EC-Council CTIA Module 5.5 Practice Test 001

This practice test covers Module 5 (Data Analysis) Sub-module 5 (Fine-Tuning Threat Analysis).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 5.5 Practice Test 001

10 questions • Single best answer

Question 1

A CTI analyst receives a list of 500 IP indicators from a threat feed. Before feeding them into detection systems, she validates each against passive DNS data, VirusTotal, and internal log history. She then removes 320 indicators that lack corroboration. This process is an example of what?

A. Bulk data collection B. Validating and prioritizing threat indicators C. Intelligence dissemination D. Collection plan revision

Question 2

A CTI team receives 200 threat indicators daily from multiple feeds. They implement an automated scoring system that assigns a confidence score to each indicator based on source reliability, corroboration count, and age. High-scoring indicators are prioritized for detection. This practice is an example of what fine-tuning activity?

A. Data normalization B. Indicator prioritization through automated confidence scoring C. Threat actor attribution D. Strategic intelligence reporting

Question 3

An MSSP's CTI team notices that a threat feed consistently produces indicators with a 30% false positive rate in the organization's SIEM. The team lead decides to reduce the weight given to this feed's indicators in automated detection workflows. Which fine-tuning practice is being applied?

A. Source reliability-based indicator weighting B. Bulk data collection scaling C. Intelligence dissemination frequency adjustment D. Threat modeling methodology selection

Question 4

A CTI analyst uses a Python script to automatically cross-reference newly ingested IoCs against the organization's asset inventory. Indicators that match internal IP ranges or known-good infrastructure are flagged as likely false positives and excluded from detection rules. This automation supports which fine-tuning goal?

A. Automating threat analysis processes to reduce false positives and analyst workload B. Replacing all human analysts with automated systems C. Encrypting all threat indicators before sharing D. Generating strategic intelligence reports for executives

Question 5

A CTI analyst observes that analysts on her team frequently reach different conclusions from the same threat dataset due to varying interpretations. She implements standardized analysis templates and calibration sessions where analysts review the same data and compare findings. Which fine-tuning practice does this represent?

A. Reducing analytical inconsistency through standardization and peer calibration B. Replacing human analysis with machine learning algorithms C. Increasing the volume of collected threat data D. Outsourcing threat analysis to a third-party vendor

Question 6

A CTI team fine-tunes their analysis process by implementing an automated workflow that continuously checks newly produced threat indicators against an allow-list of known-good domains, IPs, and certificates. Indicators matching the allow-list are automatically suppressed. What analytical improvement does this achieve?

A. Improving recall by ensuring all malicious indicators are detected B. Improving precision by reducing false positive indicators that would generate noise in detection systems C. Expanding the attack surface visibility by including more external sources D. Increasing threat actor attribution confidence

Question 7

A CTI analyst identifies that many indicators in the team's TIP have not been seen in any internal telemetry, threat reports, or external feeds for over 180 days. She implements a policy to automatically archive or retire indicators exceeding this threshold. This fine-tuning practice addresses which analytical quality concern?

A. Indicator staleness reducing detection relevance and increasing false negative risk B. Insufficient volume of collected indicators C. Lack of executive briefing materials D. Absence of a threat modeling methodology

Question 8

A CTI team implements an automated threat intelligence pipeline where newly ingested indicators are automatically correlated against the MITRE ATT&CK matrix to tag each with the associated technique, tactic, and sub-technique. This automation serves which fine-tuning purpose?

A. It generates data retention schedules for each indicator B. It provides automatic TTP context that enriches raw indicators for faster, more accurate analysis C. It calculates the financial impact of each threat for the CFO D. It replaces the need for source reliability assessment

Question 9

A CTI analyst fine-tunes analysis by implementing a feedback loop where SOC analysts report back which intelligence-derived detection rules triggered successfully versus which generated false positives. The CTI team uses this feedback to refine indicator quality. What improvement cycle does this represent?

A. A threat collection feedback loop B. An intelligence-driven detection quality improvement cycle C. A security awareness training feedback mechanism D. A data retention policy enforcement loop

Question 10

A CTI program lead determines that her team produces too many tactical IoC reports with minimal context but lacks time to produce operational and strategic intelligence products. She implements analysis templates and automated enrichment to reduce time spent on routine IoC processing, freeing analysts for higher-order analysis. Which fine-tuning outcome does this achieve?

A. Reducing total data collection volume B. Shifting analyst focus from routine IoC processing to higher-value analytical work through automation C. Eliminating the need for threat intelligence feeds D. Increasing the number of threat intelligence reports shared with external partners

EC-Council CTIA Module 5.5 Practice Test 001

Related Posts

Leave a Comment Cancel Reply