EC-Council CTIA Module 1.2 Practice Test 001

This practice test covers Module 1 (Introduction to Threat Intelligence) Sub-module 2 (Cyber Threat Intelligence Concepts).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 1.2 Practice Test 001

10 questions • Single best answer

Question 1

A threat intelligence analyst at a telecommunications company evaluates whether incoming CTI feeds meet quality standards before distributing them to the security team. Her manager asks her to identify the defining quality attributes. Which set of attributes best characterizes high-quality, actionable threat intelligence?

A. Machine-readable, normalized, structured, and deduplicated B. Timely, relevant, accurate, and actionable C. Classified, government-verified, and encrypted in transit D. Open-source, geolocation-enriched, and threat-actor attributed

Question 2

A CTI analyst at a financial institution is building a collection plan and must categorize sources as internal or external before finalizing the plan. Which source is correctly classified as an internal threat intelligence source?

A. Threat advisories published by a government CERT organization B. Commercial threat intelligence feeds from a cybersecurity vendor C. Indicators and alerts generated by the organization's own SIEM and endpoint detection tools D. ISAC threat intelligence shared by peer organizations in the financial sector

Question 3

A detection engineer at a retail company receives a CTI report describing an adversary's use of spear phishing emails, living-off-the-land binaries, and credential dumping via Mimikatz. Which type of threat intelligence does this report primarily represent?

A. Technical intelligence B. Operational intelligence C. Tactical intelligence D. Strategic intelligence

Question 4

A CTI analyst at a hospital network filters out threat intelligence reports focused on ICS attacks targeting manufacturing environments. She explains that, while accurate, those reports don't apply to her organization's systems. Which quality attribute of threat intelligence is she prioritizing?

A. Timeliness B. Accuracy C. Relevance D. Completeness

Question 5

A CTI team at a managed security services provider produces a structured export of malicious IP addresses, domain names, and file hashes from an active threat campaign. Which tool or system is the most appropriate consumer for this type of CTI output?

A. An executive risk dashboard used by the CISO to brief the board on threat posture B. An intrusion prevention system or SIEM platform ingesting machine-readable threat indicators C. A risk management team conducting a third-party vendor security assessment D. A CTI program manager developing a long-term organizational threat intelligence strategy

Question 6

A CTI analyst at a regional insurance company receives a raw list of suspicious IP addresses. She enriches the data with geolocation, WHOIS records, threat actor attribution, and historical behavior before issuing an intelligence report. Which phase of the intelligence generation process does this enrichment activity represent?

A. Collection B. Dissemination C. Planning and direction D. Analysis and processing

Question 7

A CTI team supporting a pharmaceutical company receives a report that an APT group is actively targeting drug research firms using spear phishing, with the campaign expected to run for the next 60 days. The incident response team uses this to pre-position resources. Which type of intelligence does this report represent?

A. Strategic intelligence B. Technical intelligence C. Operational intelligence D. Tactical intelligence

Question 8

A CTI manager at an energy company is presenting the business value of the threat intelligence function to the board of directors. Which statement most accurately describes the primary objective of a cyber threat intelligence program?

A. To identify all zero-day vulnerabilities present in the organization's attack surface B. To automate incident report generation for regulatory compliance purposes C. To provide decision-makers with actionable intelligence about threats, enabling proactive and informed security decisions D. To manage and tune SIEM rules to minimize false positive alert rates

Question 9

During an internal CTI training session at a government agency, an instructor asks analysts to distinguish tactical intelligence from technical intelligence. Which statement correctly differentiates tactical intelligence from technical intelligence?

A. Tactical intelligence consists of machine-readable IOCs like IP addresses and file hashes used directly in automated defensive tools. B. Tactical intelligence describes adversary TTPs and informs detection strategy, while technical intelligence provides specific machine-readable indicators for direct integration into defensive tools. C. Tactical intelligence is long-term, high-level intelligence designed for executive briefings on adversary trends and motivations. D. Tactical and technical intelligence are interchangeable terms that both describe IOC-based threat feeds.

Question 10

A threat analyst at a cloud services company categorizes intelligence outputs by time horizon and intended consumer. She identifies one intelligence type that operates at the shortest time horizon and is consumed directly by security tools without requiring human translation. Which type of threat intelligence fits this description?

A. Strategic intelligence B. Operational intelligence C. Tactical intelligence D. Technical intelligence

EC-Council CTIA Module 1.2 Practice Test 001

Related Posts

Leave a Comment Cancel Reply