Referring to the play that is shown here, which three statements are correct? (Choose three.)

Based on the information presented in the image, the three correct statements are:

1. The objective of this play is to discover and report botnet-infected hosts. The Objective section clearly states this as the goal of the play.
2. This play is a high-fidelity report/event. In the Analysis section, it’s mentioned that the generated report is high fidelity, implying that the events reported are expected to have a high level of accuracy and a low false positive rate.
3. The data source is from the IDS. The Working section starts with a data query that includes index="ids" which suggests that the data is being pulled from an Intrusion Detection System (IDS).

The statement about the data query used to produce the report result is run against the IDS event store is supported by the same evidence that identifies the IDS as the data source.

The statement regarding the Working section is not correct. The Working section actually provides the specific data query used to generate the report, not how to act on the result of the data query. How to act on the data query would be more closely related to the sections titled “Action” and “Analysis.”