Exam SY0-701 topic 1 question 309 discussion

B. Masking Masking is used to conceal sensitive information, such as credit card numbers, by replacing or hiding parts of the data. In the context of database log files, masking ensures that sensitive information is not exposed while maintaining the usability of the data for other purposes. Tokenization (A) replaces sensitive data with a token that can only be mapped back to the original data using a secure system, but it is not typically used for log file entries. Hashing (C) converts data into a fixed-length hash, but it's a one-way function, making it unsuitable if the original data needs to be retrieved. Obfuscation (D) refers to making data less understandable but is less structured and secure than masking for specific data like credit card numbers.

To conceal credit card information in a database log file, the most commonly used method is tokenization; where the actual card details are replaced with a random, meaningless "token" that can only be decrypted by the authorized system to retrieve the original information when needed.

From the Book: "Data masking partially redacts sensitive information by replacing some or all sensitive fields with blank characters. For example, we might replace all but the last four digits of a credit card number with Xs or *s to render the card number unreadable."

Its A, Tokenization replaces sensitive data, such as credit card numbers, with unique identification symbols (tokens) that retain all essential information without compromising security. These tokens can be stored in database logs instead of the actual credit card information, ensuring that sensitive data remains protected even if the logs are accessed.

B. Masking Masking involves altering the credit card information in such a way that it is not easily readable or identifiable while still retaining some format or structure for processing or display purposes. This is particularly useful for ensuring sensitive data is protected in log files or other records.