Last month I passed the GIAC GCIA (Intrusion Analyst). I found the exam to be much more difficult than my previous GIAC Exams, primary for two reasons:
1) There were a number of tools that had been discussed in the class… There were a number of questions on the exam about these tools–Not “In what situation would you use this tool?” questions, but “What syntax would you use to get this output?” type questions. Most of the syntactical answers were esoteric switches that were neither mentioned in class, nor in my study books, which was why it was very frustrating to find it on the exam. I flagged these questions for review by GIAC, as I don’t think that they were legitimate.
2) The other reason why this exam was more difficult, was that a number of the questions requried a bit of actual work & calculation, instead of just looking up the right answer–Though this made the exam much more difficult, I thought it was a great change from my previous GIAC exams, as it took it one step closer to real life experience, rather than just “multiple-guess.”
I will be working on my GCIA Gold next.