Symantec’s exam 250-201, “Intrusion Detection and Response in the Enterprise” is one of two requirements for the Symantec Certified Technology Architect (SCTA) and Symantec Certified Security Engineer (SCSE) certifications. The other requirement is to hold one of the specified vendor neutral security certifications. It is one of three requirements for the Symantec Certified Security Practitioner (SCSP) certification, with the other two being passing another Symantec solutions exam and holing either a SANS GIAC (Global Information Assurance Certification) or (ISC)2 CISSP (Certified Information Systems Security Professional) certification.

It is designed for candidates whose responsibilities are focused on “vendor-neutral security knowledge of how to design, plan, deploy and manage effective security solutions.”

This exam, which also goes under the name “Intrusion Protection,” costs $150 USD and may be taken from Thomson Prometric.

This form-based multiple choice exam lasts 75 minutes.

The topics covered by this exam include:

• INTRODUCTION AND BASIC REVIEW OF SECURITY SOLUTIONS
• ROLE OF THE INCIDENT RESPONSE TEAM (IRT)
• INTRUSION DETECTION TECHNOLOGIES
• IDENTIFYING AND REACTING TO INTRUSION EVENTS
• MANAGING INTRUSION DETECTION SYSTEMS (IDS)
• INTRUSION DETECTION SYSTEM (IDS) DEPLOYMENT STRATEGIES
• PLANNING AND BUDGETING FOR INTRUSION DETECTION SYSTEMS (IDS)