Azure SQL Database Advanced Threat Protection

B

Advanced Threat Protection can detect potential SQL injections: This alert is triggered when an active exploit happens against an identified application vulnerability to SQL injection. This means the attacker is trying to inject malicious SQL statements using the vulnerable application code or stored procedures.

Out of the given options, the action that will be detected as a threat by Advanced Threat Protection for SQL1 would be option B, where a user attempts to sign in as SELECT * FROM table1.

Advanced Threat Protection for Azure SQL Database is a security solution that uses a combination of machine learning and human analysis to detect potential vulnerabilities and threats to the database. It monitors the database for suspicious activities and provides alerts when it detects a potential threat.

Option A, where a user updates more than 50 percent of the records in a table, might not be considered a threat if the user has the necessary permissions to do so. Similarly, option C, where a user is added to the db_owner database role, may not be considered a threat if the user has been granted the appropriate permissions.

Option D, where a user deletes more than 100 records from the same table, might be considered a threat, but it depends on the context of the deletion. If the user has the necessary permissions to delete the records and there is a valid reason for the deletion, then it might not be considered a threat.

On the other hand, option B is a clear indication of a potential threat because it suggests that the user is attempting to gain unauthorized access to the database by using a SQL injection attack. The SELECT * FROM table1 statement is a commonly used SQL injection attack that tries to retrieve all the data from a table without proper authentication.

Therefore, Advanced Threat Protection for SQL1 will detect option B as a threat and raise an alert.