EC-Council CTIA Module 3.1 Practice Test 002

This practice test covers Module 3 (Planning, Direction, and Review) Sub-module 1 (Organization’s Current Threat Landscape).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 3.1 Practice Test 002

10 questions • Single best answer

Question 1

A CTI lead at an electric utility begins mapping the organization's threat landscape. Before tasking collection, she wants to anchor the effort on what matters most operationally. Which initial step best aligns the program with the systems whose compromise would cause the greatest harm?

A. Identify and prioritize the organization's critical assets B. Subscribe to several commercial threat feeds C. Deploy additional endpoint detection sensors D. Draft a dissemination schedule for finished reports

Question 2

A threat intelligence team at a bank is profiling adversaries likely to target its environment. They examine financially motivated groups, their typical tradecraft, and historical targeting of similar firms. What does building this adversary-focused picture primarily help the organization understand?

A. Which threat actors are most relevant and how they operate B. The exact patch level of every internal server C. The budget required for a new SIEM license D. The organization's quarterly revenue projections

Question 3

An analyst at a hospital network is assessing the organization's exposure. She enumerates internet-facing services, remote-access portals, and third-party connections that adversaries could exploit. What aspect of the current threat landscape is she primarily evaluating?

A. The organization's attack surface B. The organization's incident-response runbooks C. The organization's data-retention policy D. The organization's marketing channels

Question 4

A CTI program manager at a manufacturing firm must justify why certain systems receive intelligence priority. Leadership questions the resource allocation. Which rationale best supports concentrating efforts on a subset of systems within the threat landscape?

A. Resources are limited, so focus belongs on assets whose compromise causes the greatest business impact B. Every system should receive identical intelligence coverage regardless of value C. Priority should follow whichever system is newest D. Only systems mentioned in the latest news report deserve attention

Question 5

A government agency's intelligence cell reviews which industries and peer organizations are currently being attacked. They study sector-wide incident trends to anticipate threats to their own mission. What is the main benefit of analyzing the broader threat landscape this way?

A. Anticipating threats already striking similar organizations B. Eliminating the need to monitor internal logs C. Guaranteeing zero successful intrusions D. Replacing the organization's risk register entirely

Question 6

An MSSP analyst supporting a retailer compiles a list of threats that could affect the client. She distinguishes between generic internet noise and adversaries with motive and capability to target retail. What does narrowing the list to relevant threats most directly improve?

A. Relevance and efficiency of subsequent intelligence efforts B. The physical security of data-center doors C. The retailer's employee onboarding speed D. The number of vendors in the supply chain

Question 7

A cloud-services company is documenting its current threat landscape. Analysts catalog critical workloads, the data they hold, and the adversaries motivated to steal that data. Which pairing best represents the two pillars of this landscape characterization?

A. Critical assets and the threats relevant to them B. Marketing budget and social-media reach C. Office floor plan and parking capacity D. Help-desk ticket volume and email uptime

Question 8

An incident response team asks the CTI group why a recent intrusion went unanticipated. Review shows a critical third-party integration was never included in the landscape assessment. What gap does this most clearly illustrate?

A. Incomplete identification of the organization's exposure and critical dependencies B. Excessive spending on threat feeds C. Overly frequent executive briefings D. Too many detection rules in production

Question 9

A threat intelligence analyst at a critical-infrastructure operator is asked to keep the threat landscape useful over time. Adversaries, assets, and exposure all evolve. Which practice best ensures the landscape view remains accurate?

A. Periodically reassess assets, threats, and exposure as conditions change B. Lock the assessment after the first review and never revisit it C. Rely solely on a single vendor's annual report D. Delete the assessment once an incident is closed

Question 10

An intelligence lead briefing executives must connect the threat landscape to business decisions. The board cares about impact, not raw indicators. How should the landscape be framed to be most useful to leadership?

A. In terms of risk to critical business assets and operations B. As a raw dump of every observed IP address C. As a list of firewall configuration settings D. As an unfiltered export of malware hashes

EC-Council CTIA Module 3.1 Practice Test 002

Related Posts

Leave a Comment Cancel Reply