EC-Council CTIA Module 1.5 Practice Test 002

This practice test covers Module 1 (Introduction to Threat Intelligence) Sub-module 5 (Threat Intelligence in the Cloud Environment).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Practice Test of the Day 260530

10 questions • Single best answer

Question 1

A cloud security architect at a SaaS provider integrates threat intelligence into the shared-responsibility model. She must clarify which workloads her team secures versus the provider. Which layer is typically the customer's responsibility in an IaaS deployment?

A. Physical data center hardware B. Hypervisor patching C. Guest operating systems and applications D. Underlying network fabric

Question 2

A threat intelligence team supporting a financial firm's cloud migration wants early warning of credential abuse against its tenants. They correlate provider audit logs with external feeds on leaked secrets. Which cloud-native log source best reveals suspicious authentication activity?

A. Identity and access management activity logs B. Billing and cost-usage reports C. Storage bucket size metrics D. Autoscaling configuration history

Question 3

An analyst at a healthcare provider notices attackers increasingly target misconfigured cloud storage to exfiltrate records. Leadership asks how threat intelligence reduces this exposure. What is the primary value of CTI applied to cloud misconfigurations?

A. It replaces the need for cloud access controls B. It provides context on actor techniques targeting exposed assets C. It encrypts all data stored in the cloud D. It guarantees regulatory compliance automatically

Question 4

A SOC team supporting a multi-cloud enterprise struggles to unify alerts across providers using different log formats. They want intelligence that can be applied consistently regardless of platform. Which approach best enables provider-agnostic detection?

A. Relying solely on one provider's native console B. Normalizing logs and mapping activity to a common framework C. Disabling logging on secondary clouds to reduce noise D. Manually reviewing each provider dashboard separately

Question 5

A CTI program manager evaluates how cloud adoption changes the organization's attack surface. She briefs executives that traditional perimeter assumptions no longer hold. Which characteristic most defines the cloud threat landscape compared to on-premises environments?

A. A fixed, well-defined network perimeter B. Dynamic, ephemeral, and identity-centric resources C. Complete provider responsibility for all security D. Absence of external threat actors

Question 6

An incident response team asks the CTI function to enrich an alert about an unfamiliar API call originating from a compromised cloud workload. They need to understand adversary intent quickly. What does threat intelligence enrichment primarily add to this raw alert?

A. Additional storage capacity for the workload B. Context linking the activity to known actors and techniques C. Automatic deletion of the affected instance D. A reduction in the provider's service fees

Question 7

A threat hunter at a government agency leverages intelligence to search cloud telemetry for signs of lateral movement after initial access. The agency runs containerized workloads at scale. Which data source is most valuable for detecting east-west movement between containers?

A. Container and orchestration runtime logs B. Marketing analytics dashboards C. Provider marketplace listings D. Public DNS registration records

Question 8

An analyst normalizing cloud-derived indicators notices many short-lived IP addresses tied to ephemeral instances. Leadership questions whether these atomic indicators are durable. According to the Pyramid of Pain, why are such indicators of limited long-term value?

A. They are the hardest artifacts for adversaries to change B. They are trivial for adversaries to rotate and replace C. They represent adversary tools and techniques D. They cannot be collected in cloud environments

Question 9

A risk management team integrating cloud CTI wants intelligence that informs long-term provider selection and architecture decisions rather than daily alerts. They brief the board on emerging cloud-targeting campaigns. Which type of threat intelligence best serves this need?

A. Strategic threat intelligence B. Tactical threat intelligence C. Operational threat intelligence D. Technical indicator feeds

Question 10

A managed security provider deploys a platform to aggregate, correlate, and operationalize cloud threat feeds across many client tenants. The tool must enrich and distribute indicators automatically. Which solution category is purpose-built for this aggregation and management role?

A. A Threat Intelligence Platform B. A standalone antivirus agent C. A network load balancer D. A configuration management database

EC-Council CTIA Module 1.5 Practice Test 002

Related Posts

Leave a Comment Cancel Reply