CompTIA CySA+ (CS0-003) — Question 473

A security analyst is trying to identify anomalies on the network routing. Which of the following functions can the analyst use on a shell script to achieve the objective most accurately?

Answer options

• A. function x() { info=$(geoiplookup $1) && echo "$1 | $info" }
• B. function x() { info=$(ping -c 1 $1 | awk -F "/" ’END{print $5}’) && echo "$1 | $info" }
• C. function x() { info=$(dig $(dig -x $1 | grep PTR | tail -n 1 | awk -F ".in-addr" ’{print $1} ').origin.asn.cymru.com TXT +short) && echo "$1 | $info" }
• D. function x() { info=$(traceroute -m 40 $1 | awk ‘END{print $1}’) && echo "$1 | $info" }

Correct answer: C

Explanation

Option C is correct because it utilizes the 'dig' command to reverse lookup the IP address and obtain ASN information, which is crucial for analyzing network routing anomalies. Option A only provides geographic information, which is not sufficient for routing analysis. Option B performs a ping test, which does not give detailed routing insights. Option D uses 'traceroute', but it only captures the first hop instead of providing comprehensive routing data.