CompTIA CASP+ (CAS-004) — Question 325

A small bank is evaluating different methods to address and resolve the following requirements:

• Must be able to store credit card data using the smallest amount of data possible.
• Must be compliant with PCI DSS.
• Must maintain confidentiality if one piece of the layer is compromised.

Which of the following is the BEST solution for the bank?

Answer options

• A. Scrubbing
• B. Tokenization
• C. Masking
• D. Homomorphic encryption

Correct answer: B

Explanation

Tokenization is the best solution as it replaces sensitive credit card data with a unique identifier, minimizing data storage needs while ensuring PCI DSS compliance and maintaining confidentiality in case of a breach. Scrubbing, masking, and homomorphic encryption do not provide the same level of security and compliance for credit card data as tokenization does.