A cybersecurity analyst is tasked with scanning a web application to understand where the scan will go and whether there are URLs that should be denied access prior to more in-depth scanning. Which of the following best fits the type of scanning activity requested?

Rationale

Discovery scan

A discovery scan is primarily used to map out the structure of a web application and identify all accessible URLs without delving into detailed vulnerability assessment. It helps in understanding the application's layout, potential entry points, and areas that may require further investigation.

A (Non-credentialed scan) YOUR ANSWER

Non-credentialed scans do not involve providing any login credentials for the web application. They typically focus on external security checks and do not delve into detailed assessments that require authenticated access to the system.

B (Discovery scan) CORRECT

Discovery scans are specifically designed to map out the web application's structure and identify accessible URLs and endpoints. These scans help in determining the scope of the application and areas that need further scrutiny, making them a suitable choice for the given scenario.

C (Vulnerability scan) YOUR ANSWER

Vulnerability scans are more focused on identifying security weaknesses and potential vulnerabilities within the application. While important for security assessments, vulnerability scans are more in-depth and specific compared to the broader scope of a discovery scan.

D (Credentialed scan) YOUR ANSWER

Credentialed scans involve providing login credentials for the web application, allowing the scanner to access deeper levels of the system for a more comprehensive security assessment. This type of scan is useful for evaluating internal security controls and configurations.

Conclusion

In this scenario, where the cybersecurity analyst needs to understand the application's layout and identify URLs that may need further scrutiny without performing detailed vulnerability assessments, a discovery scan is the most appropriate type of scanning activity. It provides a high-level overview of the application's structure and helps in determining the initial scope of the security assessment process.

A cybersecurity analyst is tasked with scanning a web application to understand where the scan will go and whether there are URLs that should be denied access prior to more in-depth scanning. Which of the following best fits the type of scanning activity requested?

Discovery scan

Related Questions

Related Quizzes

How familiar were you with this question?

Report an Issue

Rate this Practice Test