Exams

Exam Overview

Exam Name: Sourcefire Certified Expert (SFCE)

Product No.: SFCE-EXAM

Tech Requirements: Windows 2000/2003/XP/Vista

Supported Browsers: IE6 (SP2 or higher) and Firefox 1.5 (or higher)

Description:

This exam consists of 200 random questions with a 4 hour time limit. Each student is guaranteed 2 attempts within the 60 day subscription period to pass the exam. After successfully passing the exam, certificates are available within 48 hours of achieving a score of 75% or better. To print your certificate, go to "My Courses" and click the "certificate" link below the course title.

The proficiencies assessed in this certification program are as follows:

General Snort^® Knowledge:
This exam draws from the pool of knowledge expected for Snort^® certification. To prepare for the questions related to these content areas, follow the recommendations of the Snort^® Study Guide. Approximately 40% of the items presented in this exam will test the candidate's general Snort^® knowledge.

Sourcefire 3D System^® General Knowledge:
This exam also draws from the pool of knowledge expected for Sourcefire 3D System certification. To prepare for questions related to these content areas, follow the recommendations of the Sourcefire 3D System Study Guide. Approximately 40% of the items presented in this exam will test the candidate's general knowledge of the Sourcefire 3D System.

Additional Content for the Expert Exam:

Be prepared for more detailed questions on PCRE usage
Know the implications of obtaining Snort^® rules from multiple sources
Know the specific setting options for the major preprocessors such as HTTP_Inspect, Stream4, frag3 and sfPortscan
Know how to interpret sfPortscan pseudo-packet payload information
Be familiar with the various encodings the HTTP_Inspect preprocessor is capable of decoding and, in general, how they work
Be prepared to interpret alert data based on specific scenarios articulated in exam items
Be prepared to work through troubleshooting scenarios for both open source Snort^® and Sourcefire 3D System implementations
Be familiar with rule writing best practices

Price: $395

Exam Name: Sourcefire Certified Professional (SFCP)

Product No.: SFCP-EXAM

Tech Requirements: Windows 2000/2003/XP/Vista

Supported Browsers: IE6 (SP2 or higher) and Firefox 1.5 (or higher)

Description:

The proficiencies assessed in this certification program are as follows:

IDS/IPS & RNA Technology:

Understand what is meant by the term "Correlation"
Know basic security principals and attack techniques
Understand the various IDS/IPS evasion techniques
Be familiar with the basics of TCP/IP network protocols

Know the Sourcefire 3D System command and control default communications structure
Be familiar with the Sourcefire Intrusion Sensor, Sourcefire RNA and Sourcefire Defense Center architectural components

System Settings, Policy & Health Monitoring:

Understand the functionality of the Access List configuration
Know the effect certain settings may have on the performance of the Defense Center
In general, be familiar with the various Defense Center/Intrusion Sensor/RNA system policy settings
Know the various options for managing time synchronization between Sourcefire 3D System devices
Be able to define what is meant by a System Policy
Understand the various options for database management for the various Sourcefire 3D System components
Know the types of policies available on the Sourcefire 3D System and what each one does
Be familiar with how the various health policy color codes help administrators determine the health state of the installation at-a-glance

Price: $395

Exam Name: Snort Certified Professional (SnortCP)

Product No.: SNORTCP-EXAM

Tech Requirements: Windows 2000/2003/XP/Vista

Supported Browsers: IE6 (SP2 or higher) and Firefox 1.5 (or higher)

Description:

The proficiencies assessed in this certification program are as follows:

IDS/IPS Technology

Snort^® Architecture

Snort^® Installation

Snort^® Operation

Snort^® Preprocessors

Snort^® Configuration

Barnyard

Price: $395

Exam Name: Nokia Intrusion Prevention Solution powered by Sourcefire

Product No.: SFCP-Nokia-Exam

Tech Requirements: Windows 2000/2003/XP/Vista

Supported Browsers: IE6 (SP2 or higher) and Firefox 1.5 (or higher)

Description:

This exam consists of 100 random questions with a 3 hour time limit. Each student is guaranteed 2 attempts within the 60 day subscription period to pass the exam. After successfully passing the exam, certificates are available within 48 hours of achieving a score of 75% or better. To print your certificate, go to "My Courses" and click the "certificate" link below the course title.

Candidates that successfully complete the requirements of this certification track have distinguished themselves as having in-depth and thorough knowledge of the Sourcefire 3D System for Nokia product. The following areas are assessed through this process:

Sourcefire 3D System for Nokia Overview
Sourcefire 3D System Installation & Deployment
Sourcefire 3D System for Nokia Administration
Sourcefire 3D System for Nokia Policy Configuration & Management
Sourcefire 3D System for Nokia Compliance Policy & Remediation
Sourcefire 3D System for Nokia User Administration & Management
Sourcefire 3D System for Nokia Report Creation & Management

Price: $295