Logic Grid Puzzles

Carmen

Scenario: Three team members
responded to three different threats using different tools.

Team members: Alice, Ben, Carmen
Threats: Phishing, Ransomware, Insider Threat
Tools: SIEM, EDR, Email Filter

Clues:

1. The person who handled the ransomware used EDR.

2. Alice didn't use Email Filter.

3. Carmen handled the Insider Threat.

Question: Who used SIEM?

Eli

Three users logged in from different devices and locations.

Users: Dana, Eli, Fiona
Devices: Laptop, Tablet, Desktop
Locations: Office, Home, Coffee Shop

Clues:

1. Dana used a tablet but not at the coffee shop.

2. The desktop user was in the office.

3. Fiona was at the coffee shop.

Question: Who used the desktop?

Isaac

Three analysts reported on three threats using different tools.

Analysts: Greg, Hannah, Isaac
Threats: DDoS, Malware, Data Leak
Tools: Wireshark, Snort, Burp Suite

Clues:

1. The malware analyst used Wireshark.

2. Hannah didn't use Snort.

3. Isaac handled the DDoS attack.

Question: Who used Snort?

Jack

Scenario:
Three users investigated different types of attacks using different tools.

Users: Jack, Kelly, Leo
Threats: SQL Injection, Cross-Site Scripting (XSS), Brute Force
Tools: Burp Suite, OWASP ZAP, Fail2Ban

Clues:

1. Jack did not use Fail2Ban.

2. The XSS attack was investigated using Burp Suite.

3. Leo handled the SQL Injection attack.

Question: Who handled the Brute Force attack?

Switch

Scenario:
Three users were assigned to configure different network devices.

Users: Mia, Nick, Olivia
Devices: Router, Firewall, Switch

Clues:

1. Nick was not assigned the router.

2. Mia was assigned the firewall.

3. Olivia was not assigned the switch.

Question: What device did Nick configure?

Quinn

Scenario:
Three analysts each investigated a different malware type using a different tool.

Analysts: Paula, Quinn, Raj
Malware Types: Trojan, Worm, Spyware
Tools: EDR, Antivirus (AV), Manual Analysis

Clues:

1. The Trojan was investigated using AV.

2. Raj did not analyze the Trojan.

3. Paula used Manual Analysis.

Question: Who investigated the Trojan?

Normal

Scenario:
Three IP addresses were involved in three types of network events.

IP Addresses: 192.168.1.1, 10.0.0.5, 172.16.0.3
Events: Breach, Scan, Normal

Clues:

1. The scanning activity was detected from 10.0.0.5

2. The breach was from 172.16.0.3

Question: What type of activity came from 192.168.1.1?

Splunk

Scenario:
Three log types are being monitored using different tools.

Log Types: System, Network, Application
Tools: Splunk, ELK Stack, Syslog

Clues:

1. Network logs were not monitored with Splunk

2. Application logs were monitored with ELK

Question: What tool monitors System logs?

Sam

Scenario:
Three analysts were assigned to alerts with different severity levels.

Analysts: Sam, Tanya, Umar
Levels: High, Medium, Low

Clues:

1. Tanya had the Medium severity alert

2. Umar didn't handle the High alert

Question: Who handled the High severity alert?

Evening

Scenario:
Three tasks were scheduled at different times of day.

Tasks: Patch, Monitor, Report
Times: Morning, Afternoon, Evening

Clues:

1. Patch was scheduled in the Morning

2. Report was not scheduled for the Evening

Question: When was Monitor scheduled?

Process of elimination

What logical skill are you using when you cross off options that are ruled out by clues?

Mutually Exclusive

What quality of a logic grid puzzle means each item fits into only one category (e.g., one person can’t have two tools)

Cross-referencing clues

What’s the strategy where you combine multiple clues to draw a new conclusion?

Contrapositive reasoning

If “not B” means “not A,” what kind of logic is that?

Syllogism

What kind of logic is “If A = B and B = C, then A = C”?

• This is basic deductive reasoning