EC-Council CTIA Module 3.2 Practice Test 001

This practice test covers Module 3 (Requirements, Planning, Direction, and Review) Sub-module 2 (Requirements Analysis).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 3.2 Practice Test 001

10 questions • Single best answer

Question 1

A threat intelligence analyst at a global logistics firm is partnering with the CISO and business unit leaders to determine what the CTI program must focus on first. They need a formal construct for documenting the organization's highest-priority intelligence needs. Which term best describes this construct?

A. Key Intelligence Questions (KIQs) B. Collection Management Framework (CMF) C. Priority Intelligence Requirements (PIRs) D. Intelligence Requirement Specifications (IRS)

Question 2

A CTI team lead is using the MoSCoW method to categorize requirements gathered from SOC and executive stakeholders. One requirement—tracking nation-state threat actors targeting the organization's sector—is considered non-negotiable for program success. Which MoSCoW category applies?

A. Should Have B. Must Have C. Could Have D. Won't Have

Question 3

An MSSP's CTI team is about to begin active intelligence collection on behalf of a financial services client. The team needs a documented framework defining acceptable collection methods, legal boundaries, and permissible targets. What CTI program element governs these boundaries?

A. Threat Intelligence Collection Plan B. Rules of Engagement (RoE) C. Data Management Policy D. Priority Intelligence Requirements (PIRs)

Question 4

A threat intelligence program manager at a regional bank is defining the scope of a newly approved CTI program. She needs a foundational document that formally establishes program boundaries, objectives, and stakeholders. Which document serves this purpose?

A. Threat Intelligence Strategy B. Project Charter C. Collection Management Framework D. Runbook

Question 5

A CTI analyst has documented what the executive team needs to know about ransomware groups targeting critical infrastructure. Her manager now asks her to specify which data sources and acquisition methods will satisfy those defined needs. What type of requirement is the manager requesting?

A. Priority Intelligence Requirements (PIRs) B. Collection Requirements C. Intelligence Gaps D. Key Intelligence Questions (KIQs)

Question 6

During a CTI program requirements workshop, a stakeholder requests real-time tracking of all dark web forums globally. The program manager determines this is technically infeasible within the current budget and outside the program's mandate. Which MoSCoW category should be assigned?

A. Could Have B. Should Have C. Won't Have D. Must Have

Question 7

A CTI team lead at an enterprise SOC is initiating the requirements analysis phase for a new intelligence program. She must ensure requirements reflect tactical, operational, and strategic intelligence needs. Which stakeholder groups should she engage?

A. Only the CISO and executive leadership, since they set organizational priorities. B. Only the SOC and incident response teams, since they are primary consumers of tactical intelligence. C. SOC, incident response, risk management, executive leadership, and business unit owners. D. External threat intelligence vendors and ISACs, since they define available intelligence.

Question 8

An intelligence analyst at a government contractor is translating the CISO's broad concern about supply chain attacks into specific, structured questions the CTI team can research and answer. Which term describes the structured questions she is producing?

A. Priority Intelligence Requirements (PIRs) B. Key Intelligence Questions (KIQs) C. Threat Intelligence Policies D. Collection Management Tasks

Question 9

A threat intelligence analyst at a financial institution notices that PIRs approved six months ago no longer reflect the organization's threat environment following a major acquisition. What is the appropriate course of action?

A. Continue using existing PIRs until the annual review cycle to maintain program consistency. B. Retire the PIRs and operate without formal requirements until a full program review is completed. C. Initiate a requirements review to update PIRs based on the changed organizational context. D. Replace PIRs with MITRE ATT&CK technique coverage as the new prioritization framework.

Question 10

A CTI team at a critical infrastructure company has defined PIRs around ICS-targeting threat actors but finds that existing data sources provide insufficient coverage to fully answer those requirements. What does this condition represent?

A. A collection failure requiring immediate escalation to the CISO B. An intelligence gap indicating unmet requirements that should drive new collection efforts C. A knowledge base deficiency requiring additional runbook development D. A scope violation indicating requirements exceed the program's mandate

EC-Council CTIA Module 3.2 Practice Test 001

Related Posts

Leave a Comment Cancel Reply