EC-Council CTIA Module 4.4 Practice Test 002

By /

This practice test covers Module 4 (Data Collection and Processing) Sub-module 4 (Threat Intelligence Data Collection and Acquisition).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 4.4 Practice Test 002
10 questions • Single best answer
Question 1
A threat intelligence analyst at a healthcare provider queries a domain's name servers, mail records, and subdomains directly to map an adversary's infrastructure. This involves interacting with the target systems. Which collection method is described?
    Question 2
    An MSSP analyst collects adversary information solely from search engines, public archives, and cached pages, never contacting the target's systems. This avoids any direct interaction. Which collection approach is this?
      Question 3
      A CTI analyst inspects message headers, routing paths, and originating IP addresses from electronic mail sent by a suspected phishing operator. The aim is to profile the sender's infrastructure. This technique is known as what?
        Question 4
        A government CTI team plants deceptive data and monitors adversary attempts to access it, aiming to detect and mislead hostile collection efforts. This proactive discipline targets the opponent's own intelligence operations. What is it called?
          Question 5
          An analyst at a financial firm uses Maltego and theHarvester to gather emails, domains, and subdomains from public sources without manual effort. Doing this by hand would be far slower. What category of solutions is being used?
            Question 6
            A SOC team gathers indicators from its own firewall logs, endpoint detection alerts, and SIEM events generated within the enterprise. These all originate inside the organization's perimeter. What are these classified as?
              Question 7
              A CTI analyst enriches an investigation using indicators pulled from commercial feeds, ISAC bulletins, and vendor threat reports. These all originate outside the organization. What type of source provides them?
                Question 8
                An analyst automates retrieval of threat data from multiple feed APIs by writing custom code that parses and stores the responses. This avoids repetitive manual downloads. Which collection approach is being used?
                  Question 9
                  A threat intelligence analyst poses as a buyer on a criminal forum to elicit details about a ransomware crew's tooling directly from its members. The information comes from human interaction. Which collection source is this?
                    Question 10
                    An analyst studies a suspected malicious site's underlying technologies, directory structure, and embedded metadata to profile the operator's infrastructure. No login or exploitation occurs. This reconnaissance technique is called what?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top