How to Pass the GPEN
Earlier this year I passed the GIAC certified penetration tester exam. As there are already a decent number of articles on how people passed the GIAC certified penetration tester exam, my aim here is to corral the resources and approaches I found to be helpful in my journey to taking and passing the exam.
Below are the two articles I primarily used:
Here is the all in one GPEN exam prep book I used:
The book does an impressive job condensing a six day in-person SANS course into 381 pages. I would caution readers that the book does not and could not possibly cover everything. I say that not as a critique of the book but simply so readers can have realistic expectations and know that supplemental independent study and research will likely be necessary.
To briefly summarize the aforementioned payl0ad.run article, an iterative approach can be helpful when studying for the GPEN or other GIAC certification exams. My first time reading through the prep book, I read entirely for content and comprehension. I would make very few notes, mostly noting exam tips.
I began indexing on my second full read through of the book. For those unfamiliar with the GPEN, it is an open book test and indexing is the process of making an index that links tools, techniques, and technologies to their respective pages in either the SANS course books or in this case the GPEN prep book for quick reference during the exam. Reading through the entire book twice as well as some additional independent study on authentication flows, tools, etc was enough for me to pass the exam. Depending on your number of years in the information security industry, if any, the number of times you may need to read the book will vary.
My overall journey / process at a high level:
- Read two above articles
- Purchased book
- Read entire book
- Read entire book again while indexing
- Practice test 1
- Additional study to address missed questions on the practice test or gaps in knowledge. Updated index accordingly
- Practice test 2
- Additional study to address missed questions on the practice test or gaps in knowledge. Updated index accordingly
- Took certification exam
- Passed exam
Tips:
- Having a few or even just one year’s experience in the security industry I found helps as the majority of the information covered in the book will be review as opposed to information being learned for the first time.
- Purchase of the book includes online practice questions through the Total Seminars Training Hub which is helpful for early indexing stages.
- Take the practice tests, they simulate very closely the level of difficulty and types of questions on the exam.
- The two biggest benefits of the practice exams are 1) it helps determine how well your index works and 2) it points out general areas that require further attention and study. I made many revisions to my index after the first practice test, primarily adding new entries but also adding secondary entries of existing entries I did not find during the exam. While putting SYN scan as a sub-entry of nmap (nmap, SYN scan) in your index may make sense while making the index, during the exam it is entirely possible you do not remember this decision and cannot find the entry under the S’s. The practice tests can really help to find these blind spots.
- After the first practice test I made a list of all the concepts, tools, etc that I was unfamiliar with or lacked depth of knowledge on and focused my studies and added additional index entries to address those areas.
- To that end be sure to learn the underlying technologies, authentication flows, etc that a given question is about instead of simply learning the answer to the practice question. The practice tests provide an environment to see the types of questions you may see on the exam but it is unlikely those questions would appear verbatim on the certification exam.
Thank you for reading and best of luck should you pursue this certification!
Additional Resources I found helpful:
This application is really helpful when indexing for any GIAC certification exam.