Exam CCSP topic 1 question 98 discussion

The CCSP Official Guide states: "The term obfuscation refers to the application of any of these techniques in order to make the data less meaningful, detailed, or readable in order to protect the data or the subject of the data." The guide indicates that obfuscation can be achieved either by masking or anonymizing. And masking has several techniques. From that explanation: obfuscation does not always mean replacing values (it can be anonymized the information, meaning, removing the information). And tokenization may be an option, but a more general answer is masking. That's why the most accurate answer is masking.

This is another case where the examiner decides what they want as the answer, all of the answers can be correct: Data masking or Obfuscation is a process of hiding, replacing, or omitting sensitive information e.g. PII, PHI, PCI Data Anonymization is a technique for information sanitization with an intent to protect privacy. Tokenization is substituting sensitive information with non-sensitive information

Masking involves replacing values within a specific data field to protect sensitive data while keeping it usable for testing or display. It ensures that sensitive data, such as credit card numbers or social security numbers, is hidden from unauthorized users. Anonymization (A) → Irreversibly removes personally identifiable information (PII) to prevent re-identification. Tokenization (C) → Replaces sensitive data with a non-sensitive equivalent (token) that can be mapped back to the original data through a secure token vault. Obfuscation (D) → Scrambles or alters data to make it difficult to understand but does not follow structured masking techniques.

Obfuscation involves intentionally making code or data more complex or unclear. While it can provide some protection, it’s not specifically designed for sensitive data.

While "D. Obfuscation" is also a technique used to protect sensitive data, it generally refers to making data unclear or difficult to understand through various methods, rather than specifically replacing values within a data field. Obfuscation can include techniques like encryption, scrambling, or using dummy data.

B. The answer is Masking. Data obfuscation is the blanket term for transforming data into a different form to protect it. There are three main types of data obfuscation: data masking, tokenization, and encryption. Data masking creates a substitute version of a dataset. The data values are changed, but the format remains the same. Remember we are looking for the BEST answer.

The correct answer is B (see AWS definition: https://aws.amazon.com/what-is/data-masking/)

Token the field

B. Masking

I think we have to stick to CCSP classification : Data security strategies : • Obfusaction ○ Data anonymization ○ Data masking - Substitution - Scrambling - Deletion or nulling •tokenization •homomorphic encryption • bit splitting In our case, "replacing value with specific data" correspond to "data masking with substitution" Answer B

I'm gonna say B because it says "within a specific data field" which makes masking the best answer.

Masking is the best answer. IN this cases you are suppose to provide the best answer. I agree though that they are similar concepts, but each one has its best definition.

Tokenization is the most appropriate answer as there are more than one ways to mask or obfuscate data that includes tokenization. However, tokenization is the process of substituting a sensitive data with a non-sensitive data (token).

Masking is same as Obfuscation. This is question is less accurate

answer is B masking the other three are specific types of masking

I mean why Obfuscation is not the answer? Obfuscation is the same as Masking, isn't it?

Why Masking or Obfuscation are not the answers?