EC-Council CTIA Module 1.1 Practice Test 002

By /

This practice test covers Module 1 (Introduction to Threat Intelligence) Sub-module 1 (Intelligence).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 1.1 Practice Test 002
10 questions • Single best answer
Question 1
A SOC analyst at a regional hospital network reviews thousands of raw firewall logs and IP addresses. Her lead notes these facts alone hold little decision value until refined and given context. What does the refined, actionable output best represent?
    Question 2
    At an MSSP, a trainer explains how isolated facts become useful for decisions. He describes processed, correlated facts that gain meaning but still lack analytic judgment. Which term fits this middle stage between raw facts and finished analysis?
      Question 3
      A threat intel team prepares a board briefing on long-term geopolitical risks and adversary trends affecting business strategy. The content avoids technical indicators entirely. Which level of intelligence does this briefing represent?
        Question 4
        A SOC supporting a retail chain studies how a known group conducts attacks, its tools, techniques, and procedures, to strengthen defenses. The focus is adversary behavior, not single indicators. Which intelligence level does this represent?
          Question 5
          An incident response team requests insight into a specific adversary's planned campaign, motivations, and likely attack methods against their sector. This intelligence informs how and when to prepare defenses. Which type of intelligence best matches this need?
            Question 6
            A threat analyst delivers a report that is accurate but arrives weeks after the relevant campaign ended. Stakeholders can no longer act on the findings. Which essential quality of useful intelligence was missing?
              Question 7
              During a vendor demo, a feed delivers millions of unvalidated IP addresses with no analysis or context. A manager wrongly labels this output 'intelligence.' What does the feed actually provide?
                Question 8
                A bank shifts from purely reactive alerting to using adversary knowledge that anticipates attacks before they occur. Leadership wants defenses driven by insight into threats. This proactive approach is best described as what?
                  Question 9
                  A new hire asks what a cyber threat analyst chiefly produces beyond collecting feeds. The mentor stresses converting raw inputs into evaluated, decision-ready products for stakeholders. Which task best captures this core responsibility?
                    Question 10
                    A detection engineer at a cloud provider consumes specific artifacts like malicious file hashes and C2 addresses to feed automated tools. These atomic, machine-readable items have very short lifespans. Which category of intelligence do they represent?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top