Certified Cloud Security Professional (CCSP) — Question 215

Which data protection strategy would be useful for a situation where the ability to remove sensitive data from a set is needed, but a requirement to retain the ability to map back to the original values is also present?

Answer options

• A. Masking
• B. Tokenization
• C. Encryption
• D. Anonymization

Correct answer: B

Explanation

Tokenization is the correct choice because it replaces sensitive data with a token that can be mapped back to the original value when needed. Masking does not allow for mapping back to the original data, encryption protects data but does not remove it, and anonymization completely removes identifiable information, preventing any mapping back to the original values.