CompTIA SecurityX (CAS-005) — Question 102

A company wants to modify its process to comply with privacy requirements after an incident involving PII data in a development environment. In order to perform functionality tests, the QA team still needs to use valid data in the specified format. Which of the following best addresses the risk without impacting the development life cycle?

Answer options

• A. Encrypting the data before moving Into the QA environment
• B. Truncating the data to make it not personally identifiable
• C. Using a large language model to generate synthetic data
• D. Utilizing tokenization for sensitive fields

Correct answer: D

Explanation

The correct answer is D because tokenization replaces sensitive data with non-sensitive equivalents, allowing the QA team to use valid data formats without exposing PII. Option A, while effective, may still pose risks if encryption keys are mishandled. Option B may not maintain the necessary data format, and option C does not ensure the generated data retains the required characteristics of the original data.