nerdexam
Isaca

CDPSE · Question #17

When tokenizing credit card data, what security practice should be employed with the original data before it is stored in a data lake?

The correct answer is C. Encryption. Tokenization replaces sensitive data (e.g., a credit card number) with a non-sensitive token. However, the original sensitive data must still be stored somewhere so that the token can be reversed when needed - this is the token vault. Before storing that original data in a data l

Data Life Cycle

Question

When tokenizing credit card data, what security practice should be employed with the original data before it is stored in a data lake?

Options

  • AEncoding
  • BBackup
  • CEncryption
  • DClassification

How the community answered

(32 responses)
  • A
    3% (1)
  • B
    3% (1)
  • C
    91% (29)
  • D
    3% (1)

Explanation

Tokenization replaces sensitive data (e.g., a credit card number) with a non-sensitive token. However, the original sensitive data must still be stored somewhere so that the token can be reversed when needed - this is the token vault. Before storing that original data in a data lake or vault, it must be encrypted to protect it at rest from unauthorized access. Encoding (A) is a data format transformation, not a security control, and is reversible without a key. Backup (B) is a data resilience practice, not a protection mechanism. Classification (D) labels data by sensitivity but does not protect it. Only encryption provides the cryptographic protection required for sensitive stored data.

Topics

#Data Security#Encryption#Sensitive Data#Data Storage

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice