The correct answer is C. SQL injection. According to CompTIA DataSys+ objectives, web-based input mechanisms such as contact forms and online surveys represent a significant attack surface for databases if they are not properly secured. These forms commonly accept user-supplied input that is later processed by backend database queries. If input validation and parameterized queries are not correctly implemented, attackers can exploit this by injecting malicious SQL code into form fields.
SQL injection attacks allow an attacker to manipulate database queries executed by the application. This can result in unauthorized access to sensitive data, data modification, data deletion, or even full database compromise. In a healthcare environment, this risk is especially critical because patient data is highly sensitive and often protected by regulatory requirements. DataSys+ highlights SQL injection as one of the most common and dangerous database-focused attacks due to its direct impact on data confidentiality, integrity, and availability.
Option A, Denial of Service (DoS), primarily affects system availability by overwhelming resources, but it does not directly target data stored within the database. Option B, ransomware, typically requires malware execution on servers or endpoints and is not specifically tied to web form input mechanisms. Option D, brute-force attacks, focus on repeatedly guessing authentication credentials and are more closely associated with login systems rather than data entry forms or surveys.
CompTIA DataSys+ materials emphasize that databases connected to web applications must use strong input validation, stored procedures, prepared statements, and least-privilege database accounts to mitigate SQL injection risks. Because contact forms and surveys directly interact with database queries and rely on untrusted user input, SQL injection represents the most direct and realistic threat in this scenario.
Therefore, SQL injection is the attack type to which the company’s data is most vulnerable, making option C the verified and correct answer.
Submit