end you will get a realistic percentile score. The passing score varies by exam, but is normally around 70%. I’m not sure exactly what the tolerance is, but expect your score to vary around 5% between the assorted practice tests and exam. So if you’re at say, a 73%, you’re going to want to consider studying quite a bit more before taking the second and final practice test.
最后你会得到一个现实的百分位分数。通过分数因考试而异,但通常在70%左右。我不确定容忍度是多少,但预计你的分数在各种练习测试和考试之间会有大约5%的变化。所以如果你的分数是73%,你要考虑在参加第二次也是最后一次练习测试之前,多学习一些。
I don’t ever take two practice tests in one day. I fix my index up, study sections I am weak on, and sleep on it.
我从不在一天内参加两次练习测试。我会整理我的索引,学习我薄弱的部分,然后睡一觉。
The second practice test, I have a better idea what to expect. I treat it like the actual exam rules. No digital resources, just what I have printed out and my books. I take my time and look up anything I am not certain about in my books. I do continue to take a few notes when something really eludes me.
在第二次练习测试中,我对预期有了更好的了解。我按照实际考试规则对待它。没有数字资源,只有我打印出来的和我的书籍。我花时间在我的书中查找任何我不确定的内容。当某些东西真正让我困惑时,我确实会继续做一些笔记。
Hopefully at this point my score is pretty good. I make some final tweaks before getting another night’s rest and taking the exam at the testing center.
希望在这个时候我的分数相当不错。在得到另一个晚上的休息并在测试中心参加考试之前,我做了一些最后的调整。
SHARING PRACTICE TESTS
分享练习测试
If you happen to pass your certification exam after only using one of your practice exams, you may send your spare test to another person’s SANS account via your GIAC portal account. This is an optional but nice thing to do for people who are struggling with an exam. The SANS course alumni and advisory board mailing lists are a great place to trade or give away practice tests, or find an extra yourself if you’re still struggling after your second practice test.
如果你在只使用了一次练习测试后就通过了你的认证考试,你可以通过你的GIAC门户账户将你的备用测试发送给另一个人的SANS账户。这是一件对正在努力应对考试的人来说可选但很好的事情。SANS课程校友和顾问委员会邮件列表是交换或赠送练习测试的绝佳场所,或者如果你在第二次练习测试后仍然在挣扎,你可以自己找到额外的测试。
ABOUT TESTING CENTERS
关于测试中心
GIAC tests are pretty unusual in their open book / open note format. Not every approved testing center is prepared for that from a training or space perspective. I’ve certainly ended up in testing centers with no desk space or uninformed staff who tried to prohibit the use of notes. Read the GIAC testing instructions carefully in advance and be ready to verify and confirm the policy and environment with the proctors. If something beyond the proctors’ ability to help goes wrong with the test, you may need to contact proctor@giac.org or file a grievance as appropriate.
GIAC测试以其开卷/开笔记的格式而非常不寻常。并非每个经认证的测试中心都从培训或空间的角度为此做好了准备。我确实遇到过测试中心没有书桌空间或不明情况的工作人员试图禁止使用笔记。提前仔细阅读GIAC测试指南,并准备好与监考人员核实和确认政策和环境。如果测试出现了超出监考人员能力范围的问题,你可能需要联系proctor@giac.org或适当提出申诉。
OTHER PEOPLE’S GUIDES!
其他人的指南!
I recommend checking out some other lovely peoples’ guides to indexing and studying. Everybody’s learning and note-taking style is different. Perhaps you’ll find one that works for you or combine aspects of a couple.
我推荐查看一些其他优秀人士关于建立索引和学习的指南。每个人的学习和笔记风格都是不同的。也许你会找到适合你的方法,或者结合几种方法的某些方面。
https://br0nw3n.com/2018/10/making-a-giac-exam-index/
https://www.ericooi.com/how-to-build-a-sans-giac-index/