CDPSE · Question #17
When tokenizing credit card data, what security practice should be employed with the original data before it is stored in a data lake?
The correct answer is C. Encryption. Tokenization replaces sensitive data (e.g., a credit card number) with a non-sensitive token. However, the original sensitive data must still be stored somewhere so that the token can be reversed when needed - this is the token vault. Before storing that original data in a data l
Question
When tokenizing credit card data, what security practice should be employed with the original data before it is stored in a data lake?
Options
- AEncoding
- BBackup
- CEncryption
- DClassification
How the community answered
(32 responses)- A3% (1)
- B3% (1)
- C91% (29)
- D3% (1)
Explanation
Tokenization replaces sensitive data (e.g., a credit card number) with a non-sensitive token. However, the original sensitive data must still be stored somewhere so that the token can be reversed when needed - this is the token vault. Before storing that original data in a data lake or vault, it must be encrypted to protect it at rest from unauthorized access. Encoding (A) is a data format transformation, not a security control, and is reversible without a key. Backup (B) is a data resilience practice, not a protection mechanism. Classification (D) labels data by sensitivity but does not protect it. Only encryption provides the cryptographic protection required for sensitive stored data.
Topics
Community Discussion
No community discussion yet for this question.