Answer: sensitivity classifications

## Explanation To audit access to Personally Identifiable Information (PII) in Azure Synapse Analytics dedicated SQL pool, **sensitivity classifications** is the correct solution. ### Why Sensitivity Classifications (Option D) is Optimal: - **Built-in Auditing Capability**: Azure SQL Database and Azure Synapse Analytics include data discovery and classification features that automatically identify and classify sensitive data like PII. Once classified, the system logs access to this sensitive data in audit logs. - **Enhanced Audit Logs**: When sensitivity classifications are applied, Azure SQL auditing includes a specialized field called `data_sensitivity_information` in the audit logs. This field specifically records the sensitivity labels and classifications of data accessed by queries, providing clear visibility into PII access patterns. - **Comprehensive Monitoring**: This approach allows organizations to track who accessed PII data, when it was accessed, and what specific sensitive information was retrieved, enabling compliance with data protection regulations. ### Why Other Options Are Less Suitable: - **Column-Level Security (Option A)**: This controls access to specific columns but doesn't inherently provide auditing capabilities for monitoring access to PII data. - **Dynamic Data Masking (Option B)**: This feature masks sensitive data in query results but doesn't audit access. It prevents unauthorized viewing of PII rather than tracking who accesses it. - **Row-Level Security (RLS) (Option C)**: RLS restricts access to specific rows based on user attributes but doesn't provide built-in auditing functionality for monitoring PII access. Sensitivity classifications provide the most direct and comprehensive solution for auditing PII access by integrating classification metadata directly into the auditing framework.

Author: LeetQuiz Editorial Team