The use of a Key Management Service (KMS) with encryption capabilities is the correct choice because it not only provides strong encryption but also facilitates efficient key management, which is crucial when dealing with backups that may need to be restored at any given time. It automates the lifecycle of cryptographic keys, including creation, rotation, deletion, and control of access to keys. Whole disk encryption, while secure, does not typically offer the same level of key management needed for a cloud-based environment. Manual symmetric key management could be prone to human error and does not scale efficiently. Database field encryption only encrypts specific fields and may not cover the entire backup dataset as required.