GIAC Certified Enterprise Defender (GCED)
TargetThe GCED builds on the security skills measured by the GSEC (no overlap). It assesses more advanced, technical skills that are needed to defend the enterprise environment and protect an organization as a whole. Knowledge, skills and abilities assessed are taken from the areas of Defensive Network Infrastructure, Packet Analysis, Penetration Testing, Incident Handling, and Malware Removal.
Preparing for the GCED Exam: Candidates may choose to prepare for the GCED exam by taking the SANS Training Course: SEC501: Advanced Security Essentials - Enterprise Defender
*No Specific training is required for any GIAC certification. If candidates need help in mastering the objectives for this certification, there are many sources of information available. Practical experience is one option; there are also numerous books on the market covering Computer Information Security. Another option is SANS training, or any relevant courses from other training providers.*
- 1 proctored exam
- 115 questions
- Time limit of 3 hours
- Minimum Passing Score of 68%
GIAC reserves the right to change the specifications for each certification without notice. Based on a scientific passing point study, the passing point for the GCED exam has been determined to be 68% for all candidates receiving access to their certification attempts on or after December 20th, 2012. To verify the format of your current certification attempt, please read the Certification Information found in your portal account at https://exams.giac.org/pages/attempts.
Certifications must be renewed every 4 years. Click here for details.
NOTE: GIAC exams are NOT given the day after the conference ends.
GIAC certification attempts purchased without SANS training will be activated in your SANS/GIAC account within 24 business hours of purchase. GIAC certification attempts purchased with SANS training will be activated in your SANS/GIAC account 7-10 business days after the end of the conference. In both cases, you will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt. GIAC exams must be proctored through Pearson VUE. Please click the following link for instructions on How to Schedule Your GIAC Proctored Exam. GIAC exams are delivered online through a standard web browser.
- Certified Professionals (GCED)
- Exam Feedback Procedure
- Grievance Procedure
- Proctored exam procedure
- SANS Information Security Reading Room
Bulletin (Part 2 of Candidate Handbook)
Exam Certification Objectives & Outcome Statements
The topic areas for each exam part follow:
- Advanced Controls
- The candidate will be familiar with advanced controls that can be deployed to protect network infrastructure
- Advanced Packet Inspection For Intrusion Detection
- The candidate will understand IDS and packet inspection technologies as well as how to detect the most common types of attacks.
- Advanced Topics In Pen Testing
- The candidate will an understanding of advanced attacks, tools, and defenses.
- Alternate Data Streams
- The candidate will understand what alternate data streams are as well as tools and techniques that can be used to detect, analyze, and remove them.
- Attack Tools and Techniques
- The candidate will be familiar with common tools use to carry out network infrastructure attacks and their basic capabilities.
- Built In Windows Tools
- The candidate will understand how to use windows command line tools to aid in identifying and removing malware.
- Containment, Eradication, and Recovery
- The candidate will know containment, eradication, recovery, and lessons learned phases of the incident handling process as well as the tools that can be used to carry them out.
- Data Classification
- The candidate will demonstrate an understanding of standard data classification issues.
- Data Loss Prevention
- The candidate will understand risks and vectors associating with confidential data leakeage, and be able to implement best practices to detect and prevent data loss.
- External Tools
- The candidate will understand the features and usage of HijackThis, Process Explorer, TCPView, Listdlls, and other tools use to remove malware.
- Hardening Routers and Switches
- The candidate will understand the CIS level 1 and 2 benchmarks as they apply to Cisco routers and the SANS Gold Standard for Switch configurations
- IDS Testing
- The candidate know how to validate the performance of an IDS, and be familiar with useful tools and testing options.
- Incident Handling and Forensics Methodology
- The candidate will understand the essential incident handling and forensics methodology.
- Insider Threats
- The candidate will demonstrate an understanding of the severity and types of insider threats and how to protect against them.
- IPS and Open Source Options
- The student will understand what IPS is and be familiar with open source options for IDS/IPS.
- Network Infrastructure Security Challenges
- The candidate will understand the challenges associated with securing the network infrastructure including Cisco devices.
- Packet Analysis with Wireshark
- The candidate will understand how to use the ubiquitous sniffer Wireshark to filter and analyze network traffic.
- Pen Testing Overview
- The candidate will understand penetration testing methodology, techniques, and tools.
- Preparation and Identification
- The candidate have an in-depth understanding of the tools and techniques that can be used in the preparation and identification phases of the incident handling process.
- Risk Management
- The candidate will demonstrate an understanding of how to manage risk, threats, and vulnerabilities.
- The candidate will understand the characteristics and capabilities of rootkits as well as tools that can be used for detection and removal.
- Using the Web to Identify Malware
- The candidate will understand web-based sandboxes and the features of three popular options.
Where to Get Help
Training is available from a variety of resources including on line, course attendance at a live conference, and self study.
Practical experience is another way to ensure that you have mastered the skills necessary for certification. Many professionals have the experience to meet the certification objectives identified.
Finally, college level courses or study through another program may meet the needs for mastery.
The procedure to contest exam results can be found at http://www.giac.org/about/procedures/grievance.