Correct Answer: C
Reason:-
Here there is a lot of critical data and personal information involved. Dynamic data masking is the best solution for this. Consider the case of credit card numbers; using DDM, we can actually hide the numbers in that particular column. For example, if the credit card number is 1234 5678 then the displayed value will be like XXXX XX78. Similarly, we can use masking for other data in other columns where PII is present. The maintenance team with limited permissions will only see the covered data and thus, the data is safe from exploitation.
Option A incorrect: Transparent data encryption is a method used by Azure in its relational database services for encrypting data at rest. This will not be the best solution here.
Option B is incorrect: Azure defender is mainly used to mitigate potential DB vulnerabilities and detect anomalous activities.
Option C is correct: DDM can hide the data columns as required.
Option D is incorrect: Assigning Azure security manager role will grant them access to security features configuration, including the ability to enable or disable DDM. This is exactly the opposite of what is required here.