EC-Council CTIA Module 4.1 Practice Test 002

This practice test covers Module 4 (Data Collection and Processing) Sub-module 1 (Threat Intelligence Data Collection).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 4.1 Practice Test 002

10 questions • Single best answer

Question 1

An analyst at a managed security service provider gathers raw threat data from internal logs and external feeds prior to processing. This activity feeds the broader intelligence workflow. Which lifecycle phase does it represent?

A. Processing B. Dissemination C. Collection D. Analysis

Question 2

A threat hunting team retrieves data only from publicly available sources without directly interacting with the adversary's infrastructure. They specifically want to avoid alerting the target. Which method are they using?

A. Active collection B. Passive collection C. Operational reporting D. Bulk acquisition

Question 3

A CTI team deliberately probes an adversary's exposed servers and engages attacker infrastructure to gather data. This approach raises the risk of detection. Which method describes this technique?

A. Passive collection B. Strategic reporting C. Open-source enrichment D. Active collection

Question 4

An analyst gathers intelligence from social media, public DNS records, and news sites to profile a threat actor. No covert or human sources are involved. What type of source is this?

A. OSINT B. HUMINT C. SIGINT D. Internal telemetry

Question 5

A CTI program obtains insider details about an attacker group through a trusted human informant on an underground forum. The data comes from interpersonal contact rather than technical means. Which source type is this?

A. OSINT B. HUMINT C. Malware analysis D. IoC feeds

Question 6

A SOC ingests data from its own firewall logs, IDS alerts, and DNS records to support threat intelligence. These all originate entirely within the organization's own environment. What category of data source is this?

A. External sources B. Commercial feeds C. Internal sources D. Open-source feeds

Question 7

An analyst receives logs, pcap files, and free-text reports that have not yet been organized or correlated. The material remains entirely unprocessed. What is this called?

A. Finished intelligence B. Normalized data C. Tactical intelligence D. Raw data

Question 8

A collector poses as a help-desk employee and manipulates a target into revealing network details over the phone. The data is obtained by exploiting human trust. Which collection technique is this?

A. Social engineering B. Malware analysis C. DNS interrogation D. Bulk sampling

Question 9

A CTI team plants deceptive assets and monitors adversary activity to identify, deceive, and exploit attackers targeting the firm. The goal is to turn the adversary's efforts against them. What is this practice called?

A. Threat hunting B. Incident response C. Cyber counterintelligence D. Passive collection

Question 10

After aggregating IoCs from many feeds in differing formats, an analyst converts them into one consistent schema before analysis. This removes structural inconsistencies across sources. What is this process called?

A. Dissemination B. Data normalization C. Data sampling D. Enrichment

EC-Council CTIA Module 4.1 Practice Test 002

Related Posts

Leave a Comment Cancel Reply