Harlan,
No I did not get any reply from SANS. By that time, I had already paid for GCIA (Intrusion Analysis) exam and so I appeared for it as well. There also it was the same scenario. The first paper on TCP/IP was kinda ok but in second paper I had almost 6-7 questions repeating in the same exam. Its high time they looked at the randomizer program that powers their engine! Also, some questions explicitly refers to the training content. Poor guys like me who do not have access to the study material have no choice but to guess in such questions.

Its amazing how they can base the whole question paper on Snort and its remote unknown plugins when there could have put some questions on intrusion detection as a science. I would have loved to see some questions on sample traces of virus/trojans/intrusion attempts.... that would have made the whole effort worthwhile and given me the confidence to face real life intrusions in a better way!
Regards,
Chetan  

I wasn't really sure about the GCFA and what the exam actually proved. Let's see..questions on sleuthkit, a few procedural questions, more questions on sleuthkit, linux based examination question (strings output etc), command flags....hmmm not really about forensics at all.  

See, this is what i was afraid of. Cramming, instead of learning. Memorizing, instead of understanding.

Unfortunately where I am located, those extra letters do mean a lot.

So Cinux, you registered for the class, and the test, and used the example tests to pull information from the class. Is that correct?

Can you be a bit more specific as far as the content of the class/test? You mentioned Snort for the GCIA. What if you I used commercial products, am I out of luck? Is that the same for GCFA? All open source, no commercial products?  

I have to agree with regards to the exams-it does seem a bit like cramming-however I was only talking about the course itself, which is hands on and gave me a springboard to experiment from(grab HDDs from friends and from the dump etc and just play).
I suppose there could be a better way of having a practical exam to pit your wits against-kind of like a challenge exercise. AFAIK< the gold cert requires a paper-not sure if this is the case with the GCFA.  

- libertate

So Cinux, you registered for the class, and the test, and used the example tests to pull information from the class. Is that correct?

Can you be a bit more specific as far as the content of the class/test? You mentioned Snort for the GCIA. What if you I used commercial products, am I out of luck? Is that the same for GCFA? All open source, no commercial products?

No libertate, I did not register for the Class. I just registered for the exam which is 800$. When you register for an exam, they give you 4 sample tests. From those sample tests (and the course contents given on the SANS site ) I got an idea about what they are covering in the exam.

No you are not out of luck if you are using commercial products since you do understand the nuances of Intrusion detection. However, for the purpose of passing the exam, you have to know in and out of snort (cram snort concepts like distance, offset, within etc )....
Yes, GCFA/GCIA is all about open source....not commercial products....

Regards,
Chetan