ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
During design of a payment microservice, the architect needs to keep purchase logs searchable while removing card-holder data from the main data store to shrink PCI DSS scope. The team proposes swapping each PAN with a reversible surrogate stored in a secured vault. What practice are they applying?
Tokenization replaces each piece of sensitive data with a non-sensitive surrogate or "token" that has no exploitable meaning or value. The actual primary account numbers (PANs) are kept in a separate, highly protected token vault and are retrieved only when absolutely necessary. Format-preserving encryption still stores the cipher text alongside regular data, leaving the encrypted PAN in scope for PCI DSS. One-way hashing with a salt is irreversible, making it unsuitable when the original PAN must sometimes be recovered for settlement or refunds. Data masking simply redacts or obscures part of the value for display or storage but usually leaves the underlying PAN-or portions of it-in the same database, so it does not remove the record from PCI DSS scope.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is tokenization in the context of sensitive data protection?
Open an interactive chat with Bash
Why is format-preserving encryption not ideal for reducing PCI DSS scope?
Open an interactive chat with Bash
What is the role of a token vault in tokenization?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Implementation
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .