EC-Council CTIA Module 4.5 Practice Test 002

By /

This practice test covers Module 4 (Data Collection and Processing) Sub-module 5 (Bulk Data Collection).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 4.5 Practice Test 002
10 questions • Single best answer
Question 1
An MSSP ingests massive volumes of raw network logs, malware samples, and feed records from hundreds of clients into one central repository. The team gathers everything available rather than targeting specific items of interest. Which collection approach does this describe?
    Question 2
    A financial services CTI team accumulates terabytes of feeds daily and struggles to store, index, and retrieve them efficiently. They adopt a discipline to organize and maintain this growing repository systematically. What does this practice represent?
      Question 3
      Analysts at a government agency cannot process every record in a multi-terabyte collection before their deadline. They decide to examine a representative subset to draw conclusions about the entire dataset. Which technique are they applying?
        Question 4
        A SOC merges IoC data arriving in CSV, STIX, and proprietary layouts into one consistent schema before analysis. Disparate field names and structures are converted into a common, uniform format. Which processing step is described?
          Question 5
          A cloud-based threat intelligence platform must cheaply retain enormous volumes of structured and unstructured raw data for later analysis. Engineers want a centralized repository that holds data in its native formats at scale. What is the best fit?
            Question 6
            A CTI team notices the same malicious IP appears thousands of times across merged bulk feeds, inflating the dataset. They apply a process to remove the redundant, identical records. What is this called?
              Question 7
              A critical infrastructure provider collects billions of events daily, far exceeding what analysts can ingest by hand. To keep pace, the program relies on scripts and tools to gather data without human intervention. What does this reflect?
                Question 8
                An enterprise SOC stores petabytes of historical threat data, but analysts wait minutes for queries to return. To speed retrieval, engineers build structures that map values to their storage locations. Which technique improves this?
                  Question 9
                  A threat hunting team ingests every available open-source feed in bulk and finds analysis slowed by overwhelming, low-quality entries. A senior analyst warns of a key drawback of indiscriminate gathering. What is the main concern?
                    Question 10
                    An analyst at a cloud provider collects firewall logs in fixed fields alongside free-form incident emails and PDF reports. The emails and reports lack any predefined data model. How is this latter category classified?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top