EC-Council CTIA Module 5.6 Practice Test 003

This practice test covers Module 5 (Data Analysis) Sub-module 6 (Threat Intelligence Evaluation).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Practice Test of the Day 260630

10 questions • Single best answer

Question 1

An intelligence lead at a national power utility reviews a vendor feed before trusting it. He wants to judge how dependable the producing source has historically been. Which evaluation attribute is he assessing?

A. Timeliness of the data B. Source reliability C. Indicator volume D. Storage format

Question 2

A CTI team at a brokerage links a campaign to a known state-sponsored group using shared infrastructure, malware, and tradecraft. Leadership asks what this analytic conclusion is called. What is it?

A. Data normalization B. Indicator pivoting C. Feed deduplication D. Threat attribution

Question 3

A SOC supporting a hospital network notices a paid feed delivers indicators days after attacks have already spread. An analyst flags this gap during evaluation. Which quality dimension is failing?

A. Timeliness B. Source reliability C. Attribution accuracy D. Data confidentiality

Question 4

A CTI manager at an MSSP grades each incoming report on both how trustworthy the source is and how credible the information appears. She uses a two-part letter and number code. Which scale is she applying?

A. CVSS scoring B. Traffic Light Protocol C. Admiralty (NATO) source rating D. MoSCoW prioritization

Question 5

An analyst at a cloud provider finds two independent sources confirm the same malicious infrastructure. He raises his confidence in the finding. Which evaluation factor improved?

A. Data retention B. Corroboration C. Dissemination speed D. Report formatting

Question 6

A threat intelligence team wrongly blames a competitor after an adversary deliberately plants another group's tools and language. Leadership asks what undermined their conclusion. What is the risk called?

A. False flag operation B. Data sampling error C. Feed latency D. Alert fatigue

Question 7

A government CTI unit evaluates whether a finished report actually answers the priority questions decision-makers asked. An analyst names this dimension. Which quality is being judged?

A. Source reliability B. Timeliness C. Data volume D. Relevance

Question 8

During attribution, an analyst at a defense contractor weighs an actor's tools, infrastructure, and motives before naming a group. She wants to avoid overconfidence. Which practice best supports sound attribution?

A. Counting total indicators collected B. Choosing the fastest feed available C. Assigning confidence levels to conclusions D. Encrypting the final report

Question 9

A financial CTI team discards a feed that consistently lists expired domains and decommissioned IPs as active threats. An analyst names the failing attribute. Which quality dimension is poor?

A. Accuracy B. Confidentiality C. Dissemination D. Integration

Question 10

An intelligence director at a retail chain wants a repeatable way to score every incoming source so analysts judge inputs consistently. He asks what to establish. What should he implement?

A. A single trusted vendor mandate B. A standardized evaluation framework C. A larger indicator database D. A faster ticketing system

EC-Council CTIA Module 5.6 Practice Test 003

Related Posts

Leave a Comment Cancel Reply