Here are some tips for studying for the GPEN Certification that helped me successfully pass the exam:
I only used the SANS books. As the professor says on day one of training, "EVERYTHING you need to pass the exam is in these books." He was right. I honestly think time spent using other materials would have been wasted because you don't know if that material would end up on the test or not. Everything in the book is fair game. I wouldn't read every volume of the Encyclopedia if I was told an exam was on the book on Zebras.
Exam Preparation Steps
Here are the steps I took over a period of one month and three weeks total, including my actual SANS course:
- Took the class.
- Took Pre-test#1 without any studying to see how far off I was on the subjects and to see where I needed to focus my energies. I got a 68% score.
- Read every page of the books and highlighted the important information while creating an index in Excel of where everything was for quick lookups.
- Tabbed all the pages with topics I knew would be on the test, based on my pretest experience.
- Took my next pre-test; I got an 89% and scheduled my exam for one week later. That week, I went back through my books, looking for the topics that I couldn't find (for the 11% that I got wrong in the pre-test) and added them to my index.
- I passed my exam.
*If I could do it again, I would switch steps 2 and 3 because I was naive and thought I could ace the pre-test without studying. Boy, was I wrong.
Other Certifications and Future Plans
The only other certification I have is A+. I think that, content-wise, preparing for the A+ exam was more work because A+ is a much broader subject, and the exam is broken into two tests. However, GPEN was a much harder test to take, since it was at a different skill level. It may have been the hardest test I've taken thus far, but I was well prepared.
The next certification on my list to obtain is the GSLC, since I facilitated the MGT512 course (it's similar to CISSP) three weeks after my SEC560 (GPEN) course. After that certification, I will probably go for my OSCP or GWAPT, depending on if I am asked to facilitate an upcoming SEC542 course. For a similar test prep guide, check out https://tisiphone.net/2015/08/18/giac-testing/.