During a routine audit, an analyst discovers that a department at a high school uses a simulation program that was not properly vetted before deployment.
Which of the following threats is this an example of?
The use of an unapproved, unvetted simulation program is a classic case of Shadow IT, which Security+ SY0-701 defines as technology deployed without the knowledge, review, or authorization of the IT or security department. Shadow IT introduces significant risks, including vulnerabilities, noncompliance, unmonitored data flows, and potential software containing malware or insecure configurations.
In academic or departmental environments where staff independently download tools to support curriculum or instruction, Shadow IT becomes particularly common. This bypasses standard vetting processes such as software approval, patch evaluation, licensing verification, and security risk assessment.
Espionage (A) involves covert intelligence gathering by hostile actors. Data exfiltration (B) refers to unauthorized data theft. Zero-day (D) refers to unknown vulnerabilities exploited before patches exist. None of these fit the scenario.
Since the core issue is the deployment of an unauthorized application without IT oversight, the correct answer is C: Shadow IT.
Options Selected by Other Users:
Option A: (20 votes)
100%
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit