CREST Practitioner Security Analyst (CPSA) Practice 2025 - Free CPSA Practice Questions and Study Guide.

The choice of using EXEC master..xp_cmdshell 'net user' is the correct option for executing an operating system command in Microsoft SQL Server. The xp_cmdshell stored procedure allows you to run command-line commands directly from SQL Server. By enabling this feature, you can issue commands as if you were at the command prompt, which is especially useful for administrative tasks and scripts that need to interact with the operating system.

The other options provided do not relate to executing operating system commands. SELECT version() is typically used in MySQL to retrieve the version of the database server, not in MS-SQL. SHOW TABLES is also a command used in MySQL to list all tables in a database, which again means it’s not applicable here. Lastly, SELECT * FROM v$instance is specific to Oracle databases, providing information about the running instance but does not execute OS commands. By understanding these distinctions, it's clear why the choice involving xp_cmdshell is uniquely suited for this task in MS-SQL.