Which statement describes an injection attack?

Injection attacks happen when untrusted input is treated as code or commands by an interpreter, causing the system to execute unintended actions. The statement describes an attacker providing input that is interpreted as commands by a vulnerable interpreter, leading to command execution on the target. This captures the essence of an injection attack, such as injecting commands into a shell or into a database query, depending on where the input is executed. By comparison, brute-forcing passwords is about guessing credentials, querying a database with valid queries is regular data access, and denying service by consuming resources is a DoS attack. Defense focuses on validating or escaping input, using parameterized queries or safe APIs, and applying least-privilege execution to prevent unintended command execution.