GIAC Applied Knowledge Certifications are designed to provide a more comprehensive and rigorous assessment of knowledge and skills. GIAC Applied Knowledge certifications take testing to the next level. These certifications are:
- Intended to provide candidates with a more thorough understanding of a wide range of topics and subject matter
- 100% CyberLive and are designed to push beyond individual technical skills. CyberLive questions require candidates to synthesize their skills and use them to solve real-world challenges in a virtual machine environment.
- Ideal for candidates who wish to challenge themselves and demonstrate their mastery of a subject
- Stackable with GIAC Practitioner Certifications, enabling candidates to build their Portfolios to become a GIAC Security Professional (GSP) and/or a GIAC Security Expert (GSE)
Applied Knowledge Certifications
| Applied Knowledge Certification | Description | Affiliate Training |
|---|---|---|
| New! GIAC Experienced Forensics Expert (GX-FE) | The GIAC Experienced Forensic Examiner (GX-FE) demonstrates that a candidate is qualified for a hands-on Windows forensic analyst role. Certification holders will have validated their ability to analyze a Windows host to uncover evidence that proves a user performed a particular activity on the device. A GX-FE candidate will perform analysis on a variety of disk images using a Windows 10 version of the SIFT workstation pre-configured with commercial, open-source, and freeware forensic tools. Disk images were forensically acquired from Windows computers and removable media, and may be presented in a variety of common evidence formats including E01, Raw/DD, AD1, S01, L01, and KAPE VHDX. | FOR500 |
| GIAC Experienced Cybersecurity Specialist Certification (GX-CS) | The GIAC Experienced Cybersecurity Specialist Certification (GX-CS) demonstrates that a candidate is qualified for hands-on IT systems roles. Certification holders will validate their ability to solve complex multifaceted problems through new and diversified security practices and tasks. A candidate of GX-CS will perform work on a variety of hosts, primarily using the *Slingshot distribution and Windows 10. The candidate may encounter other linux-based distributions such as Debian and Ubuntu Server. In some cases a candidate will be working on a single host that could have local containerization. In other cases the candidate will find additional hosts on a network to which they do not have console access. *Slingshot may be researched and downloaded here. | SEC401 |
| GIAC Experienced Forensic Analyst Certification (GX-FA) | The GIAC Experienced Forensic Analyst (GX-FA) candidate will perform work on a Windows 10 SIFT workstation which includes a WSL Ubuntu shell containing the SANS SIFT Linux distribution. The host has a variety of GUI based and command line utilities for use during the exam including but not limited to tools for Windows forensics artifact processing and analysis, image mounting and volatile memory analysis. The candidate will encounter raw data and processed artifacts from a variety of enterprise Windows hosts. They will be required to apply a variety of forensic and incident handling technique to identify and analyze the provided data. The SANS Linux SIFT workstation can be researched and downloaded here. | FOR508 |
| GIAC Experienced Intrusion Analyst Certification (GX-IA) | The GIAC Experienced Intrusion Analyst Certification (GX-IA) demonstrates that a candidate is qualified to solve complex and unique challenges that Intrusion Analysts encounter. Certification holders will validate their ability to solve multi-step problems through incorporating various concepts and methodologies to identify malicious activity A candidate of GX-IA will perform work on a variety of hosts, such as Xubuntu, Ubuntu Server, and Windows 10, as well as versions of the SIFT, Slingshot, and SOF-ELK *distributions. In some cases a candidate will be working on a single host that could have local containerization. In other cases the candidate will find additional hosts on a network to which they do not have console access. *These distributions may be researched and downloaded here. | SEC503 |
| GIAC Experienced Incident Handler Certification (GX-IH) | The GIAC Experienced Incident Handler Certification (GX-IH) demonstrates a candidate's superior incident response skills. Mastery of hands-on attacker techniques combined with incident response tools and practices validate that certification holders have the skills and knowledge to take teams to the next level A candidate of GX-IH will perform work on a variety of hosts, primarily using the *Slingshot distribution and Windows 10. Some Windows 10 hosts use WSL. In some cases a candidate will be working on a single host that could have local containerization. In other cases the candidate will find additional hosts on a network to which they do not have console access. *Slingshot may be researched and downloaded here. | SEC504 |
| GIAC Experienced Penetration Tester Certification (GX-PT) | The GIAC Experienced Penetration Tester (GX-PT) Certification demonstrates that a candidate is qualified for hands-on red and purple-team penetration testing roles that require advanced skills, thorough comprehension of pentesting methods and approaches, and the ability to think critically in a time-restricted situation. Certification holders will validate their ability to map networks, identify vulnerabilities, and exploit hosts in various environments through a diverse set of tasks. A candidate of GX-PT will perform work from a variety of hosts, primarily using Windows 10 and the Slingshot* Linux distribution against various other OS types. The candidate may encounter other Linux-based distributions such as Debian and Ubuntu Server. In some cases, a candidate will be working on, or attacking, a single host that could have local containerization, working against enterprise environments that include various Windows Server versions, or dropped into a machine with only console access. *Slingshot may be researched and downloaded here. | SEC560 (Primary fit course) SEC401SEC501SEC503SEC504SEC542SEC565SEC580SEC617 |
How to Prepare for Applied Knowledge Certifications
Unlike our traditional GIAC Practitioner Exams, preparation for GIAC Applied Knowledge exams is not directly linked to a specific affiliate training course. To prepare for a GIAC Applied Knowledge Certifications, GIAC recommends that candidates review the content within the primary fit affiliate course, however, candidates should not rely on this course alone. Along with content and labs included in primary fit course, candidates should review the Areas Covered list found on each Applied Knowledge certification page. Additionally, work experience will also equip candidates for success.
