GCIH certification overview
The GIAC Certified Incident Handler (GCIH) is one of the most prestigious certs for IT professionals who are starting their journey into the world of Incident Handling, and even for seasoned employees as well. This article provides an overview of the GCIH Certification, its objectives, exam style and other relevant details.
Exam Style
The GCIH exam consists of the following characteristics:
Get certified with an Exam Pass Guarantee
Looking to get certified? Many of our boot camps are backed by an Exam Pass Guarantee, ensuring you leave with the certification you want.
- Exam Questions:150
- Type: Proctored
- Time Limit: 4 Hours
- Minimum Passing Score: 73%
- Renewal of cert: At 4-year intervals
Objectives
The GCIH cert requires the candidate to understand what a Security Incident is and to deal with an incident after it has occurred. The following are the exam objectives upon which a candidate is expected to demonstrate their skills.
- Reconnaissance
- Gathering information about any inbuilt tools like whois.com and be able to interpret the information generated from such them.
- Knowledge around the DNS and how misconfiguration like DNS Zone can be identified using tools such as nslookup, dig, etc.
- Knowledge of how to use web search engines for reconnaissance such as GHDB.
- Scanning
- How to map networks to reveal misconfigurations and vulnerabilities.
- An understanding of ports mapping and OS fingerprinting.
- How to evade certain network security tools such as IDS/IPS when launching a mock Cyber-attack.
- Knowledge of different vulnerability management tools such as Nessus, Nikto, etc.
- How to configure SMB mapping to gather information around the Windows environment. This includes executing various commands to map and enumerate smb shares both from Windows to Windows and Linux to Windows OS environments.
- Exploitation
- Gathering information and mapping network, services.
- Knowledge around Netcat to achieve persistence and data transfer.
- Configuring around IP address and the ability to spoof with tools like Wireshark and Dsniff etc.
- Know the fundamentals around Session hijacking using tools like Ettercap.
- How to launch DNS cache poisoning attacks and mitigating them as well.
- How Buffer overflow attack works as well as the various parser problems such as protocol parser for a buffer overflow situation.
- A working knowledge of format string attacks and their defenses.
- How the Windows OS stores password hashes and how they can be extracted via a brute force attack using tools such as John the Ripper, Cain & Abel, Rainbow Tables, etc.
- How the Pass the Hash attack works.
- A knowledge of worms, such as:
- Multi exploit worms;
- Multi-platform worms;
- Zero-day exploit worms;
- Fast-spreading worms;
- Polymorphic worms,
- Metamorphic worms.
- Knowledge of Bots, how are they distributed, and communicate amongst one another.
- An understanding on the OWASP Top 10 Attacks list, such as SQL Injections, Cross Site Scripting, etc.
- How Distributed Denial (DDoS) attacks can be launched, their types and defenses.
- Maintaining Access
- How to maintain access to a rooted system.
- Know what backdoors are and how they work in the software development world.
- A working knowledge around rootkits, in particular:
- User Mode Rootkit;
- Kernel Mode Rootkit.
- Covering Tracks
- How to covertly hide files in both Linux and Windows OS environments.
- Editing of important log files such as bash and how to remove artifacts from them.
- How to use various covert and tunneling channels, such as:
- Reverse HTTP shells;
- ICMP tunnels;
- Backdoor sniffers
- Steganography.
An understanding of how to protect against the above-mentioned covert channels.
Conclusions
While studying for the GCIH takes hard work and lots of effort,t indeed, it does not appear to be perhaps as difficult when compared to some of the other Cybersecurity cert exams. A primary reason for this is that all the GIAC based exams are open book and open notes exam (but not open Internet or open computer), which very much, unlike other IT certs.
A specific GIAC preparation guide can be downloaded here.
There are other GCIA related certs to the GCIH, and are as follows:
Get certified with our Exam Pass Guarantee
Many of our boot camps come with an Exam Pass Guarantee: if you fail on your first attempt, we'll invite you to re-sit the course for free and cover the cost of your second exam.
- GIAC Penetration Tester (GPEN)
- GIAC Web Application Penetration Tester (GWAPT)
- GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- GIAC Assessing and Auditing Wireless Networks (GAWN)
- GIAC Mobile Device Security Analyst (GMOB)
- GIAC Python Coder (GPYC)
A recommended study book is the "GIAC Certified Incident Handler Certification (GCIH) Exam Preparation Course in a Book for Passing the GCIH Exam - The How to Pass on Your First Try Certification Study Guide - Second Edition." It can be purchased here.
Sources
- Incident handling
- Certified incident handler
- Prep Guide
Enroll in an Infosec boot camp and earn your next IT or security certification — guaranteed.
- Live training from anywhere
- Practical, hands-on training
- Exam Pass Guarantee!
In this Series
- GCIH certification overview
- Top Linux+ interview questions for 2024
- The 2024 guide to CCNP salary: What to expect as a certified professional
- CCPT vs. GCPN: A cloud certification comparison
- Average SCADA Security (CSSA) salary
- Top 5 things you must know to pass the AWS Security Specialist exam
- SSCP Certification: Overview and Career Path
- Average CompTIA Linux+ salary [2022 update]
- Linux+ certification: Related training and courses [2022 update]
- Why information security professionals should learn about law
- Want to lead a global privacy program? 6 things to know about CIPM
- CIPP/US: 5 things to know about privacy and cybersecurity law
- CompTIA Cloud+ Certification: An Overview [updated 2021]
- CertNexus CyberSec First Responder: Certification, exam and training details
- CertNexus Certified IoT Security Practitioner: Certification, exam and training details
- CertNexus certification and career path overview
- CertNexus Cyber Secure Coder: Certification, exam and training details
- The OSCP certification and exam [updated 2021]
- Average SSCP Salary [Updated 2021]
- Average HCISSP salary [Updated 2021]
- Average Certified Penetration Tester (CPT) salary [Updated 2021]
- Average CCIE salary [updated 2021]
- Average RHCE salary [updated 2021]
- CCNA security retired: Time to earn your Cisco CyberOps certification?
- CompTIA Linux+ XK0-005 – what changed with this cert and test? [2022 update]
- Free online cyber security training: Courses, hands-on training, practice exams
- The CPT certification and exam
- The CEPT certification and exam
- Do you need CIPT certification?
- VCP 6.5 Certification & Exam
- Everything you need to know about CIPT certification
- Average IT security auditor salary
- Average RHCSA Salary
- CompTIA IT Fundamentals+ Certification: An Overview
- Average help desk support salary in 2018
- 7 most difficult information security certifications
- The GSEC certification and exam
- The International Association of Privacy Professionals CIPT Certification
- Becoming a Cybersecurity Practitioner (CSXP)
- International Association of Privacy Professionals (IAPP): Certification overview
- InfoSec Institute Launches Security Awareness Practitioner Certification
- The International Association of Privacy Professionals CIPP/E Certification
- The International Association of Privacy Professionals CIPM Certification
- GIAC penetration tester (GPEN) certification
- What is the GCFE?
- GIAC Certifications Overview
- CGEIT Domain 5: Resource Optimization [DECOMMISSIONED ARTICLE]
- The IAPP CIPP/US certification: The leading U.S. privacy credential
- CGEIT Domain 4: Risk Optimization
- CGEIT Domain 2: Strategic Management [DECOMMISSIONED ARTICLE]
- Certified Wireless Security Specialist (CWSS) Salary
