ExpertHard1 markMultiple Choice
CPA · Question 52 · Area II: Security
A company uses 'Tokenization' to protect credit card numbers. How does this differ from Encryption?
A company uses 'Tokenization' to protect credit card numbers. How does this differ from Encryption?
Answer options:
A.
Tokenization uses a key to scramble data; Encryption does not.
B.
Tokenization is reversible using a mathematical algorithm; Encryption is not.
C.
Tokenization is only for passwords.
D.
Tokenization replaces sensitive data with a non-sensitive substitute (token) that has no mathematical relationship to the original data.
How to approach this question
Encryption = Math (can be reversed with key). Tokenization = Map (needs the lookup table). Hashing = One-way (cannot be reversed).
Full Answer
D.Tokenization replaces sensitive data with a non-sensitive substitute (token) that has no mathematical relationship to the original data.✓ Correct
Tokenization replaces data with a random string. Unlike encryption, which transforms data using an algorithm and key, tokenization relies on a database mapping. If the token is stolen, it cannot be reversed to reveal the original data without access to the secure token vault.
Common mistakes
Confusing Tokenization with Encryption.
Practice the full CPA ISC Practice Exam
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...HardQ02During a walkthrough of a client's change management process, the auditor notes that developers h...HardQ03A service organization provides a real-time transaction processing platform. The service level ag...HardQ04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...HardQ05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard