GIAC GCIH : GIAC Certified Incident Handler Exam
The GIAC GCIH: GIAC Certified Incident Handler is designed primarily for incident handlers who manage security incidents. The associated certification for this course will demonstrate that a candidate is familiar with a variety of different security techniques including detecting malicious applications and network activity, common attack techniques that compromise hosts, and detecting and analyzing system and network vulnerabilities.
The GIAC GCIH exam is proctored. The test will contain a range of 150 questions, and a candidate will be provided with 240 minutes in which to complete the exam. In order to pass the test, a candidate will need to achieve a minimum score of 72.7%.
In order to prepare for the GIAC GCIH test, a candidate is encouraged to enroll in the SANS training course: SEC504: Hacker Techniques, Exploits and Incident Handling. An example of one topic that will be covered on this test is Exploiting Systems Using Netcat. Here, a candidate will need to have an understanding of how to properly use the Netcat utility and how to defend against it.
Other topics that a candidate can expect to see on this test include Backdoors and Trojan Horses, Denial of Service Attacks, and Incident Handling: Overview and Preparation. These are just general guidelines for the content of the exam, and additional topics may appear.