+ Reply to Thread
Results 1 to 21 of 21
  1. Junior Member Registered Member
    Join Date
    Apr 2012
    Posts
    6
    #1

    Default snort certified professional exam

    hi all,

    I am looking for anybody who has sat the snortcp exam and if they have any advice they would like to share.
    I know it's 100 questions in 3 hours and open book. In principle that sounds like an "easier" exam, but I would like to hear from anybody who has sat it.

    Regards

    J
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Aug 2011
    Location
    Little Rock, AR
    Posts
    818

    Certifications
    CISSP, CCNA (R&S, Sec), WGU BS:IT Sec, MCTS: Win 7 Config, Sec+, Project+, Storage+, Net+, A+
    #2
    I glanced at this one, but I really don't like open book exams. If I hear some good things about it, I will look in to it a little more.
    Reply With Quote Quote  

  4. Senior Member ChooseLife's Avatar
    Join Date
    Feb 2011
    Location
    runlevel 3
    Posts
    926

    Certifications
    BCSc Network Security, VCP, MCSA:Sec, CCNA:Sec, GIAC GSEC, Sec+, ITIL-f
    #3
    I'm going to repeat what I said in the other thread:

    Quote Originally Posted by ChooseLife View Post
    I looked at it before and decided it's just another product-specific from a vendor trying to make a little extra money. I use Nessus at work, but see no reason to spend money to becomes a certified user. Same thing for Splunk, Wireshark, etc - I prefer to RTFM for free
    Ditto for Splunk
    Reply With Quote Quote  

  5. Paper cranes for everyone the_hutch's Avatar
    Join Date
    Dec 2011
    Location
    We all live in a yellow submarine...
    Posts
    804

    Certifications
    BSIT (CNSS 4011, 4012) / Sec+, Net+, CFOI, CEH, ECSA, CHFI, CNDA, CISSP, OSCP
    #4
    Never heard of it. But I doubt it will ever have much credibility as long as it is open-book.
    Reply With Quote Quote  

  6. Paper cranes for everyone the_hutch's Avatar
    Join Date
    Dec 2011
    Location
    We all live in a yellow submarine...
    Posts
    804

    Certifications
    BSIT (CNSS 4011, 4012) / Sec+, Net+, CFOI, CEH, ECSA, CHFI, CNDA, CISSP, OSCP
    #5
    Quote Originally Posted by the_hutch View Post
    Never heard of it. But I doubt it will ever have much credibility as long as it is open-book.
    By never heard of it, I mean the cert...not snort
    Reply With Quote Quote  

  7. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #6
    I'm actually taking the Snort IDS/IPS + Rule Writing course from Sourcefire next month (on my own dime). I might also consider taking the exam, although I've technically already paid for it. I'm more interested in filling knowledge gaps than anything else, but doing the exam gives me some ego incentive to learn the material faster and compress my brain more, so it'd be to my ultimate advantage to put myself into the firing line regardless of whether I'd pass or fail. You get two exam attempts with a single purchase, I believe.

    https://na8.salesforce.com/sfc/p/800...libLaV0ZcOXMs=

    I've also taken the Sourcefire 3D course before and I'll say that it certainly helped for the particular environment I worked in because the admin guide is damn long, plus you get some good tips and nuggets from the instructor that isn't always covered in the documentation. I didn't pay for that course because at the time the training came with the corporate purchase. I think the SFCP cert is a good way to motivate customers so they can fully leverage the platform with justifiable results (and you have to remember how expensive these things are which management is keenly aware of). The product and related functionality can get amazingly complex, especially when it comes to reading / writing your own rules.

    I wouldn't necessarily discount open-book exams. All the GIAC exams are open book and it doesn't make them an easy pass. As for product certifications, I'd say Cisco and Microsoft certs are pretty product line-centric (sometimes focused on just a single product). Although I've never taken a Microsoft exam, I found some of the structured study material pretty helpful, even with all the free TechNet documentation.

    A lot of times the available documentation doesn't cover some of the real-world nuances that creep up (although the reverse can also be true, of course). Those small details sometimes make a big difference when you don't have the time to slowly learn the ins and outs of something through trial-and-error and you're always in a big hurry due to business necessity.
    Reply With Quote Quote  

  8. Senior Member ChooseLife's Avatar
    Join Date
    Feb 2011
    Location
    runlevel 3
    Posts
    926

    Certifications
    BCSc Network Security, VCP, MCSA:Sec, CCNA:Sec, GIAC GSEC, Sec+, ITIL-f
    #7
    Quote Originally Posted by docrice View Post
    I'm more interested in filling knowledge gaps than anything else...

