During a routine audit, an analyst discovers that a department uses software that was not vetted. Which threat is this?
Correct Answer: C
Shadow IT refers to software, hardware, cloud services, or applications deployed without approval from the IT or security department. In this scenario, a high school department is using an unvetted simulation program-classic Shadow IT behavior.
Security+ SY0-701 explains that Shadow IT:
* Introduces unknown vulnerabilities
* Bypasses security controls
* Creates compliance risks
* Leads to data exposure
* Interferes with standard configuration management
Espionage (A) involves intelligence gathering, not unauthorized software use. Data exfiltration (B) involves data theft, not unauthorized software deployment. Zero-day (D) refers to unknown vulnerabilities, not unapproved systems.
Thus, Shadow IT is the correct answer.