[&] Which example illustrates an alert in a security system?
- Matching logs with a specific event ID
- Detecting accounts added to an admin group
- Sending an email for an admin group change -- Correct
- Hunting for threats within system logs

[&] What is the primary purpose of a detection rule in detection engineering?
- To notify users about detected threats
- To specify what actions to take when suspicious activity is detected
- To define the logic or pattern to identify suspicious activity -- Correct
- To automate incident response processes

[&] What role does an alert play in the context of detection rules?
- It specifies what to do when suspicious activity is identified -- Correct
- It creates detection rules on its own
- It serves as a placeholder for future actions
- It defines suspicious activity

[&] In a SIEM platform, what component is typically associated with a detection rule?
- Automated system patching routines
- Notification methods and escalation paths
- Threat remediation tactics
- Query or pattern matched with a condition -- Correct

[&] Which of the following best describes the relationship between detection rules and alerts?
- Detection rules are executed after alerts
- Alerts are triggered by detection rules -- Correct
- Detection rules operationalize alerts
- Alerts and detection rules are unrelated