    Those small details sometimes make a big difference when you don't have the time to slowly learn the ins and outs of something through trial-and-error and you're always in a big hurry due to business necessity.
    That I fully agree with. I am a big fan of getting new knowledge, be it by the means of RTFM'ing or taking courses. My comment was specifically targeting the paid examination.
    Reply With Quote Quote  

  9. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #8
    Certs like SnortCP certainly couldn't hurt, but it's probably not something infosec folks would recognize when interviewing candidates. It's almost akin to, "...there's a Wireshark certification?"

    That said, with all the hype(?) and growing demand for security professionals, it couldn't hurt either unless you're on a strict career development budget. There are plenty of people who put down "Snort" as part of work experience on their resume but are unable to articulate anything more than the superficial, perhaps myself included. Having SnortCP on a resume might raise some eyebrows as the years come and possibly provide distinction from other candidates.

    When I first started out in the world of IDS, understanding / installing / using Snort entailed a steep learning curve for me. My grasp of TCP/IP was more limited, much like how my limited knowledge of JavaScript hinders me as a potential web app pentester. Studying for certs like the CCNA, GCIA, etc. has definitely helped.

    Come to think of it, being able to understand JavaScript certainly helps as well in the IDS world since the analyst needs to determine what kind of actions were being performed by the browser during page rendering. But I digress...
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Jan 2012
    Location
    Dubai
    Posts
    115

    Certifications
    CISSP-ISSAP,ISSMP,ISSEP,CISA,CISM, CRISC,CGEIT , CEH, Security+, ISO27001 LA , SFCP, OSWP , SWSE , ITILv3-F.
    #9
    If you feel confidante go for SFCE exam as it covers both snort and Sourcefire 3D.

    The exam itself is not that hard if you have access to the system as well as have worked on it for 1-2 weeks.

    I've done SFCP and it was so-so , passed 2nd time as I passed out on 1st attempt ( started at 3 am as I couldn't sleep... fall asleep in the middle of the exam)..

    one thing about open book exams , for SFCP you are not being monitored whatsoever , you can let someone else take the exam if you just care about the paper. I was forced by my manager to "help him as well as my backup administrator" do the exam. both passed but I'm the only one managing the system.

    I wish at least they will do something like remote desktop as well as Cam recording of whoever doing the exam. at least It prevent the act of slavery I went through >.> (6 exams total....)
    Reply With Quote Quote  

  11. Random Member docrice's Avatar
    Join Date
    Apr 2010
    Location
    Bay Area, CA
    Posts
    1,687

    Certifications
    GSEC, GCFW, GCIA, GCIH, GWAPT, GAWN, GPEN, GCFE, GCFA, GMON, OSWP, SFCP, SnortCP, Sec+; expired: CCNA (R&S, Security, Wireless), WCNA
    #10
    Something I forgot to mention is that this is not a proctored exam. During my Sourcefire class, the instructor mentioned the exam is open book. I asked if it was "open Defense Center." It was one of those moments of non-confirmation, non-denials. While I respect Sourcefire as a company, this is one of the areas where I wish they'd clean up a bit.
    Reply With Quote Quote  

  12. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,598
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #11
    Just to point out, certification materials are often a great way to acquire new knowledge and skills, but you are by no means obligated to obtain the actual certifications from using them. Learning from the available Snort (and Wireshark) cert materials is a good thing to do regardless if you are undecided on getting the certs.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  13. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    3,837

    Certifications
    BS-CST CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #12
    Also, open book doesn't mean "easy". Often that means you have to get into the nitty gritty of whatever your being tested on. Also, in the real world you would be able to look up things if need be. As much as I would like to think that I have everything in my head, that isn't always the case. Why keep mundane IT information that could be looked up when I need room for useless movie quotes?
    WIP:
    MS in Legal Studies - Drexel University
    Mobile Forensics
    Kotlin
    Python
    Reply With Quote Quote  

  14. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,654

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #13
    Quote Originally Posted by the_Grinch View Post
    Also, open book doesn't mean "easy". Often that means you have to get into the nitty gritty of whatever your being tested on. Also, in the real world you would be able to look up things if need be. As much as I would like to think that I have everything in my head, that isn't always the case. Why keep mundane IT information that could be looked up when I need room for useless movie quotes?
    Exactly... psych.jpg

    Sorry, I just couldn't help it...
    Last edited by veritas_libertas; 04-24-2012 at 08:18 PM.
    Currently working on: Resting
    Reply With Quote Quote  

