CompTIA CASP+ (CAS-004) — Question 243

A company processes sensitive cardholder information that is stored in an internal production database and accessed by internet-facing web servers. The company's Chief Information Security Officer (CISO) is concerned with the risks related to sensitive data exposure and wants to implement tokenization of sensitive information at the record level. The company implements a one-to-many mapping of primary credit card numbers to temporary credit card numbers.

Which of the following should the CISO consider in a tokenization system?

Answer options

• A. Data field watermarking
• B. Field tagging
• C. Single-use translation
• D. Salted hashing

Correct answer: C

Explanation

The correct answer is C, as single-use translation ensures that each token generated for a credit card number is unique and cannot be reused, thus enhancing security. Options A and B do not provide the necessary security mechanisms for sensitive data, while option D, salted hashing, is not applicable in a tokenization context where reversible transformation is required.