250-513 Symantec DLP passed

Tough one. I managed to fail it on my first attempt scoring 51% with passing bar set on 72%. Attempting exam costs $225 and retake costs 50% of this sum.

There are lots of preparation weeklong boot camps across the US (costs around $4000) and some virtual class bootcamps, but since I'm a consultant on a contract nobody reimburses me, so I usually take self-preparation approach. Thankfully, Symantec has a lot of great free videos on their eLibrary (enrolling to their educational web portal is a bit of a challenge) and a pretty good documentation.

So I watched the videos (~50 lessons from 10 to 60 minutes long each) and thought that my security experience, previous experience with other DLP products and Symantec DLP deployment experience (currently I'm in a policies fine tuning phase) in large enterprise will lead me to a pass. Nope.

Exam is heavily detail oriented, in-depth technical and sometimes "gotcha" style relying on tips and tricks that aren't even covered in videos. So on my second attempt I had to read through documentation (several pdf documents, the main one "admin guide" is 1500 pages long) and pay attention to tips, various "gotcha" exclusions and limitations.

Today I passed with 85% however I wasn't sure if I'm passing, I thought I'm not going to pass. What a relief!

Hard to tell what ROI will I have for this exam, but this product seems to be pretty popular among large businesses, hopefully there's some demand. I invested a lot of my time into this, I'd say much more than I expected from a pretty rare and not very popular vendor exam.

Also, exam is for 12.5 version. While they released DLP version 14.0 and just recently released videos for 14.0, there's no exam yet for 14.0, but there's not much difference between 12.5 and 14.0. They may release a new version of the exam soon.

Find more posts tagged with

Comments

DAVIS NGUYEN

Congrats!

dustervoice

Congrats. Well done.

thatguy67

Congrats! I am going to be taking this exam soon. Hopefully I will have similar luck.

UnixGuy

Well done! I work with RSA DLP and there is no exam for that, but I don't have enough experience with it anyway.

dig1tal

UnixGuy wrote: »

Well done! I work with RSA DLP and there is no exam for that, but I don't have enough experience with it anyway.

They have announced EOL for RSA DLP so I'm not sure how much time I would invest in it.

Congrats on passing the exam.
I passed the Symantec DLP v11.5 exam a few years back and I agree with the OP that there are some obscure, technical questions that show up in the exam. Some questions were not in the Admin guide and were probably from Symantec/Vontu KB or based off extensive experience with the product. Looking forward to taking the v14 exam when it gets released.

gespenstern

dig1tal wrote: »

They have announced EOL for RSA DLP so I'm not sure how much time I would invest in it.

Where did you get this from? Several searches I've made didn't show anything like that. RSA DLP version 9.6. seems to be alive and well.

dig1tal

gespenstern wrote: »

Where did you get this from? Several searches I've made didn't show anything like that. RSA DLP version 9.6. seems to be alive and well.

I believe they started notifying RSA DLP customers some time last year.

From Gartner's latest report on the DLP Magic Quadrant (Published: 28 January 2016)

"EMC's RSA Data Loss Prevention Suite has been a mainstay product in the DLP market since the
acquisition of Tablus by RSA in 2007. In the beginning of 2015, EMC began notifying customers that
it considered its DLP 9.6 release to be "feature complete," and would not be continuing
development with any new or updated product releases. This covers the entire RSA DLP suite of
products — DLP Datacenter, DLP Network and DLP Endpoint. EMC has discontinued forward
investment in DLP, and those resources have been reallocated to products such as RSA Security
Analytics, which EMC believes better addresses organizations' ability to detect and respond to data"
breaches."

gespenstern

products — DLP Datacenter, DLP Network and DLP Endpoint. EMC has discontinued forward
investment in DLP, and those resources have been reallocated to products such as RSA Security
Analytics, which EMC believes better addresses organizations' ability to detect and respond to data"

Yep, so they are killing the product.

Can't exactly blame them as it is a rare case when a customer is satisfied with how their DLP works... Symantec also doesn't seem to invest lots into this since their Vontu acquisition. For example, their "Network Monitor" product (which is almost useless anyways and is becoming more and more so as more and more protocols get encrypted) still tries to catch Napster traffic (it's 2016 out there) and their installation documentation requires Microsoft SFU (Services for Unix) which was deprecated starting from Windows Server 2003 R2, etc.

Looks like in 2007 people thought that DLP is the next big thing and it turned out to be a flop.

UnixGuy

yeah I know RSA are killing the product so 9.6 is the last version..HOWEVER, there are speculations that other vendors might be interested in buying it.

It doesn't matter for us , professionals, having experience with one DLP product should give you enough exposure to deal with the same product from different vendors. DLP is an easy product to work with anyway

thatguy67

Just passed this exam. It was a nightmare!

gespenstern

Was it still for 12.5 or they rolled out DLP 14.0 exam at last? Preparation materials for 14.0 are there for almost a year already.