[Reference:, https://docs.microsoft.com/en-us/sql/relational-databases/security/row-level-security?view=sql-server-ver15, , , , , , , Basic Concept: This question tests secure database administration, where the control must match the data state, access boundary, identity model, or compliance requirement., Why D is Correct: Row-Level Security filters rows returned by queries based on a predicate function, allowing different users or tenants to see different subsets of the same tables. This fits the case because the requested outcome is: Which feature should you use to provide customers with the required level of access based on their service agreement? The selected feature addresses that outcome directly rather than relying on a workaround., Why A is Wrong: Dynamic Data Masking obscures sensitive values in query results for non-privileged users, but it does not restrict which rows are returned. Masking can hide column values, but it cannot enforce different row visibility by customer tier or service agreement., Why B is Wrong: Conditional Access in Azure is a security-related control, but its value depends on whether the requirement is identity, encryption, auditing, network isolation, or data exposure reduction. It does not satisfy the required identity, encryption, firewall, auditing, or data-exposure boundary described in the scenario: Which feature should you use to provide customers with the required level of access based on their service agreement?, Why C is Wrong: service principals is a security-related control, but its value depends on whether the requirement is identity, encryption, auditing, network isolation, or data exposure reduction. It protects or manages a different security layer, so the required database access or protection behavior would still be incomplete., ]
