During a routine audit an analyst discovers that a departmen - CompTIA Security+ SY0-701
Question
During a routine audit, an analyst discovers that a department at a high school uses a simulation program that was not property vetted before deployment. Which of the following threats is this an example of?
Answers
-
-
-
correct
-
Explanation
The correct answer is: C. Shadow IT.
Shadow IT occurs when employees or departments use hardware, software, or services without approval from the IT or security team. In this case, the high school department deployed a simulation program without proper vetting. This creates risks such as lack of security controls, unpatched vulnerabilities, and potential noncompliance. Shadow IT often bypasses established governance, leading to increased exposure to cyber threats, even if the program is used with good intentions.
Why Other Options are Incorrect:
-
A. Espionage
Incorrect because espionage involves malicious actors stealing sensitive or confidential information for competitive, political, or strategic advantage. Installing an unauthorized program internally does not indicate external spying or covert information gathering. -
B. Data exfiltration
Incorrect because data exfiltration refers to unauthorized transfer of data outside the organization, often carried out by attackers. The scenario involves unauthorized software use, not the theft or extraction of sensitive data. -
D. Zero-day
Incorrect because a zero-day refers to exploiting an unknown software vulnerability before developers release a fix. The threat here is unauthorized deployment, not the exploitation of undiscovered flaws in a program.
No Payment Cards Needed