Are You Ready for an Applied Knowledge Exam?
Erik - Cybersecurity Rockstar
Erik is a renowned cyber expert and multi-time winner of Capture-the-Flag (CTF) competitions demonstrated their expertise by taking an Applied Knowledge exam in their area of proficiency without taking the affiliate partner primary fit course. This individual is a true cybersecurity rockstar. Remarkably, the expert passed the exam on their first attempt, showcasing their exceptional skills and knowledge in the field.
Kendra - Recent College Graduate
Kendra is a recent college graduate with a degree in computer science and exceptional aptitude and talent, enrolled in her first SANS class. On day 6 of the course, she led her team to victory in the Capture-the-Flag (CTF) exercise. During her certification attempt, the student demonstrated outstanding performance and passed with remarkable scores.
Ravi - Cybersecurity Practitioner With 10 Years Experience
A cyber practitioner with a decade of technical experience in the industry enrolled in a SANS course and demonstrated exceptional skills in the labs. As a result, Ravi excelled in the practitioner level GIAC exam with outstanding marks. The practitioner was confident that they could adapt the techniques learned in the labs to new and unique environments without further instruction. However, when attempting the Applied Knowledge exam, Ravi fell just short of passing and ultimately failed.
Jason - Cybersecurity Practitioner
Jason is new to cybersecurity and enrolled in their first SANS course, but failed to complete all the labs in class. Consequently, he struggled to apply the techniques learned in class to unfamiliar scenarios in his own environment. Despite this, he managed to pass the certification on his first attempt, with a score in the upper 70s. Encouraged, Jason felt ready for a specialist exam, and attempted it two weeks later using his course index. Unfortunately, he failed. In a second attempt, Jason revisited the course labs but failed again.
Olivia - 20 Years Cybersecurity Experience
Olivia has two decades of experience in cybersecurity and took a course in their area of expertise. Olivia’s employer used an expensive commercial suite to perform the tasks covered in the course for the past five years. While Olivia's extensive experience and familiarity with the domain enabled them to pass the primary fit affiliated certification exam, they were unable to pass the specialist exam due to unfamiliarity with the tools available. Her employer's expensive commercial suite was not available for her to use during the exam and Olivia was unaware of any other methods to solve the challenges, which resulted in her failing the exam.
Sarah - Cybersecurity Rockstar
Sarah is an experienced and highly skilled cybersecurity professional enrolled in a course in an unfamiliar domain. Due to their proficiency in taking certification exams, they passed the primary best fit certification exam with ease. Overconfident, Sarah assumed that passing the specialist exam would be a breeze since she paid attention to the labs. However, Sarah failed the first specialist exam attempt, underestimating its difficulty. On impulse, she purchased a retake, but with a full-time job and busy family life, she lacked the time to delve deeper into an unfamiliar domain. Despite being exposed to the types of challenges on the exam, Sarah failed her second attempt primarily due to a lack of additional study time.
Continue Your Certification Journey
What Others Are Saying About Applied Knowledge Certifications
Do I need to hold any GIAC certifications before I can attempt to earn an Applied Knowledge certification?
No. There are no prerequisites. Please visit our Applied Knowledge Certifications page for helpful information about the associated exam and how to prepare.
Are practice tests included with Applied Knowledge certification attempts?
No, practice tests are not included. However, we offer Demo Questions to help you prepare.
How do I prepare for a GIAC Applied Knowledge exam?
Check out our preparation tips here.
What kind of questions are on an Applied Knowledge exam?
Applied Knowledge exams are comprised of 25 CyberLive hands-on questions. CyberLive testing creates a lab environment where cyber practitioners prove their knowledge, understanding, and skill.
How do I earn a GIAC Applied Knowledge Certification?
GIAC Applied Knowledge Certifications require successfully passing a proctored exam & are applicable to the same policies as GIAC Practioner Certification exams. Please review our proctored exam overview here.