A company is moving its retail website to a public cloud provider. The company wants to tokenize credit card data but not allow the cloud provider to see the stored credit card information. Which of the following would BEST meet these objectives?
TLS is used to protect data in transit, not at rest.
VPN would provide a secure tunnel between 2 endpoints by encrypting data but this wouldn't prevent the cloud provider from viewing the credit card information once the data arrives at the destination point. Plus a VPN doesn't provide any sort of obfuscation or masking of sensitive data.
WAF is used to filter traffic, it has nothing to do with tokenization.
CASB (cloud access security broker) is the correct answer.
In the context of CASB, tokenization refers to a method of data protection used to safeguard sensitive information stored in cloud applications by generating tokens that replace the original data with meaningless data for the attacker. The tokens are then mapped to a lookup table for data retrieval.
A CASB can help the company tokenize credit card data before sending it to the cloud provider, and also prevent unauthorized access or leakage of the tokenized data.
B
Options A (WAF - Web Application Firewall), C (VPN - Virtual Private Network), and D (TLS - Transport Layer Security) are important security measures but are not specifically designed to tokenize or control access to credit card data in a cloud environment. CASB is a more appropriate choice for addressing the specific requirements mentioned in the scenario.
https://www.netskope.com/security-defined/what-is-casb
What are the Top Three Uses for CASBs?
Protect and prevent the loss of sensitive data across all of the cloud services in your environment, not just the ones you sanction. Take advantage of advanced, enterprise DLP to discover and protect sensitive data in sanctioned cloud services and en route to or from any cloud service, sanctioned or unsanctioned, whether users are on-premises or remote, on a mobile device or accessing from a web browser, or entering from a mobile app or sync client. Combat loss of data with encryption, tokenization, or upload prevention.
Just by process of elimination (knowing why incorrect answers are incorrect) A,C, & D deal with data in transit. So the obvious, lesser of all evils answer, is B.
You're overthinking it all. Keyword is WEBSITE = HTTPS = TLS
"A company is moving its retail website to a public cloud provider. The company wants to tokenize credit card data but not allow the cloud provider to see the stored credit card information."
D / TLS which is the S in HTTPS, prevents anyone from seeing data in the clear. The database with the information wouldn't be on the website, it would be tokenized and in the database for the company and retailers anyway.
You're overthinking it all.
TLS - Transport Layer Security; encryption - data in transit. Provides security in the transport layer.
sorry but you're wrong. Try thinking the way ComTIA thinks, not real world scenarios
Sounds like you're underthinking it actually and relying on keyword matching which will not get you anywhere. TLS will encrypt data in transit between a user's browser and the website. Once the credit card information leaves the TLS connection and is received by the website at the other end the information is no longer encrypted and if there's not an access control method in place such as a CASB then it would be unsecured.
A CASB is a security solution that sits between an organization's on-premises infrastructure and the cloud provider's infrastructure. It acts as a gatekeeper, providing security and visibility into cloud-based applications and services. CASBs can enforce security policies, monitor cloud usage, and provide data protection capabilities.
The specific capability that would meet the objective of tokenizing credit card data while keeping it secure from the cloud provider is called "Tokenization." Tokenization is a data security technique where sensitive data, such as credit card numbers, is replaced with randomly generated tokens. These tokens have no meaningful value and are useless to anyone who does not have access to the tokenization system's mapping table. The tokenization process occurs before the data is sent to the cloud provider, ensuring that the provider only deals with meaningless tokens and not the actual credit card data.
Can I just ask who comes up with the "official answers" for these questions? The difference between those and the opinion of majority of this communicty attacks 50%...
Why is everyone selecting CASB? The retailer is moving the data to the cloud and TLS would encrypt that data in transit. If the data was already in place, CASB seems appropriate.
B. CASB (Cloud Access Security Broker) would BEST meet the objectives of tokenizing credit card data and not allowing the cloud provider to see the stored credit card information. CASBs are security software that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure, providing security policies and controls for cloud-based resources.
By implementing a CASB, the company can tokenize credit card data before it is stored in the public cloud provider's environment. The CASB can encrypt the data before it is uploaded to the cloud, so the cloud provider cannot see the original data. The CASB can also enforce data loss prevention (DLP) policies, preventing unauthorized access to sensitive data, such as credit card information.
A. A WAF is used to secure web applications by monitoring and blocking malicious traffic. However, it does not offer a secure solution for storing sensitive data like credit card information.
B. A CASB is a security solution that sits between a cloud provider and an organization, providing security and visibility into cloud usage. However, it does not specifically address the requirement of tokenizing credit card data and not allowing the cloud provider to see the information.
C. A VPN provides a secure connection to the cloud provider, but it does not solve the issue of credit card data security.
D. TLS (Transport Layer Security) - TLS is a protocol used to encrypt network traffic and ensure that the data is secure during transmission. This solution is useful for ensuring the security of data in transit, but it does not provide a secure solution for storing sensitive information like credit card data.
The BEST solution to meet the objectives would be to use a combination of encryption and tokenization. Encryption can be used to encrypt the credit card data both in transit and at rest. Tokenization can be used to replace the actual credit card data with a unique token that represents the data, so the cloud provider will not have access to the actual credit card information.
I think people here miss the mark by a long shot. For tokenization you need to have the database where tokens are reffered to the actual CC information. While the retail store can be hosted on the cloud, the CC-Token database should not be on the cloud. I think the only reasonable solution that would provide confidentiality from the Client, trough the cloud and then to the company itself, where the check can be made is trough TLS.
TBH I'm not entirely sure, since this is a confusing question, but I do not believe CASB to be the correct answer.
The CC data, provided by the customer is absolutely NOT in rest. The data with CC info and its corresponding tokens is, but we are not being asked about that. The way that makes the cloud provider not able to read the CC information is trough encryption/tunnel which TLS provides.
In order to tokenize credit card data and not allow the cloud provider to see the stored credit card information, the company would need to handle the tokenization process on their own servers, before the data is sent to the cloud provider. This can be done by using a tokenization server or service that is located within the company's own network or infrastructure, and is not accessible to the cloud provider. The tokenized credit card data can then be securely transmitted to the cloud provider's servers via a secure protocol like TLS. This way, the cloud provider will only ever see the tokenized data and not the original credit card data.
CASBs have become a vital part of enterprise security, allowing businesses to safely use the cloud while protecting sensitive corporate data.
https://www.skyhighsecurity.com/en-us/cybersecurity-defined/what-is-a-casb.html
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
RonWonkers
Highly Voted 2 years, 9 months agovarun0
Highly Voted 2 years, 9 months agoAbdullahMohammad251
Most Recent 1 year, 1 month agojohnabayot
1 year, 5 months agodfc6822
1 year, 5 months agoImBleghk
1 year, 6 months agoJackwasblk
1 year, 7 months agoexamcrammer
1 year, 9 months agoRevolutionaryAct
1 year, 10 months agoSublime_Cheese
1 year, 9 months agodaddylonglegs
1 year, 8 months agoApplebeesWaiter1122
1 year, 11 months agoOtik
2 years agoEdindude
2 years agomosher21
2 years, 2 months agoassfedassfinished
2 years, 2 months agoLeDarius3762
1 year, 11 months agoNishkurup
2 years, 3 months agoronniehaang
2 years, 5 months agoronniehaang
2 years, 5 months agoRanaer
2 years, 5 months agoSandon
2 years, 5 months agoRanaer
2 years, 5 months agoCIL15
2 years, 5 months agoostralo
2 years, 8 months ago