EC-Council CTIA Module 5.1 Practice Test 003

This practice test covers Module 5 (Data Analysis) Sub-module 1 (Data Analysis).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Practice Test of the Day 260629

10 questions • Single best answer

Question 1

A threat intelligence analyst at a power utility transforms processed data into meaningful findings about adversary behavior and intent. Leadership asks what this lifecycle stage is named. What is it?

A. Collection B. Dissemination C. Analysis D. Direction

Question 2

An analyst examines numerical datasets, computing means, frequencies, and distributions to detect anomalies in login volumes. Leadership asks which form of analysis relies on these quantitative methods. What is it?

A. Statistical data analysis B. Qualitative interviewing C. Narrative reporting D. Brainstorming

Question 3

A CTI manager warns that analysts who only confirm their initial theory may miss the truth. Which cognitive pitfall is being described?

A. Data normalization B. Load balancing C. Defense in depth D. Confirmation bias

Question 4

An analyst must judge whether a piece of intelligence is trustworthy by weighing the credibility of its origin and the believability of its content. Which assessment is being performed?

A. Data sampling B. Source and information reliability evaluation C. Packet capture D. Disk imaging

Question 5

A SOC lead stresses that good analysis must answer the original intelligence requirements and support a decision. Leadership asks the ultimate purpose of the analysis stage. What is it?

A. To collect more raw data B. To encrypt stored logs C. To replace the SIEM D. To produce actionable intelligence

Question 6

An analyst categorizes non-numeric inputs such as adversary motivations, narratives, and expert judgment rather than measurable figures. Which type of analysis is this?

A. Qualitative analysis B. Quantitative analysis C. Regression analysis D. Numerical sampling

Question 7

A bank's CTI team builds a model estimating the probability that a campaign will target them, using historical frequencies and likelihood scores. Which analytic approach underpins this?

A. Narrative storytelling B. Color coding C. Probabilistic/statistical reasoning D. Manual screenshotting

Question 8

An analyst is reminded that raw indicators alone are not intelligence until context and meaning are added. Which transformation distinguishes the two?

A. Deleting the indicators B. Adding analysis and context C. Encrypting the indicators D. Renaming the data fields

Question 9

A government analyst structures findings so each conclusion is tied to supporting evidence and stated confidence levels. Leadership asks why expressing confidence matters in analysis. What is the reason?

A. It helps consumers weigh the findings B. It guarantees the conclusion is true C. It hides uncertainty from readers D. It replaces the need for evidence

Question 10

An MSSP analyst correlates events across multiple datasets to reveal relationships that single sources miss, such as one actor reusing infrastructure. Which analytic activity is this?

A. Data destruction B. Log rotation C. Port scanning D. Correlation analysis

EC-Council CTIA Module 5.1 Practice Test 003

Related Posts

Leave a Comment Cancel Reply