SQL Injection (Advance)

Challenge 1:
Scenario: 
You've confirmed the site is vulnerable. You suspect the web application firewall (WAF) is blocking some SQLmap requests. You want to try different tamper scripts to bypass the WAF. You use sqlmap -u "example.com/vuln.php?id=1" --dbs --tamper "apostrophemask.py,base64encode.py".
Question: 
What SQLmap option is used to specify tamper scripts?
 

Challenge 2:
Scenario: 
You suspect the WAF is particularly sensitive to certain payloads. You want to use a custom HTTP header to try and bypass it. You use sqlmap -u "example.com/vuln.php?id=1" --dbs --headers "X-Custom-Header: BypassWAF".
Question: 
What SQLmap option allows you to add or modify HTTP request headers?
 

Challenge 3:
Scenario: 
You want to run SQLmap in a multithreaded fashion to speed up the process, but you want to avoid overwhelming the server with too many requests at once. You set the threads to 5. You run sqlmap -u "example.com/vuln.php?id=1" --dbs --threads 5.
Question: 
What SQLmap option controls the number of threads used?
 

Challenge 4:
Scenario: 
You want to directly execute operating system commands on the vulnerable server if possible. You run sqlmap -u "example.com/vuln.php?id=1" --os-shell. SQLmap confirms it can get an OS shell.
Question: 
What SQLmap option attempts to gain an interactive operating system shell?
 

Challenge 5:
Scenario: 
You know the target application uses a specific authentication cookie. You want to include this cookie in all SQLmap requests. You use sqlmap -u "example.com/vuln.php?id=1" --cookie "auth_cookie=your_auth_token" --dbs.
Question: 
What SQLmap option sets the HTTP cookie header?

Challenge 6:
Scenario: 
You want to store all of SQLmap's output and requests/responses in a log file for later analysis. You specify a log file path. You can run sqlmap -u "example.com/vuln.php?id=1" --dbs --log-file "/path/to/sqlmap.log".
Question: 
What SQLmap option is used to specify a file to log activity?