CompTIA Security+ (SY0-601) — Question 721

A company is moving its retail website to a public cloud provider. The company wants to tokenize credit card data but not allow the cloud provider to see the stored credit card information. Which of the following would BEST meet these objectives?

Answer options

• A. WAF
• B. CASB
• C. VPN
• D. TLS

Correct answer: B

Explanation

The correct answer is B, CASB (Cloud Access Security Broker), as it provides visibility and control over data security in the cloud, enabling tokenization without exposing sensitive information to the cloud provider. The other options do not specifically address the requirement for tokenization and data visibility control; WAF is for web application security, VPN is for secure remote access, and TLS is for secure communication but does not handle data tokenization.