CompTIA CySA+ (CS0-003) — Question 461

A security analyst is looking for information that would serve as an indicator that a given IP address is Involved in other attacks. Which of the following sources of information should the analyst use to achieve this objective?

Answer options

• A. AbuseIPDB
• B. Autonomous System Number
• C. Whois
• D. Cuckoo Sandbox

Correct answer: A

Explanation

AbuseIPDB is a database specifically designed to report and track IP addresses involved in abusive behavior, making it the most relevant source for identifying previous attacks. The Autonomous System Number (B) provides information about network routing but does not contain abuse history. Whois (C) offers registration details about an IP address but lacks context on malicious activities. Cuckoo Sandbox (D) is a malware analysis system, not a source for tracking IP abuse.