Exams

Sourcefire Certification Program

Sourcefire provides a path for interested candidates to distinguish themselves through a certification program. Certification can be achieved on both Sourcefire products and open source Snort, including an expert-level exam for those professionals who want to obtain certification on both technologies. Through testing and training, certification provides employees and employers with an understanding of each individual's skills and experience with Snort and Sourcefire products. The Sourcefire Certification Program offers three levels of individual achievement.

Certification Exam Summary:

Sourcefire Certified Professional (SFCP) Exam

Candidates that successfully complete the requirements of this certification track have distinguished themselves as having in-depth and thorough knowledge of Sourcefire products and their underlying technical concepts. Their skills in key areas are evaluated against Sourcefire's certification criteria.

Snort Certified Professional (SnortCP) Exam

This certification option is centered on Snort, the industry leading open source intrusion prevention solution. Candidates are assessed on a wide range of criteria that encompasses all the necessary open source components and technical skills for successful implementation and management of Snort technology. Sourcefire's certification criteria ensures that successful candidates stand out in the industry through the recognition of their capabilities.

Sourcefire Certified Expert (SFCE) Exam

This certification track represents a unique opportunity for individuals that wish to establish themselves at the highest levels of expertise in the industry through the mastery of the combined bodies of knowledge from both the SnortCP program and the SFCP program. Successful candidates are truly distinguished through more rigorous certification criteria based on more advanced, technically challenging material.

Exam Name: Sourcefire Certified Professional (SFCP)

Product No: SFCP-EXAM

Tech Requirements: Windows 2000/2003/XP/Vista or MAC OS X 10.5 (with Firefox 3.0)

Supported Browsers: IE7 and Firefox 3.0 (or higher)

Description:

This exam consists of 100 random questions with a 3 hour time limit. Each student is guaranteed 2 attempts within the 60 day subscription period to pass the exam. After successfully passing the exam, certificates are available within 48 hours of achieving a score of 70% or better. To print your online certificate, go to "My Courses" and then click the "certificate" link.

The proficiencies assessed in this certification program are as follows:

IDS/IPS & RNA Technology:

Understand what is meant by the term "Correlation"
Know basic security principals and attack techniques
Understand the various IDS/IPS evasion techniques
Be familiar with the basics of TCP/IP network protocols
Understand Impact and what data is required to calculate it
Be familiar with the Sourcefire Intrusion Sensor, Sourcefire RNA and Sourcefire Defense Center architectural components

System Settings, Policy & Health Monitoring:

Understand the functionality of the Access List configuration
Know the effect certain settings may have on the performance of the Defense Center
In general, be familiar with the various Defense Center/Intrusion Sensor/RNA system policy settings
Know the various options for managing time synchronization between Sourcefire 3D System devices
Be able to define what is meant by a System Policy
Understand the various options for database management for the various Sourcefire 3D System components
Know the types of policies available on the Sourcefire 3D System and what each one does
Be familiar with how the various health policy color codes help administrators determine the health state of the installation at-a-glance

Sample Questions

Price: $395

Exam Name: Snort Certified Professional (SnortCP)

Product No: SNORTCP-EXAM

Tech Requirements: Windows 2000/2003/XP/Vista or MAC OS X 10.5 (with Firefox 3.0)

Supported Browsers: IE7 and Firefox 3.0 (or higher)

Description:

The proficiencies assessed in this certification program are as follows:

Snort^® IDS/IPS Technology

Snort^® Architecture

Snort^® Installation

Snort^® Operation

Snort^® Preprocessors

Snort^® Configuration

Barnyard

Sample Questions

Price: $395

Exam Name:Sourcefire Certified Expert (SFCE)

Product No: SFCE-EXAM

Tech Requirements: Windows 2000/2003/XP/Vista or MAC OS X 10.5 (with Firefox 3.0)

Supported Browsers: IE7 and Firefox 3.0 (or higher)

Description:

The proficiencies assessed in this certification program are as follows:

General Snort^® Knowledge:
This exam draws from the pool of knowledge expected for Snort® certification. To prepare for the questions related to these content areas, follow the recommendations of the Snort® Study Guide. Approximately 40% of the items presented in this exam will test the candidate's general Snort® knowledge.

Sourcefire 3D System^® General Knowledge:
This exam also draws from the pool of knowledge expected for Sourcefire 3D System certification. To prepare for questions related to these content areas, follow the recommendations of the Sourcefire 3D System Study Guide. Approximately 40% of the items presented in this exam will test the candidate's general knowledge of the Sourcefire 3D System.

Additional Content for the Expert Exam:

Know the implications of obtaining Snort® rules from multiple sources
Know the specific setting options for the major preprocessors such as HTTP_Inspect, Stream4, frag3 and sfPortscan
Know how to interpret sfPortscan pseudo-packet payload information
Be familiar with the various encodings the HTTP_Inspect preprocessor is capable of decoding and, in general, how they work
Be prepared to interpret alert data based on specific scenarios articulated in exam items
Be prepared to work through troubleshooting scenarios for both open source Snort® and Sourcefire 3D System implementations
Be familiar with rule writing best practices

Sample Questions

Price: $395