[&] What is the primary purpose of using OWASP ZAP for web applications?
- To develop new web applications
- To perform web app vulnerability scans
- To manage database systems
- To manage server configurations

[&] Before starting a scan in OWASP ZAP, what information is necessary to identify in your lab setup?
- The subnet mask address
- The target IP address
- The version of OWASP ZAP being used
- The MAC address of the target system

[&] Why is it important to configure the correct authentication during a ZAP active scan?
- To access and test sections of the web app requiring login
- To extract all configuration files from the server
- To scan without impacting the server performance
- To avoid detection by security systems

[&] Why is it important to perform an authenticated scan in a web application?
- It avoids scanning unnecessary files
- It reduces the overall scan time
- It helps identify vulnerabilities that require user credentials to access
- It hides the scanning process from attackers

[&] What is the initial step to take when running OWASP ZAP in a Kali Linux environment?
- Update ZAP to the latest version
- Identify the IP address of the Kali Linux system
- Check internet connection settings
- Start the OWASP ZAP application

[&] Which function in OWASP ZAP allows you to perform structured directory and file enumeration?
- Passive Scan
- Forced Browse
- Proxy Config
- Active Scan