EC-Council CTIA Module 6.6 Practice Test 002

This practice test covers Module 6 (Intelligence Reporting and Dissemination) Sub-module 6 (Threat Intelligence Sharing Platforms).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 6.6 Practice Test 002

10 questions • Single best answer

Question 1

A threat hunting team at a healthcare provider wants an open-source platform to store, correlate, and distribute indicators with trusted peers. They need built-in collaborative analysis and automated feed export. Which platform best fits this need?

A. STIX B. TAXII C. MISP D. YARA

Question 2

A SOC at a regional bank is integrating an automated feed and must select the application-layer protocol used to exchange structured intelligence over HTTPS. The team already uses STIX as its data model. Which protocol handles the transport and exchange?

A. TAXII B. STIX C. OpenIOC D. CybOX

Question 3

An analyst at an MSSP must represent adversary TTPs, observables, and their relationships in a standardized, machine-readable language for sharing with clients. The format must be structured and widely adopted across platforms. Which standard should the analyst use?

A. TAXII B. OpenIOC C. MAEC D. STIX

Question 4

A critical infrastructure operator wants to receive and exchange machine-speed threat data directly with a U.S. federal agency at no cost. The capability relies on STIX and TAXII for exchange. Which program provides this?

A. MISP B. Automated Indicator Sharing (AIS) C. OpenCTI D. VirusTotal

Question 5

A government CTI team needs an open-source platform to structure, store, and visualize knowledge using the STIX2 model, with a knowledge graph linking entities. They want analyst-driven relationship mapping. Which platform meets these requirements?

A. MISP B. TAXII C. OpenCTI D. Maltego

Question 6

A healthcare security leader wants to join a sector-specific community where members exchange intelligence relevant to their industry. The group is organized around a shared vertical and mutual trust. Which type of organization should they join?

A. ISAC B. CERT C. SOC D. MSSP

Question 7

A malware analyst at a cloud provider wants to share textual detection patterns describing families by strings and byte sequences. Peers will load these into scanners to identify matching samples. Which rule format should be shared?

A. Snort B. Sigma C. STIX D. YARA

Question 8

A CTI program manager evaluating commercial sharing platforms wants one that aggregates multiple feeds, deduplicates indicators, and supports collaboration across teams and partners. The budget allows a paid subscription. Which option fits?

A. MISP B. Anomali ThreatStream C. Wireshark D. Nessus

Question 9

An analyst configuring a TAXII 2.1 server must let consumers retrieve indicators on demand through a request-response model. A publish-subscribe stream is not needed here. Which TAXII resource supports this exchange?

A. Channel B. API Root C. Collection D. Discovery

Question 10

A CTI lead designs a sharing arrangement where one central organization collects intelligence from members and redistributes it back to all participants. Members do not exchange directly with each other. Which information sharing model is this?

A. Hub-and-spoke B. Peer-to-peer C. Source-subscriber D. Post-to-all

EC-Council CTIA Module 6.6 Practice Test 002

Related Posts

Leave a Comment Cancel Reply