Which of the following data security controls would work BEST to prevent real PII from being used in an organization's test cloud environment?

A. Encryption
B. Data loss prevention
C. Data masking
D. Digital rights management
E. Access control