The Certified Network Intrusion Analyst (CCNIA) examination tests candidates’ knowledge of analysing network traffic and log files for evidence of potential compromise and analysing the potential underlying causes and infection vectors.
The examination is a rigorous assessment of the candidate’s ability to assess a given network for indications of malicious activity including remote control and data ex-filtration.
The exam includes:
- Data Sources
- Statistical Analysis
- Beaconing Systems
- Encrypted Communications
- Network Traffic Analysis
- Networking Protocols
- Covert Channel Identification
- Log Analysis
The format is the same as for all other CREST certifications. The candidate will be expected to possess not only the technical ability to find security weaknesses and vulnerabilities, but also the skills to ensure findings are presented in a clear, concise and understandable manner. The examination consists of three tasks:
- A multiple choice technical examination
- A long form essay style written paper, testing both technical ability and presentation ability
- A hands-on practical examination
To pass the exam, the candidate must pass all three sections.
You can download the following documents from the links below:
For costs and availability please refer to individual country booking. The examination is currently delivered at CREST examination centres.
Recommended Preparation Material
The CREST Assessors panel regularly identifies common themes and consolidates common questions and answers from candidates and from the industry in relation to the CREST certification examinations. Candidates are advised to familiarise themselves with these, although they are free to disregard them if they wish.
CREST recommends that candidates familiarise themselves with the content in our FAQS which has been created specifically for those attempting a practical examination.
The following material and media have been cited as helpful preparation for this examination by previous candidates:
Practical Malware Analysis
Network Fundamentals: CCNA Exploration Companion Guide
Certified Information Systems Security Professional (CISSP)
Useful Information for Candidates
Details of the Logistics and Timings of CREST examinations can be found in the Examination Preparation pages for your country of choice
CREST’s Policy for Candidates requiring special arrangements including additional time to accommodate a medical condition (including examinations delivered via Pearson Vue.
Terms and Conditions for CREST Examinations (includes hard disk drive wiping policy)