EC-Council CTIA Module 3.1 Practice Test 001

This practice test covers Module 3 (Requirements, Planning, Direction, and Review) Sub-module 1 (Organization’s Current Threat Landscape).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 3.1 Practice Test 001

10 questions • Single best answer

Question 1

A CTI program manager at a healthcare organization is initiating a new threat intelligence program. She wants to ensure the team focuses its limited resources on the most critical assets. Which activity should she prioritize first to align intelligence efforts with the organization's most valuable data and systems?

A. Deploy a threat intelligence platform to aggregate commercial and open-source feeds. B. Conduct an asset inventory to identify crown jewels and critical systems requiring protection. C. Subscribe to healthcare-sector ISAC feeds and ingest them into the SIEM. D. Map existing security controls to the MITRE ATT&CK framework for gap analysis.

Question 2

A threat intelligence analyst supporting a critical infrastructure operator is assessing the organization's threat landscape. He needs to prioritize which threat actors to monitor. Which factor should most directly guide threat actor prioritization for this organization?

A. The threat actor's global ranking based on frequency of public OSINT reporting. B. The volume of malware samples attributed to the actor in public malware repositories. C. The actor's known targeting of the organization's industry sector and geographic region. D. The actor's presence in government advisories regardless of sector relevance.

Question 3

A CISO at a financial services firm asks her CTI team to document the organization's current threat landscape. The team conducts a comprehensive review and presents findings to leadership. What is the primary output of a threat landscape assessment?

A. A prioritized list of CVEs affecting the organization's technology stack derived from recent vulnerability scans. B. A comprehensive view of threat actors, attack vectors, and vulnerabilities most relevant to the organization. C. A set of firewall rules and IDS signatures based on incidents observed in the past 90 days. D. A mapping of internal security controls to NIST CSF categories for compliance reporting.

Question 4

A SOC team at a logistics company is performing a threat landscape review before building intelligence requirements. Leadership wants to understand which threats pose the greatest business risk to operations. Which approach best supports identifying business-impactful threats in this context?

A. Reviewing vendor threat intelligence reports focused on global APT campaign activity. B. Pulling the top 10 CVEs from the NVD and mapping them to the organization's patching backlog. C. Aligning threat scenarios to the organization's critical business processes, assets, and operational dependencies. D. Conducting a red team exercise to simulate attacker techniques across the external perimeter.

Question 5

A threat intelligence analyst at a retail organization is categorizing threats relevant to the company. The organization handles large volumes of payment card data and customer PII. Which threat category should be ranked highest given this organizational profile?

A. Nation-state espionage actors targeting defense contractors and government supply chains. B. Ransomware groups targeting manufacturing operational technology environments. C. Financial cybercrime actors specializing in cardholder data theft and PII exfiltration. D. Hacktivists targeting media and entertainment organizations for reputational impact.

Question 6

A CTI team lead at a global bank is explaining to a new analyst why assessing the organization's current threat landscape must precede defining intelligence requirements. Which statement best describes this dependency?

A. It provides the legal and regulatory baseline needed to determine mandatory reporting obligations. B. It ensures the intelligence team selects and procures the right tooling before engaging business stakeholders. C. It establishes which threats are relevant to the organization so that intelligence requirements are focused and actionable rather than generic. D. It satisfies external audit requirements by demonstrating due diligence in the security governance program.

Question 7

An intelligence analyst at an energy utility is profiling adversaries as part of a threat landscape review. She identifies two APT groups with documented histories of targeting ICS/SCADA environments in the energy sector. What is the most intelligence-relevant reason to include sector-specific APT profiles in the threat landscape?

A. To fulfill compliance obligations under ICS security standards that mandate threat actor documentation. B. To identify plausible threat scenarios that reflect the organization's actual attack surface and operational risk. C. To build formal incident response runbooks mapped to each named threat actor's known techniques. D. To satisfy executive reporting demands for a list of named adversaries to include in board presentations.

Question 8

During an intelligence planning meeting, a network engineer argues that the organization's vulnerability scan results are sufficient to define its threat landscape. A CTI analyst pushes back. What is the most accurate reason the CTI analyst is correct?

A. Vulnerability scan data is classified and cannot be shared with intelligence teams without formal data sharing agreements. B. A threat landscape requires threat actor context, targeting intent, and TTPs — not just technical vulnerabilities in isolation. C. Vulnerability scanners do not produce machine-readable output compatible with threat intelligence platforms. D. Threat landscape assessments are reserved for government and defense organizations and do not apply to enterprise environments.

Question 9

A newly hired CTI analyst at a regional law firm is defining the scope of an initial threat landscape assessment. Senior leadership has identified insider threats and legal data exfiltration as their top concerns. Which principle should most directly guide the scope boundaries of this assessment?

A. The scope should mirror the full MITRE ATT&CK enterprise matrix to ensure comprehensive coverage of all techniques. B. The scope should be determined primarily by the intelligence team's current tooling and collection capabilities. C. The scope should align with the organization's critical assets, business risks, and priority concerns identified by stakeholders. D. The scope should default to the broadest possible threat categories to avoid missing any relevant adversarial activity.

Question 10

A CTI manager is preparing to brief executives on how the intelligence team builds its organizational threat landscape picture. She wants to explain which sources contribute most meaningfully. Which combination of inputs best supports a complete organizational threat landscape assessment?

A. Commercial vulnerability scanners and internal patch management logs. B. Threat intelligence platform vendor reports and executive risk dashboards. C. OSINT, information sharing communities, internal incident history, and sector-specific threat feeds. D. Dark web monitoring services and internal SOC alert queues exclusively.

EC-Council CTIA Module 3.1 Practice Test 001

Related Posts

Leave a Comment Cancel Reply