Exams

Exam Overview

Exam Name: Sourcefire Certified Expert (SFCE)

Product No.: SFCE-EXAM

Tech Requirements: Windows 2000/2003/XP/Vista or MAC OS X 10.5 (with Firefox 3.0)

Supported Browsers: IE7 and Firefox 3.0 (or higher)

Description:

This exam consists of 100 random questions with a 3 hour time limit. Each student is guaranteed 2 attempts within the 60 day subscription period to pass the exam. After successfully passing the exam, certificates are available within 48 hours of achieving a score of 70% or better. To print your certificate, go to "My Courses" and click the "certificate" link below the course title.

The proficiencies assessed in this certification program are as follows:

General Snort^® Knowledge:
This exam draws from the pool of knowledge expected for Snort® certification. To prepare for the questions related to these content areas, follow the recommendations of the Snort® Study Guide. Approximately 40% of the items presented in this exam will test the candidate's general Snort® knowledge.

Sourcefire 3D System^® General Knowledge:
This exam also draws from the pool of knowledge expected for Sourcefire 3D System certification. To prepare for questions related to these content areas, follow the recommendations of the Sourcefire 3D System Study Guide. Approximately 40% of the items presented in this exam will test the candidate's general knowledge of the Sourcefire 3D System.

Additional Content for the Expert Exam:

Know the implications of obtaining Snort® rules from multiple sources
Know the specific setting options for the major preprocessors such as HTTP_Inspect, Stream4, frag3 and sfPortscan
Know how to interpret sfPortscan pseudo-packet payload information
Be familiar with the various encodings the HTTP_Inspect preprocessor is capable of decoding and, in general, how they work
Be prepared to interpret alert data based on specific scenarios articulated in exam items
Be prepared to work through troubleshooting scenarios for both open source Snort® and Sourcefire 3D System implementations
Be familiar with rule writing best practices

Price: $395

Exam Name: Sourcefire Certified Professional (SFCP)

Product No.: SFCP-EXAM

Tech Requirements: Windows 2000/2003/XP/Vista or MAC OS X 10.5 (with Firefox 3.0)

Supported Browsers: IE7 and Firefox 3.0 (or higher)

Description:

The proficiencies assessed in this certification program are as follows:

IDS/IPS & RNA Technology:

Understand what is meant by the term "Correlation"
Know basic security principals and attack techniques
Understand the various IDS/IPS evasion techniques
Be familiar with the basics of TCP/IP network protocols
Understand Impact and what data is required to calculate it
Be familiar with the Sourcefire Intrusion Sensor, Sourcefire RNA and Sourcefire Defense Center architectural components

System Settings, Policy & Health Monitoring:

Understand the functionality of the Access List configuration
Know the effect certain settings may have on the performance of the Defense Center
In general, be familiar with the various Defense Center/Intrusion Sensor/RNA system policy settings
Know the various options for managing time synchronization between Sourcefire 3D System devices
Be able to define what is meant by a System Policy
Understand the various options for database management for the various Sourcefire 3D System components
Know the types of policies available on the Sourcefire 3D System and what each one does
Be familiar with how the various health policy color codes help administrators determine the health state of the installation at-a-glance

Price: $395

Exam Name: Snort Certified Professional (SnortCP)

Product No.: SNORTCP-EXAM

Tech Requirements: Windows 2000/2003/XP/Vista or MAC OS X 10.5 (with Firefox 3.0)

Supported Browsers: IE7 and Firefox 3.0 (or higher)

Description:

The proficiencies assessed in this certification program are as follows:

IDS/IPS^® Technology

Snort^® Architecture

Snort^® Installation

Snort^® Operation

Snort^® Preprocessors

Snort^® Configuration

Barnyard

Price: $395