Bird
0
0

In a threat hunting tool, what is the expected output of this query?

medium📝 Analysis Q5 of 15
Cybersecurity - Advanced Threat Protection
In a threat hunting tool, what is the expected output of this query?
search event where process_name = 'cmd.exe' and command_line contains 'net user'
AAll network traffic logs
BSystem reboot events
CList of command prompt executions involving user account commands
DFailed login attempts
Step-by-Step Solution
Solution:

  1. Step 1: Analyze query filters

    The query looks for events where the process is 'cmd.exe' and the command line includes 'net user'.

  2. Step 2: Understand what 'net user' commands do

    'net user' is used to manage user accounts, so the output lists such command prompt executions.

  3. Final Answer:

    List of command prompt executions involving user account commands -> Option C

  4. Quick Check:

    Query filters = cmd.exe running net user commands [OK]
Quick Trick: Filter commands by process and command line content [OK]
Common Mistakes:
MISTAKES
  • Confusing process name with network traffic
  • Assuming query returns unrelated events
  • Ignoring the 'contains' keyword meaning

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Cybersecurity Quizzes
Compliance and Governance - PCI DSS for payment data - Quiz 15hard Compliance and Governance - SOC 2 compliance - Quiz 13medium Compliance and Governance - HIPAA for healthcare data - Quiz 11easy Digital Forensics - Network forensics - Quiz 7medium Digital Forensics - Disk imaging and analysis - Quiz 2easy Digital Forensics - Chain of custody - Quiz 10hard Emerging Security Topics - IoT security challenges - Quiz 15hard Emerging Security Topics - Bug bounty programs - Quiz 6medium Incident Response - Communication during incidents - Quiz 13medium Security Architecture and Design - Security design patterns - Quiz 5medium