CompTIA Security+ (SY0-701) — Question 479

Which of the following is an example of a data protection strategy that uses tokenization?

Answer options

• A. Encrypting databases containing sensitive data
• B. Replacing sensitive data with surrogate values
• C. Removing sensitive data from production systems
• D. Hashing sensitive data in critical systems

Correct answer: B

Explanation

The correct answer is B, as tokenization specifically involves substituting sensitive data with non-sensitive equivalents, known as tokens. Options A, C, and D describe different data protection methods such as encryption, data removal, and hashing, which do not involve the use of tokens.