  15. Network Security tpatt100's Avatar
    Join Date
    Aug 2009
    Location
    Ypsilanti, MI
    Posts
    2,884

    Certifications
    CISA, CISSP, GIAC G2700, CEH, CHFI, Security+, CCENT, N+, A+
    #14
    Yeah if you slack off on studying open book just means your going to spend most of your test taking time looking up answers for some of the questions rather than having enough time to complete the entire exam.
    Reply With Quote Quote  

  16. Junior Member Registered Member
    Join Date
    Apr 2012
    Posts
    6
    #15
    Hey all - thanks for the replies.
    I have sat and passed the Snort exam on the first attempt. I have actually been on the Snort IDS/IPS & Rule Writing Course - it certainly made the exam "easier" as the course is very thorough.
    I'm not sure how I would've faired if I was self-taught.
    Now I'll be looking for a Security Analyst role - let's hope this was worth it
    Reply With Quote Quote  

  17. Senior Member reppgoa's Avatar
    Join Date
    Oct 2010
    Location
    DC Metro
    Posts
    146

    Certifications
    A+, Network+, Security+, ITILv3, GSEC
    #16
    Interesting that people discount open books tests....SANS exams are open book. I dont think it made it any easier.
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Jan 2012
    Location
    Dubai
    Posts
    115

    Certifications
    CISSP-ISSAP,ISSMP,ISSEP,CISA,CISM, CRISC,CGEIT , CEH, Security+, ISO27001 LA , SFCP, OSWP , SWSE , ITILv3-F.
    #17
    Quote Originally Posted by reppgoa View Post
    Interesting that people discount open books tests....SANS exams are open book. I dont think it made it any easier.
    its not about being easier , its more about some exams not being proctored, (SFCP is one) where you can just group up and do the exam for each person. (thats what happened to my team , my supervisor has the certificate but he know nothing about the system). at least if the exam requires a cam and actual ID it will have better value.

    This is not to degrade anyone who actually know the system and know how to handle it , I still check the manual for things from time to time. just wish they can solve these gray areas.
    Reply With Quote Quote  

  19. Paper cranes for everyone the_hutch's Avatar
    Join Date
    Dec 2011
    Location
    We all live in a yellow submarine...
    Posts
    804

    Certifications
    BSIT (CNSS 4011, 4012) / Sec+, Net+, CFOI, CEH, ECSA, CHFI, CNDA, CISSP, OSCP
    #18
    Quote Originally Posted by Falasi View Post
    its more about some exams not being proctored.
    This was more the reason I was getting at as well. Generally speaking, open-book means not proctored. Unproctored exams often do not get the notariety they deserve. The offensive security certifications are an excellent example. I think most of us would agree that they are much more difficult than CEH, but CEH is more valued by many employers, just because of the proctored environment it is administered in.
    Reply With Quote Quote  

  20. Junior Member Registered Member
    Join Date
    Jul 2014
    Posts
    4
    #19
    Do you have any suggested book to learn Snort that is really worth it to have? Or just hands-on experience?
    Reply With Quote Quote  

  21. Senior Member
    Join Date
    Dec 2015
    Location
    Quebec, Canada
    Posts
    274

    Certifications
    A+, Network+, Linux+, HP APS, VCP 3-4-5-6, VSP,VTSP, SSCP, Veeam VMCE
    #20
    Quote Originally Posted by JDMurray View Post
    Just to point out, certification materials are often a great way to acquire new knowledge and skills, but you are by no means obligated to obtain the actual certifications from using them. Learning from the available Snort (and Wireshark) cert materials is a good thing to do regardless if you are undecided on getting the certs.
    Sure those material are made first to learn the technology, I have read many of those book without taking the exam. Also, there are some certs that I will eventually do, not for my resume, but only for my personal interests, like the Wireshark certs. My jobs will probably never ask it, there is no recognition, I think you get it for bragging right and self-satisfaction.
    Reply With Quote Quote  

  22. Junior Member
    Join Date
    Jul 2017
    Posts
    22
    #21
    Quote Originally Posted by SteveLavoie View Post
    Sure those material are made first to learn the technology, I have read many of those book without taking the exam. Also, there are some certs that I will eventually do, not for my resume, but only for my personal interests, like the Wireshark certs. My jobs will probably never ask it, there is no recognition, I think you get it for bragging right and self-satisfaction.
    Very much agree. All my certifications are done with this strategy in mind. It broadens my skills set. I only display the key ones on my resume and share my knowledge of the "hidden certs" during interviews.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks