The correct option is Ask Copilot to create unit tests that attempt SQL injection using inputs like '; DROP TABLE customers_v2;--' and to rewrite the function using parameterized statements.

This request exercises the code with malicious payloads so you can see whether an injection attempt can modify or drop data, and it also directs Copilot to produce a safer implementation that uses bound parameters rather than string concatenation. Parameterized statements separate user input from executable SQL so the database treats input as data and not as code. Adding adversarial tests alongside normal cases lets you confirm that the new implementation blocks injections while preserving expected behavior for valid names.

Cloud SQL is only the managed database service and it is not a prompt for Copilot to create tests or to change code. Choosing this does not produce adversarial tests or parameterized statements, so it does not address the injection risk.

Ask Copilot to generate tests for typical names such as Alice and Omar while skipping adversarial or malicious inputs verifies only happy paths and misses exploit attempts. Without attack cases you cannot validate that the function resists injection.

Ask Copilot to write tests that only validate syntactically correct SQL and assume the framework sanitizes any invalid data relies on unsafe assumptions and avoids threat modeling. Many injection payloads result in syntactically valid SQL, so such tests would pass while the vulnerability remains. You need explicit attack tests and code that uses parameterized queries.

Full AWS Practitioner Certification Question