🛡️ Free practice test question from: Tokenization vs. Hashing (Security+)

Tokenization replaces sensitive data (like SSNs) with non-sensitive substitutes called tokens. Crucially, this process is reversible for authorized users who have access to the tokenization system. This allows the application to retrieve the original SSN when needed for billing.

A) Tokenization generates the same output for identical SSNs, preventing duplicates. This is incorrect. While a good tokenization system will be deterministic (the same input always produces the same token), the primary purpose is not duplicate prevention. Databases handle this separately with unique constraints.

B) Tokenization irreversibly transforms SSNs, ensuring they cannot be retrieved. This describes hashing, not tokenization. Hashing is one-way; you can't get the original data back from the hash. This is unsuitable for billing where the actual SSN is required.  

D) Tokenization uses a one-way function, enhancing data integrity without storage overhead. Again, this describes hashing. Tokenization requires storage of the token and a secure way to reverse the tokenization process (typically a secure token vault or database).