2023 IT Examiner School

Internal Use Only

Anti-Virus / Anti-Malware

Traditional Anti-Virus (AV) • Signature updates • Updates must be monitored Heuristic / Behavior Based

Real Time Monitoring vs. AV Scanning

AV in Email & Next Gen Firewalls

Internal Use Only

Intrusion Detection / Intrusion Prevention IDS = detect & alert IPS = detect, perform action, alert

Systems & processes for monitoring or oversight of intrusion prevention devices

There must be an effective process to monitor, prioritize & respond to notifications