EC-Council CTIA Module 6.1 Practice Test 001

This practice test covers Module 6 (Intelligence Reporting and Dissemination) Sub-module 1 (Threat Intelligence Reports).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 6.1 Practice Test 001

10 questions • Single best answer

Question 1

A CTI team produces a report detailing the TTPs, infrastructure, and campaign timeline of a specific APT group that has been targeting the energy sector over the past six months. This type of intelligence report is best described as what?

A. A strategic threat landscape report B. A threat actor profile report C. A vulnerability assessment report D. A raw data feed summary

Question 2

A CTI analyst produces a brief report summarizing a newly observed malware variant — including its delivery mechanism, C2 protocol, persistence techniques, and a set of detection rules. This report is most likely classified as which type of cyber threat intelligence report?

A. Strategic intelligence report B. Malware analysis report C. Executive risk briefing D. Collection plan document

Question 3

A CTI team produces a comprehensive annual report summarizing the major threat trends affecting the financial services sector over the previous year — including emerging attack vectors, dominant threat actor categories, and predicted shifts for the coming year. Which type of intelligence report is this?

A. Tactical IoC report B. Incident response summary C. Strategic threat landscape report D. Runbook documentation

Question 4

An intelligence analyst at an MSSP is producing a report for a client about an ongoing ransomware campaign. The report needs to be concise, clearly structured, and provide actionable defensive recommendations appropriate for the client's technical operations team. Which of these report writing principles is most critical for this audience?

A. Use complex technical jargon to demonstrate analytical depth B. Write in dense paragraphs with no headings or visual structure C. Tailor the report format, language, and recommendations to the technical audience's operational needs D. Include only raw indicators without contextual explanation

Question 5

A CTI team's intelligence report format includes sections for: (1) Executive Summary, (2) Key Findings, (3) Threat Actor Overview, (4) TTPs and Technical Analysis, (5) Indicators of Compromise, (6) Defensive Recommendations, and (7) Confidence and Source Assessment. Which section most directly enables a SOC analyst to implement immediate defensive actions?

A. Executive Summary B. Threat Actor Overview C. Indicators of Compromise and Defensive Recommendations D. Confidence and Source Assessment

Question 6

A CTI team uses a standardized report template for all intelligence products. A new analyst produces a report that significantly deviates from the template by adding several non-standard sections. Why is adherence to standardized report templates important in a CTI program?

A. Templates ensure reports are long enough to appear credible to management B. Standardized templates ensure consistency, comparability, and efficient consumer navigation across all reports C. Templates eliminate the need for analytical quality review D. Standardized reports are automatically classified at a higher security level

Question 7

An intelligence analyst is finalizing a report about a critical zero-day being actively exploited. She needs the report ready for the incident response team within two hours of the initial alert. This urgency reflects which key quality criterion for intelligence reports?

A. Comprehensiveness B. Timeliness C. Source diversity D. Visual formatting

Question 8

A CTI analyst writing a report about a nation-state espionage campaign includes a section explicitly stating: 'This assessment is based on two corroborating sources assessed as reliable; however, one key TTP indicator has not been independently confirmed. Overall confidence: Moderate.' Why is this disclosure important?

A. It protects the analyst from criticism if the assessment is wrong B. It enables intelligence consumers to calibrate decision-making based on the confidence and evidentiary basis of the assessment C. It signals that the report should be withheld until confidence reaches 100% D. It replaces the need for an Executive Summary

Question 9

A CTI analyst uses Markdown and a static site generator to produce intelligence reports that can be rendered in HTML for web-based distribution to internal consumers. What is the primary advantage of using structured markup languages for report writing?

A. Markdown automatically encrypts intelligence content B. Structured formats enable consistent formatting, version control, and multi-format rendering from a single source document C. Markdown reports cannot be plagiarized D. HTML rendering eliminates the need for classification markings

Question 10

A CTI team writes flash reports — brief, one-to-two-page intelligence notices distributed within hours of a significant new threat development. What is the primary purpose of flash reports compared to comprehensive analytical reports?

A. Flash reports provide in-depth, multi-chapter analysis of long-term threat trends B. Flash reports deliver rapid awareness of time-sensitive threat developments, enabling immediate situational awareness before full analysis is complete C. Flash reports are exclusively used for executive audiences and contain no technical details D. Flash reports replace comprehensive analytical reports in the intelligence program

EC-Council CTIA Module 6.1 Practice Test 001

Related Posts

Leave a Comment Cancel Reply