Which term describes unauthorized employee use of AI tools that risks data leakage into public models and compliance violations without IT governance?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Security Operations Exam with targeted practice questions. Enhance your understanding with detailed explanations and tips to successfully pass your exam!

Multiple Choice

Which term describes unauthorized employee use of AI tools that risks data leakage into public models and compliance violations without IT governance?

Explanation:
Unauthorized employee use of AI tools without IT governance creates a risk of data being sent to external public models and potential compliance violations. This is best described as Shadow AI—the AI-focused version of Shadow IT—where tools are used outside official controls, policies, and monitoring. When employees rely on these unsanctioned tools, sensitive data can be uploaded to third-party AI services, training data can be exposed, and regulatory obligations around privacy, retention, and data transfer can be breached. Static and dynamic analysis of vulnerabilities are security testing methods aimed at identifying flaws in software, not the governance gap created by unmanaged AI usage. Staging areas and data exfiltration describe data movement concepts rather than the specific phenomenon of unsanctioned AI tool use. The tools listed (forensics and analysis utilities) pertain to investigative techniques, not the governance risk at hand. Shadow AI captures the core idea of unauthorized, governance-free AI tool usage and its data and compliance implications.

Unauthorized employee use of AI tools without IT governance creates a risk of data being sent to external public models and potential compliance violations. This is best described as Shadow AI—the AI-focused version of Shadow IT—where tools are used outside official controls, policies, and monitoring. When employees rely on these unsanctioned tools, sensitive data can be uploaded to third-party AI services, training data can be exposed, and regulatory obligations around privacy, retention, and data transfer can be breached.

Static and dynamic analysis of vulnerabilities are security testing methods aimed at identifying flaws in software, not the governance gap created by unmanaged AI usage. Staging areas and data exfiltration describe data movement concepts rather than the specific phenomenon of unsanctioned AI tool use. The tools listed (forensics and analysis utilities) pertain to investigative techniques, not the governance risk at hand. Shadow AI captures the core idea of unauthorized, governance-free AI tool usage and its data and compliance implications.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy