ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

Your organization needs to copy its production customer database to a cloud-hosted QA environment so testers can exercise complex join operations that rely on primary-to-foreign-key relationships. Compliance rules forbid exposing real payment card numbers or national ID values, yet the data must retain valid formats and remain consistently linked across all tables. Which data-protection technique best meets both the security and referential-integrity requirements for this test environment?

Export only a small random sample of rows from each table and delete any sensitive columns.
Apply deterministic, format-preserving tokenization to every sensitive field before the data is loaded into QA.
Replace sensitive values with randomly generated data that is not correlated across different tables.
Use a reversible vault-based tokenization scheme so testers can request the clear text when needed.

Report Issue

Answer Description

Deterministic, format-preserving tokenization replaces each sensitive value with a unique, consistently repeatable surrogate that keeps the original data's length and character set. Because the same source value is always mapped to the same token, relationships between tables are preserved, enabling realistic joins and analytics. Unlike simple nulling or random masking, referential integrity is not broken, and unlike reversible vault-based tokenization, testers cannot recover the real data without access to the secure vault, limiting disclosure risk. Random record truncation removes needed data, and synthetic data generation does not leverage the actual relational structure of production records.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.