ExpertMedium1 markMultiple Choice
CPA · Question 07 · Area II: Security
A healthcare provider stores patient records in a data warehouse. To comply with HIPAA while allowing data analysts to study demographic trends, the organization replaces patient names with unique alphanumeric codes that can be mapped back to the original data only by the database administrator. This technique is known as:
A healthcare provider stores patient records in a data warehouse. To comply with HIPAA while allowing data analysts to study demographic trends, the organization replaces patient names with unique alphanumeric codes that can be mapped back to the original data only by the database administrator. This technique is known as:
Answer options:
A.
Encryption
B.
Tokenization
C.
Hashing
D.
Data Masking
How to approach this question
Distinguish between reversible replacement (Tokenization) and one-way scrambling (Hashing) or hiding (Masking).
Full Answer
B.Tokenization✓ Correct
B
Tokenization is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no extrinsic or exploitable meaning or value. The mapping is maintained in a secure token vault.
Common mistakes
Confusing Tokenization with Encryption (mathematical transformation) or Hashing (irreversible).
Practice the full CPA ISC Practice Exam 3
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...MediumQ02During a review of a client's cloud governance structure, an auditor notes that the client uses a...MediumQ03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...HardQ04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...HardQ05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium