Which of the following solutions best meet these requirements?

CAS-005 0 Comments

A software development team requires valid data for internal tests. Company regulations, however do not allow the use of this data in cleartext .

Which of the following solutions best meet these requirements?
A . Configuring data hashing
B . Deploying tokenization
C . Replacing data with null record
D . Implementing data obfuscation

Answer: B

Explanation:

Tokenization replaces sensitive data elements with non-sensitive equivalents, called tokens, that can be used within the internal tests. The original data is stored securely and can be retrieved if necessary. This approach allows the software development team to work with data that appears realistic and valid without exposing the actual sensitive information.

Configuring data hashing (Option A) is not suitable for test data as it transforms the data into a fixed-length value that is not usable in the same way as the original data. Replacing data with null records (Option C) is not useful as it does not provide valid data for testing. Data obfuscation (Option D) could be an alternative but might not meet the regulatory requirements as effectively as tokenization.

References:

CompTIA Security+ Study Guide

NIST SP 800-57 Part 1 Rev. 5, "Recommendation for Key Management"

PCI DSS Tokenization Guidelines

Latest CAS-005 Dumps Valid Version with 117 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CAS-005 PDF     CAS-005 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments