Exam CAS-004 topic 1 question 126 discussion

Masking is a technique for obscuring sensitive data in a database by replacing it with fictitious data that has the same format and structure as the original data. Masking can be performed at the presentation layer, which means that it does not require any changes to the application itself. This makes it an efficient solution for protecting the production environment, as it can be easily implemented without disrupting the existing system. Tokenization is a technique for replacing sensitive data with a randomly generated value (a token) that has no intrinsic meaning and cannot be used to recreate the original data. Tokenization can be used to protect data at the presentation layer, but it typically requires changes to the application to store and retrieve the tokens.

A. Masking [x] efficient at protecting the production environment [ ] not require any change to the application [ ] act at the presentation layer B. Tokenization [x] efficient at protecting the production environment [x] not require any change to the application [x] act at the presentation layer C. Algorithmic [ ] efficient at protecting the production environment [x] not require any change to the application [x] act at the presentation layer D. Random substitution [x] efficient at protecting the production environment [ ] not require any change to the application [x] act at the presentation layer

B. Tokenization [x] efficient at protecting the production environment [x] not require any change to the application [x] act at the presentation layer

A. As both masking and tokenization seem to be close, tokenization does require a change to the application, specifically the database: "[Tokenization] normally creates surrogate value that can matched back to original string using database." and "this system looks up token value[s] in token [the] database and retrieve it." --https://www.geeksforgeeks.org/difference-between-tokenization-and-masking/

To meet the requirements of hiding data stored in databases while being efficient at protecting the production environment, not requiring any change to the application, and acting at the presentation layer, the company should consider using data masking. Data masking is a technique that involves replacing sensitive data with fictitious data that resembles the original data, but is not real. It can be used to protect the production environment from unauthorized access to sensitive data while not requiring any changes to the application. Data masking acts at the presentation layer, which is the layer of the application that is responsible for presenting data to users, by hiding sensitive data from view.