EC-Council CTIA Module 1.4 Practice Test 002

This practice test covers Module 1 (Introduction to Threat Intelligence) Sub-module 4 (Threat Intelligence Platforms (TIPs)).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 1.4 Practice Test 002

10 questions • Single best answer

Question 1

A telecom SOC struggles to manage feeds from dozens of sources in different formats. They deploy a dedicated solution to aggregate, normalize, and deduplicate all this intelligence centrally. Which solution did they adopt?

A. SIEM B. Threat intelligence platform C. Firewall D. IDS

Question 2

An analyst clarifies that one tool correlates internal security events for alerting, while another specializes in managing external threat intelligence feeds. Which tool manages the external feeds?

A. SIEM B. IDS C. SOAR D. Threat intelligence platform

Question 3

A manager confuses two systems. The one that ingests and correlates internal logs and events to generate security alerts is which tool?

A. SIEM B. TIP C. TAXII server D. YARA engine

Question 4

Incoming indicators arrive with little context. The platform automatically appends geolocation, related campaigns, and reputation scores to each one. Which TIP function is this?

A. Deduplication B. Dissemination C. Enrichment D. Collection

Question 5

A SOC wants matched indicators to automatically trigger blocking workflows in its orchestration tool. The platform integrates with which system to enable automated response?

A. DLP B. SOAR C. VPN D. CASB

Question 6

The same malicious IP appears across five feeds, cluttering the dataset. The platform collapses these into a single record. Which capability performed this?

A. Enrichment B. Encryption C. Sampling D. Deduplication

Question 7

A platform exchanges structured indicators with partner organizations using machine-readable, standardized formats. Which pair of standards commonly supports this sharing?

A. HTTP/FTP B. SMTP/IMAP C. STIX/TAXII D. SQL/ODBC

Question 8

Before the platform, analysts manually tracked feeds in spreadsheets, causing delays and errors. The new system centralizes and automates feed handling. What primary benefit results?

A. Centralized, automated management B. More manual effort C. Slower correlation D. Less context

Question 9

The platform links a newly received indicator to an ongoing internal incident by matching it against historical events. This linking of related data is which function?

A. Dissemination B. Correlation C. Sampling D. Tasking

Question 10

A mid-size firm needs to operationalize feeds, enrich them, and push them to detection tools with minimal staff. Which solution best fits this requirement?

A. A standalone antivirus B. A ticketing system C. A backup appliance D. A threat intelligence platform

EC-Council CTIA Module 1.4 Practice Test 002

Related Posts

Leave a Comment Cancel Reply