Bird
0
0

Identify the error in this threat hunting query:

medium📝 Analysis Q6 of 15
Cybersecurity - Advanced Threat Protection
Identify the error in this threat hunting query:
search event where source_ip == 10.0.0.1 and action = 'login'
ADouble equals (==) is invalid in this syntax
BIP address should be in quotes
CMissing semicolon at end
DAction field cannot be filtered
Step-by-Step Solution
Solution:

  1. Step 1: Check syntax for IP address filtering

    IP addresses in queries usually require quotes to be treated as strings.

  2. Step 2: Verify other syntax elements

    Double equals and single equals are often interchangeable; semicolons are not required; action filtering is valid.

  3. Final Answer:

    IP address should be in quotes -> Option B

  4. Quick Check:

    IP strings need quotes in queries [OK]
Quick Trick: Always quote IP addresses in queries [OK]
Common Mistakes:
MISTAKES
  • Using unquoted IP addresses
  • Thinking semicolons are mandatory
  • Assuming 'action' field is invalid

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Cybersecurity Quizzes
Compliance and Governance - PCI DSS for payment data - Quiz 15hard Compliance and Governance - SOC 2 compliance - Quiz 13medium Compliance and Governance - HIPAA for healthcare data - Quiz 11easy Digital Forensics - Network forensics - Quiz 7medium Digital Forensics - Disk imaging and analysis - Quiz 2easy Digital Forensics - Chain of custody - Quiz 10hard Emerging Security Topics - IoT security challenges - Quiz 15hard Emerging Security Topics - Bug bounty programs - Quiz 6medium Incident Response - Communication during incidents - Quiz 13medium Security Architecture and Design - Security design patterns - Quiz 5medium