Question 1 - CompTIA (CYSA+) Analyst+ CS0-003 Real Exam Questions [Jan 2026 Update]

Q: 1

A cybersecurity analyst is tasked with scanning a web application to understand where the scan will go and whether there are URIs that should be denied access prior to more in-depth scanning. Which of following best fits the type of scanning activity requested?

Options

Correct Answer:

Explanation

A discovery scan is a type of reconnaissance activity performed to map the structure and components of a target system or application. Its primary goal is to identify assets, enumerate directories, and understand the overall layout—precisely what the analyst is tasked with. This initial mapping allows the analyst to define the scope for a more focused vulnerability scan and to explicitly exclude sensitive URIs or directories from further, potentially disruptive, testing. This activity is a prerequisite to in-depth scanning, not the in-depth scan itself.

Why Incorrect

A. Uncredentialed scan: This describes the authentication context (scanning without login credentials), not the specific objective of mapping the application's structure.

C. Vulnerability scan: This is a more intensive scan that actively probes for known weaknesses, which the scenario states will occur after this initial mapping phase.

D. Credentialed scan: This describes scanning with authenticated user privileges to assess the internal attack surface, which is not the stated goal of the initial reconnaissance.

References

1. National Institute of Standards and Technology (NIST). (2008). Technical Guide to Information Security Testing and Assessment (Special Publication 800-115).

Section 3.2

"Discovery

" describes this phase as the start of testing

used to "identify systems and the information on them" and to "develop a map of the network." This directly supports the concept of scanning to understand where the scan will go.

2. CompTIA. (2022). CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives CS0-003.

Exam Objective 2.1

"Explain the importance of vulnerability management

" lists "Discovery" as a specific type of scan. This confirms its relevance and distinction from other scan types within the official exam curriculum.

3. Kruegel

& Vigna

G. (2003). Anomalous Payload-Based Network Intrusion Detection. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID '02).

The paper

in its discussion of web application analysis

implicitly supports the concept of a discovery/crawling phase. Section 3

"Web Application Analysis

" describes the initial step as crawling the web application to "build a model of the application

" which is synonymous with a discovery scan's purpose of mapping URIs before deeper analysis. (Available via Springer or university libraries).

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE