CompTIA Security+ (SY0-701) — Question 265

A systems administrator notices that the research and development department is not using the company VPN when accessing various company-related services and systems. Which of the following scenarios describes this activity?

Answer options

• A. Espionage
• B. Data exfiltration
• C. Nation-state attack
• D. Shadow IT

Correct answer: D

Explanation

The correct answer is D, as Shadow IT refers to the use of unauthorized applications or services, such as accessing company resources without the VPN. Options A, B, and C do not accurately describe this behavior, as they pertain to more malicious or state-sponsored activities rather than unauthorized use of company resources.