To access data in your establishment storage account, your client makes requests over HTTPS or HTTP. Every request to a secure resource must be authorized. 
Which of the following services would you use to ensure that the client has the required permission to access the data? (Choose the most suitable option)

Answer options:

A.Private Link
B.Azure AD
C.Key vault
D.RBAC
E.Encryption

Correct Answer: D 
The most suitable option is role-based access. 
Azure Storage supports role-based access control (RBAC) and Azure Active Directory for both resource management and data operations. To security principals, RBAC roles can be assigned that are scoped to the storage account. Active Directory(AD) should be used to authorize resource management operations like configuration. AD is supported for data operations on Queue and blob storage. 
To a security principal or a managed identity for Azure resources, you can use role-based access control (RBAC) roles that are scoped to a resource group, a subscription, a storage account, or an individual queue or container.
Option A is incorrect. Private Link is not the right choice.
Option B is incorrect. As clear from the explanation, Azure AD is not the best choice.
Option C is incorrect. RBAC should be used in the given scenario.
Option D is correct.To a security principal or a managed identity for Azure resources, you can use role-based access control (RBAC) roles that are scoped to a resource group, a subscription, a storage account, or an individual queue or container.
Option E is incorrect. Encryption is not the correct option as it is used for the protection of sensitive data/information.
Reference: 
To know more about role-based access control, please visit the below-given link: 

https://docs.microsoft.com/en-us/azure/role-based-access-control/overview