[&] Which database function is used in MSSQL Server for an HTTP-based Out-of-Band SQL Injection?
- LOAD DATA
- COPY TO
- UTL_HTTP
- xp_cmdshell -- Correct

[&] Which of the following is a requirement for conducting a DNS-based Out-of-Band SQL Injection?
- The application must use the latest version of the database management system
- The ability of the database to send outbound DNS requests -- Correct
- The ability of the server to generate HTML reports
- Full access to modify the database configuration

[&] What type of payload would be used in a MySQL DNS-based Out-of-Band SQL Injection?
- xp_cmdshell
- LOAD_FILE -- Correct
- sys_eval
- UTL_HTTP

[&] When is Out-of-Band SQL Injection particularly useful?
- When the application shows detailed SQL errors
- When the application directly displays database errors to the user
- When the attacker needs to manipulate the structure of the database schema
- When other forms of SQL injection are ineffective due to lack of observable data -- Correct

[&] What is the unique characteristic of Out-of-Band SQL Injection compared to other SQL injection types?
- It directly shows error messages in the application
- It requires access to database logs for confirmation
- It needs time-based delays to work effectively
- It relies on external communication channels to confirm vulnerabilities -- Correct

[&] Why are DNS-based Out-of-Band attacks generally harder to detect?
- They use uncommon network ports for communication
- DNS callbacks are lightweight and often pass through firewalls unnoticed -- Correct
- They use encrypted connections
- They alter the database schema minimally