CompTIA CySA+ CS0-003 Practice Question
Your organization has a web application that processes sensitive customer data. As part of a routine vulnerability assessment, you decide to use ZAP to scan the application. What type of scan should you perform first to ensure you have a comprehensive understanding of the application's security posture without requiring authentication credentials?
Initiate an AJAX Spider scan specifically focused on the JavaScript elements of the application.
Conduct an Active scan immediately to identify vulnerabilities in real-time interactions.
Perform a Spider scan to map out the publicly accessible areas of the application.
Utilize a Forced Browse scan to uncover resources that were not found during the normal crawling process.