The correct answer is "Column-level security".

I think the answer should be D, since you can infer data that is masked using brute-force techniques. The question states that the solution must prevent the salespeople from viewing or INFERRING the credit card information. "It is appropriate for preventing accidental sensitive data exposure, but will not protect against malicious intent to infer the underlying data." https://docs.microsoft.com/nl-nl/sql/relational-databases/security/dynamic-data-masking?view=sql-server-ver15

Answer is data masking. Please re-read column level security here : https://docs.microsoft.com/en-us/azure/synapse-analytics/sql-data-warehouse/column-level-security Column level security is when you need to restrict user access to certain columns. Not where you need to give them access to all data BUT want to stop them from viewing/inferring certain information as is the case in this question (credit card info must not be visible or be inferred i.e. data masking)

Answer C Column-level security simplifies the design and coding of security in your application, allowing you to restrict column access to protect sensitive data. For example, ensuring that specific users can access only certain columns of a table pertinent to their department.

C. column-level security

Data masking in this case can not be inferred as it simply hides the characters with XXX-es. There is no hashing logic or something involved. Therefore you can't infer the original value. Therefore the given answer is correct

Given answer is wrong. Data Masking allows information to be inferred. Row level security acts as a filter at the row level so not preventing information within a column from being viewed. That leaves Always Encrypted and Column Level Encryption. Even column level encryption data can be inferred through the use of divide by zero errors, but, as noted by rahul_t, we cannot use Always Encrypted on Synapse at this time so by process of elimination correct answer is Column Level Encryption.