EC-Council CTIA Module 1.2 Practice Test 002

By /

This practice test covers Module 1 (Introduction to Threat Intelligence) Sub-module 2 (Cyber Threat Intelligence Concepts).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 1.2 Practice Test 002
10 questions • Single best answer
Question 1
An intelligence lead at an energy utility contrasts the new program with the firm's old defenses, which only reacted after breaches. She stresses anticipating adversaries instead. Which capability primarily separates this program from traditional security?
    Question 2
    A SOC drowning in alerts adopts intelligence to focus on threats most relevant to its sector and assets. Analysts now rank alerts by adversary context. What key benefit is gained here?
      Question 3
      A vendor sells a list of malicious domains and calls it complete intelligence. An analyst counters that without adversary context and analysis it remains something less. What is the vendor actually selling?
        Question 4
        A CISO needs material to justify the security budget and inform board-level risk decisions. The analyst selects the output aimed at executives and long-term planning. Which type should be delivered?
          Question 5
          An analyst receives conflicting reports and must convey how much trust to place in each finding. She applies a grading scheme to source reliability and credibility. Which practice is she using?
            Question 6
            A report tells defenders exactly which IPs to block and which detection rules to deploy. Stakeholders can immediately use it without further analysis. This describes intelligence that is primarily what?
              Question 7
              An MSSP tailors outputs so executives get trend reports while SOC operators get TTP-based detection content. Matching each product to its audience improves uptake. This alignment is guided by what?
                Question 8
                Leadership asks what intelligence adds beyond raw indicators. The analyst explains it reveals adversary motivation, capability, and likely targets. What does this added insight chiefly provide?
                  Question 9
                  A threat team provides defenders with the attacker's behavioral patterns and procedures to harden controls. This is distinct from feeds of atomic indicators. Which intelligence type are they delivering?
                    Question 10
                    A firm relying only on signatures keeps missing novel attacks with no known pattern. The team argues behavior- and intent-based insight closes this gap. What limitation of traditional defense does intelligence address?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top