EC-Council CTIA Module 4.4 Practice Test 003

This practice test covers Module 4 (Data Collection and Processing) Sub-module 4 (Threat Intelligence Data Collection and Acquisition).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Practice Test of the Day 260629

10 questions • Single best answer

Question 1

An analyst at a cloud-services firm queries WHOIS records, DNS data, and search engines to learn about a suspicious domain without touching the adversary's systems. Which collection approach does this describe?

A. Active collection B. Honeynet deployment C. Passive collection D. Brute-force acquisition

Question 2

A threat hunter directly probes an adversary-controlled server by sending crafted requests to gather banner and service details. This method interacts with the target system. What collection type is being used?

A. Active collection B. Strategic reporting C. Data normalization D. Passive collection

Question 3

A CTI team writes Python scripts that call vendor REST APIs to automatically pull and store indicators on a schedule. Leadership asks the main benefit this scripting provides. What is it?

A. Eliminating all false positives B. Replacing the need for analysts C. Guaranteeing attribution accuracy D. Scalable, automated, repeatable collection

Question 4

An analyst gathers intelligence by interacting with people, posing questions in closed forums, and building rapport with insiders to learn adversary plans. Which intelligence discipline is being applied?

A. Signals intelligence B. Human intelligence C. Imagery intelligence D. Measurement intelligence

Question 5

A government CTI unit deploys a decoy system designed to attract attackers and capture their tools, techniques, and indicators during interaction. What collection mechanism is this?

A. Honeypot B. Threat feed C. Firewall rule D. Data lake

Question 6

A retail SOC must decide what data to gather, from which sources, and how often, mapping each to specific intelligence requirements before acquisition begins. Which document guides this?

A. Incident report B. Service-level agreement C. Collection plan D. Disaster recovery plan

Question 7

An analyst reviews intercepted network communications and telemetry derived from electronic signals to support an investigation. Which intelligence source category does this represent?

A. Open-source intelligence B. Signals intelligence C. Human intelligence D. Financial intelligence

Question 8

A CTI team monitors criminal marketplaces and closed underground forums to acquire leaked credentials and attacker chatter. Investigators ask where this acquisition is taking place. Which environment is it?

A. Corporate intranet B. Public news outlet C. Vendor support portal D. Dark web

Question 9

An analyst is mapping out how aggressive collection from an adversary infrastructure could tip off the target or violate legal limits. Which consideration most directly governs these boundaries?

A. Report formatting style B. Dashboard color scheme C. Rules of engagement D. Feed pricing tier

Question 10

A bank's CTI team uses automated OSINT tools to harvest subdomains, email addresses, and exposed assets tied to its brand. This technique maps the organization's external exposure. What activity is this?

A. Footprinting B. Tabletop exercise C. Patch management D. Log rotation

EC-Council CTIA Module 4.4 Practice Test 003

Related Posts

Leave a Comment Cancel Reply