Check Point Certified Security Expert (CCSE) R81 — Question 153

When running a query on your logs, to find records for user Toni with machine IP of 10.0.4.210 but exclude her tablet IP of 10.0.4.76, which of the following query syntax would you use?

Answer options

• A. To** AND 10.0.4.210 NOT 10.0.4.76
• B. Toni? AND 10.0.4.210 NOT 10.0.4.76
• C. "Toni" AND 10.0.4.210 NOT 10.0.4.76
• D. Ton* AND 10.0.4.210 NOT 10.0.4.75

Correct answer: C

Explanation

The correct answer is C because it uses quotes around 'Toni', ensuring the exact match is sought in the logs. Options A and B do not correctly format the name, while D uses an incorrect IP address for exclusion, which does not match the requirement.