Q: 1
A cybersecurity analyst is tasked with scanning a web application to understand where the scan will
go and whether there are URIs that should be denied access prior to more in-depth scanning. Which
of following best fits the type of scanning activity requested?
Options
Discussion
Option B
C/D? But B actually makes more sense because it's all about figuring out the app structure first, not finding vulns yet. Just initial discovery so you know what to scan in detail later. Pretty sure that's what they're asking.
Pretty sure it's B since they're just trying to map out the URIs before doing anything in-depth. Discovery scans are for that initial enumeration step, not actual vuln analysis. Saw a similar question on a practice test and B was the match. Anyone see it worded differently?
B tbh, discovery scan is all about mapping out URIs and structure before you get into vulnerabilities. The question's highlighting that prep work, not the actual vuln checks. Seen similar phrasing in practice-think it's the safest pick unless I'm missing some trick in wording.
Not sure why so many pick C, isn't B (discovery scan) just about mapping out URIs before looking for vulns?
Guessing C
B tbh. The official study guide explains discovery scans as mapping endpoints before deeper assessment. Good to double check practice labs too.
Probably B here. The question just wants to map out where the scan will go and see which URIs need to be blocked, that's typical for a discovery scan. Not actually looking for vulns yet. Pretty sure that's what they're asking but open to other takes.
Hard to say, B here. Since the analyst just wants to map out where the scan will go and see which URIs need blocking, that's classic discovery scan behavior. If it was about finding vulnerabilities right away, I'd lean C, so let me know if you disagree.
Why is everyone picking C? Isn't the question just about mapping URIs, not actually scanning for vulns yet?
Be respectful. No spam.
