CompTIA CySA+ CS0-003 Practice Question
Your organization has a web application that processes sensitive customer data. As part of a routine vulnerability assessment, you decide to use ZAP to scan the application. What type of scan should you perform first to ensure you have a comprehensive understanding of the application's security posture without requiring authentication credentials?
Initiate an AJAX Spider scan specifically focused on the JavaScript elements of the application.
Utilize a Forced Browse scan to uncover resources that were not found during the normal crawling process.
Conduct an Active scan immediately to identify vulnerabilities in real-time interactions.
Perform a Spider scan to map out the publicly accessible areas of the application.