CompTIA CASP+ (CAS-004) — Question 382
A company would like to move its payment card data to a cloud provider. Which of the following solutions will best protect account numbers from unauthorized disclosure?
Answer options
- A. Storing the data in an encoded file
- B. Implementing database encryption at rest
- C. Only storing tokenized card data
- D. Implementing data field masking
Correct answer: C
Explanation
The correct answer is C, as tokenization replaces sensitive card data with non-sensitive equivalents, significantly reducing the risk of unauthorized access. While database encryption at rest (B) and data field masking (D) provide some level of security, they do not eliminate the exposure risk as effectively as tokenization. Storing data in an encoded file (A) may not provide sufficient protection against unauthorized disclosure.