Certificate of Cloud Auditing Knowledge (CCAK) — Question 222

From an auditor perspective, which of the following BEST describes shadow IT?

Answer options

• A. An opportunity to diversify the cloud control approach
• B. A weakness in the cloud compliance posture
• C. A strength of disaster recovery (DR) planning
• D. A risk that jeopardizes business continuity planning

Correct answer: B

Explanation

The correct answer, B, highlights that shadow IT represents a compliance risk because it involves the use of unauthorized applications and services that can lead to data security issues. Options A and C do not capture the compliance risk aspect, while option D, although related to risks, focuses on business continuity rather than compliance.