EC-Council CTIA Module 1.1 Practice Test 001

By /

This practice test covers Module 1 (Introduction to Threat Intelligence) Sub-module 1 (Intelligence).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 1.1 Practice Test 001
10 questions • Single best answer
Question 1
A new analyst at a federal cyber agency asks her mentor to define the discipline they practice. The mentor explains it is not merely collected facts but knowledge produced through evaluation and interpretation. Which term best fits this description?
    Question 2
    A bank's board requests insight on long-term adversary trends, geopolitical risks, and industry-wide shifts to guide multi-year security investment. The CTI lead prepares a high-level, non-technical briefing. Which type of intelligence does this represent?
      Question 3
      A SOC analyst at an MSSP needs immediate, actionable details about adversary tools, techniques, and procedures to tune detection rules. The output is consumed mostly by defenders during daily operations. Which type of intelligence is this?
        Question 4
        A threat intelligence analyst studies an imminent campaign targeting the energy sector, focusing on the attacker's intent, timing, and likely methods for one specific operation. The output guides resource allocation for an anticipated attack. Which intelligence type applies?
          Question 5
          A CTI program manager explains to interns that a list of IP addresses straight from a sensor has no meaning until organized and given relevance. He asks which term describes those unprocessed, isolated facts. What is the answer?
            Question 6
            An incident response team complains that a vendor feed of hash values lacks context about who, why, and how. The CTI team agrees the product must be contextual and support decisions to be useful. What key quality are they describing?
              Question 7
              A detection engineer ingests a feed of malware hashes, malicious domains, and IP indicators to drive automated blocking. The feed is narrow, short-lived, and machine-consumable. Which category of threat intelligence does it best match?
                Question 8
                A healthcare provider hires its first dedicated cyber threat specialist. The hiring manager describes the core duty as turning collected threat data into meaningful, decision-ready outputs for stakeholders. Which responsibility best captures this function?
                  Question 9
                  A CISO contrasts the new CTI program with the firm's old model, which only reacted after alerts fired. She stresses the program's value in anticipating adversaries before they strike. What advantage of threat intelligence is she highlighting?
                    Question 10
                    An analyst describes how raw inputs move through collection, processing, and analysis before becoming a usable product delivered to stakeholders. This repeatable, structured workflow guides every CTI team. What is this process called?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top