CompTIA Security+ (SY0-601) — Question 142

The database administration team is requesting guidance for a secure solution that will ensure confidentiality of cardholder data at rest only in certain fields in the database schema. The requirement is to substitute a sensitive data field with a non-sensitive field that is rendered useless if a data breach occurs. Which of the following is the BEST solution to meet the requirement?

Answer options

• A. Tokenization
• B. Masking
• C. Full disk encryption
• D. Mirroring

Correct answer: A

Explanation

Tokenization is the best solution as it replaces sensitive data with non-sensitive tokens that have no exploitable value, ensuring confidentiality. Masking alters the appearance of the data but does not eliminate the sensitive information, while full disk encryption protects data at a broader level and mirroring focuses on data redundancy rather than confidentiality.