You are configuring a new Azure SQL Database for a multi-tenant SaaS application. You need to ensure that each tenant can only access their own rows. Which THREE features can be used to achieve this?
RLS filters rows based on the user's context.
Why this answer
Row-Level Security (RLS) allows you to control access to rows in a database table based on the characteristics of the user executing a query. By creating a security policy with a predicate function that filters rows by tenant ID (e.g., using SESSION_CONTEXT or USER_NAME()), you can ensure each tenant only sees their own data without changing the application's query logic.
Exam trap
The trap here is that candidates often confuse data masking (which only hides column values) with row-level access control, or assume that encryption alone can enforce row filtering, when in fact RLS, application logic, or views with WHERE clauses are the correct mechanisms for multi-tenant row isolation.