SCS-C02 Domain 5: Data Protection

An audit found gaps: the organization must tokenize PAN data in applications. Which option addresses this? tokenize PAN data in applications.

Multiple choice — select one answer

Answer choices

  1. a. Amazon Macie
  2. b. SSE-KMS
  3. c. TLS 1.2+ on ALB/API and s3:// policies
  4. d. PCI patterns with encryption and minimal storage

Architectural breakdown & explanation

Follow PCI DSS for cardholder data.

Correct answer(s): d. PCI patterns with encryption and minimal storage

Exam domain: Domain 5: Data Protection (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the AWS Certified Security – Specialty bank. Run a full timed practice exam with domain-weighted random questions in your browser.