Data Protection Strategies
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing CompTIA Security+ premium course — no separate purchase.
Included in this chapter:
- Data types and classification levels
- Data states and the methods that protect each
- Sovereignty, geolocation, and geographic restrictions
Protection method by data state and reversibility
| Method | Primary data state | Reversible? | Typical use on SY0-701 |
|---|---|---|---|
| Encryption | At rest & in transit | Yes (with key) | Default confidentiality control for stored and transmitted data |
| Tokenization | At rest | Yes (via vault lookup) | Replace cardholder/PII with tokens to cut PCI/audit scope |
| Hashing | At rest (verification) | No (one-way) | Integrity checks and storing password representations |
| Masking | In use / display | Usually no (presentation) | Show partial value (last four digits) to limit exposure |
| Obfuscation | In use / display | Varies | Hide or scramble data so it is not readily readable |
| Segmentation | All states | n/a (isolation) | Isolate sensitive data so one breach does not expose all |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.