EC-Council CTIA Module 3.2 Practice Test 002

This practice test covers Module 3 (Planning, Direction, and Review) Sub-module 2 (Requirements Analysis).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 3.2 Practice Test 002

10 questions • Single best answer

Question 1

A threat intelligence analyst at a hospital network is helping leadership decide what the program should actually answer. Stakeholders disagree on priorities and timelines. What should be formally defined first to direct collection, analysis, and reporting toward stakeholder needs?

A. Threat intelligence requirements B. Indicators of compromise C. Threat feeds to subscribe to D. The SIEM correlation ruleset

Question 2

An MSSP analyst is prioritizing a long backlog of intelligence requirements from multiple clients. Resources are limited and not everything can be addressed at once. Which prioritization technique sorts requirements into must-have, should-have, could-have, and will-not-have categories?

A. MoSCoW method B. Diamond Model C. Cyber Kill Chain D. Pyramid of Pain

Question 3

A CTI program manager at a retail bank is documenting which assets, business units, and threats the program will cover. Executives want clear boundaries to avoid overcommitment. What is being defined when these inclusions and exclusions are formalized?

A. Scope of the threat intelligence program B. The dissemination plan C. The collection feed list D. The runbook library

Question 4

A threat intelligence team at a federal agency is preparing to gather data from external and internal sources. Legal counsel insists on documented constraints on what is permitted. Which artifact defines the authorized limits, conduct, and legal boundaries for these activities?

A. Rules of engagement B. Project charter C. Intelligence requirements D. Maturity model

Question 5

An analyst at a cloud services provider receives a vague request to "watch for ransomware threats." Leadership cannot act on the resulting reports. Which quality should a well-formed intelligence requirement have to make it actionable for collection and analysis?

A. Specific, measurable, and tied to a decision B. Broad enough to cover all possible threats C. Focused solely on indicator counts D. Defined only after collection finishes

Question 6

A CTI lead at a critical-infrastructure operator must decide which threats warrant program attention first. She maps adversaries against the systems whose loss would most harm operations. Which activity directly informs and validates the program's intelligence requirements?

A. Identifying critical threats to the organization B. Subscribing to commercial threat feeds C. Writing YARA detection rules D. Drafting the incident response runbook

Question 7

A SOC supporting an insurance firm gathers requirements from executives, IR responders, and vulnerability managers. Each group needs different detail and cadence. Why is mapping requirements to specific stakeholders essential during requirements analysis?

A. It ensures intelligence matches each consumer's decisions and format needs B. It eliminates the need for any prioritization C. It guarantees all feeds will be free D. It replaces the need for an analysis phase

Question 8

An intelligence analyst at a logistics company labels several requirements as "won't have this time" during planning. A junior colleague asks why effort is spent recording items the program will not pursue. What is the main benefit of explicitly capturing deprioritized requirements?

A. It sets clear expectations and documents conscious scope decisions B. It forces immediate collection on those items C. It increases the indicator confidence score D. It removes the need for rules of engagement

Question 9

A threat intelligence team at a telecom provider distinguishes between an executive asking about strategic risk trends and a SOC asking for malicious IPs. They classify each request by intended consumer and decision level. This classification of requirements primarily reflects which dimension?

A. The type of intelligence required, from strategic to tactical B. The vendor that will supply the feed C. The storage format of the data D. The severity of past incidents only

Question 10

A newly hired analyst at a fintech startup wants to begin pulling data before requirements are agreed upon. The CTI manager halts this to avoid wasted effort and irrelevant output. What is the primary risk of starting collection before requirements analysis is complete?

A. Collected data may not address stakeholder decisions and wastes resources B. Feeds become technically impossible to ingest C. The Diamond Model can no longer be applied D. Indicators automatically lose all confidence ratings

EC-Council CTIA Module 3.2 Practice Test 002

Related Posts

Leave a Comment Cancel Reply