GIAC Experienced Cyber Security (GX-CS) icon

GIAC Experienced Cyber Security (GX-CS)

Applied Knowledge Certification

The GIAC Experienced Cybersecurity Specialist Certification (GX-CS) further demonstrates that a candidate is qualified for hands-on IT systems roles. Certification holders will validate their ability to solve complex multifaceted problems through new and diversified security practices and tasks.

Areas Covered

  • Network Security
  • OS Security
  • Overall Cybersecurity
  • Security Tools and Techniques
  • Common Attacks
  • Common Defenses

Who is GX-CS for?

  • Well-rounded candidate with general understanding of all areas of cyber security
  • Strong desire to demonstrate superior hands-on capabilities compared to one's peers
  • Expand your portfolio
  • Demonstrate your next level skills
  • Continue your journey to becoming an expert

Exam Format

  • 1 proctored exam
  • Open book, open notes
  • Time limit 4 hour
  • 25 CyberLive - hands-on, real-world practical testing. CyberLive testing creates a lab environment where cyber practitioners prove their knowledge, understanding, and skill using:
    • Actual programs
    • Actual code
    • Virtual machines

    Find out more about CyberLive here.

    NOTE: GIAC reserves the right to change the specifications for each certification without notice.To verify the format read the Certification Information found in your account at


NOTE: All GIAC Certification exams are web-based and required to be proctored. There are two proctoring options: remote proctoring through ProctorU, and onsite proctoring through PearsonVUE. Click here for more information.

GIAC certification attempts will be activated in your GIAC account after your application has been approved and according to the terms of your purchase. Details on delivery will be provided along with your registration confirmation upon payment. You will receive an email notification when your certification attempt has been activated in your account. You will have 120 days from the date of activation to complete your certification attempt.

Exam Certification Objectives & Outcome Statements

  • Full System Evaluation
    The candidate will be able to solve a complex security related task based on a system and scenario presented to them. Some tools to consider completing these objectives would be tcpdump, Hashcat, nmap, hping3, strings, and any other SEC401 or earlier course tools.
  • Linux Password Cracking
    The candidate will be able to manipulate a dictionary file and crack passwords in a Linux environment using tools such as Hashcat and Aircrack-NG to access secure information from encrypted files using GPG or GPA.
  • Malicious Program Execution and Exploitation
    The candidate will be able to evaluate executables using the strings tool and other methods, use a trojan executable to gain privileged access to another computer and perform a task, or utilize a command injection attack to gain privileged access
  • Network Communication Analysis
    The candidate will be able to extract information from a datastream (network connection, log files, alerts, etc…) or Pcap using tools such as tcpdump, Wireshark, Snort, etc... to access secure information from encrypted sources (GPA (GPG), Image Steganography, protected files, etc…).
  • Network Scanning
    The candidate will be able to scan a network to find open and closed ports, OS versions, and various vulnerabilities. The candidate should be able to recognize this traffic in a traffic monitoring application such as tcpdump. This information could be used to connect to a host, apply a minor exploit, or craft packets using Hping3 to bypass firewalls, spoof IP and/or Port to gain information.
  • Process Hacking
    The candidate will be able to evaluate vulnerable processes and exploit them to gain access to secure information using the Process Hacker tool.
  • Windows Password Analysis
    The candidate will be able to recover hashes from the SAM database and crack passwords in a Windows environment using the Cain and Abel tool.
  • Windows System Evaluation
    The candidate will be able to evaluate vulnerable processes and exploit them to gain access to secure information. Evaluate Windows firewall configurations and use Powershell to perform complex Windows administration tasks.

Other Resources

  • Affiliate Training - SEC401 (Primary fit course*), SEC503, FOR508, SEC560, SEC542, SEC599, SEC501, SEC505, FOR500, SEC660
  • Practical work experience can help ensure that you have mastered the skills necessary for certification.
  • Get information about the procedure to contest exam results.

*Courses that include a "primary fit course" designation have the most closely aligned content but do not include all of the content, tools, and platforms that could included in testing on the Applied Knowledge exam.

Demo Questions

  • These questions allow a candidate to experience the exam style and complexity in the environment used during the certification exam.
  • Demo questions are never included in the actual certification exam.
  • The demo questions include 3 questions, and the student has 45 minutes to complete. Note that the average time per question is not as fast paced as the actual exam attempt.
  • Limited demo questions per exam are available so you will receive repetitive questions if multiple Demo Questions are purchased.
  • Demo questions are nontransferable.
  • GIAC recommends leveraging additional study methods for test preparation.