EC-Council CTIA Module 4.3 Practice Test 003

This practice test covers Module 4 (Data Collection and Processing) Sub-module 3 (Threat Intelligence Feeds and Sources).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Practice Test of the Day 260629

10 questions • Single best answer

Question 1

A SOC analyst at a healthcare provider subscribes to a vendor service that continuously delivers machine-readable malicious IPs and domains. The stream updates automatically and integrates with the SIEM. What is this source called?

A. A threat intelligence platform B. A threat intelligence feed C. A runbook D. A honeypot

Question 2

An MSSP collects intelligence from publicly available sources such as social media, news, forums, and search engines at no cost. The team wants to label this category accurately for clients. Which term applies?

A. Commercial intelligence B. Internal telemetry C. Human intelligence D. Open-source intelligence

Question 3

A financial-sector CTI lead joins a trusted member organization where banks exchange sector-specific threat data with peers. The group focuses on one industry's shared risks. What type of sharing body is this?

A. An ISAC B. A managed SOC C. A bug bounty program D. A certificate authority

Question 4

A threat analyst notices a free feed frequently flags benign corporate IPs as malicious, triggering wasted investigations. Leadership asks which feed quality dimension is failing. Which one is it?

A. Timeliness B. Coverage breadth C. Accuracy D. Data volume

Question 5

A government agency wants to ingest feeds using a standardized transport protocol designed specifically to exchange cyber threat information automatically between systems. The architect must name the protocol. Which should be selected?

A. SMTP B. TAXII C. SNMP D. RDP

Question 6

A retailer's CTI team pulls indicators from its own firewall logs, endpoint alerts, and prior incident records. They want to classify where this data originates. What is this source type?

A. Internal sources B. Commercial feeds C. Government advisories D. Dark web forums

Question 7

A CTI manager is comparing paid vendor subscriptions against free community lists. Leadership asks the primary advantage typically gained from purchasing a reputable commercial feed. What is the main benefit?

A. Guaranteed zero false positives B. Complete anonymity for analysts C. Elimination of all internal logging D. Curated, vetted, and timely intelligence

Question 8

An analyst must select a structured language to represent threat indicators, relationships, and adversary behaviors in a consistent, shareable format. The choice must be a standardized representation language. Which is appropriate?

A. JSON Web Token B. YAML config C. STIX D. CSV export

Question 9

A threat intelligence analyst evaluates a new feed and asks whether its indicators are actually applicable to the organization's industry, technology stack, and geography. Which feed selection criterion is being assessed?

A. Relevance B. Latency C. Pricing model D. File format

Question 10

A critical-infrastructure operator receives intelligence directly from a national CERT and federal cybersecurity agency advisories. The analyst categorizes the originator of this intelligence. Which source type is this?

A. Peer-to-peer chat leak B. Government source C. Vendor marketing blog D. Internal SIEM alert

EC-Council CTIA Module 4.3 Practice Test 003

Related Posts

Leave a Comment Cancel Reply