EC-Council CTIA Module 3.5 Practice Test 001

This practice test covers Module 3 (Requirements, Planning, Direction, and Review) Sub-module 5 (Build a Threat Intelligence Team).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 3.5 Practice Test 001

10 questions • Single best answer

Question 1

A CISO at a mid-size logistics company must decide whether to build an in-house CTI team or engage a managed threat intelligence service. Before making this structural decision, which action should be completed first?

A. Benchmark the organization's intended team structure against logistics sector industry peers B. Assess organizational security maturity, available budget, and existing in-house capabilities C. Hire a CTI manager and delegate the build-versus-buy decision to them D. Launch a managed service engagement immediately to accelerate initial intelligence coverage

Question 2

A large healthcare provider's incident response team routinely encounters novel malware samples but lacks the skills to analyze them. Which specialized CTI team role should the organization hire to fill this technical gap?

A. Threat intelligence manager B. Collection manager C. Malware analyst D. OSINT analyst

Question 3

A CTI program manager at a federal contractor is building a hiring profile for a junior threat intelligence analyst. Which combination of competencies is most essential for this role?

A. Penetration testing, red team operations, and vulnerability exploitation techniques B. Analytical thinking, familiarity with threat frameworks, and written communication skills C. Network engineering, firewall management, and SIEM tuning D. Digital forensics, legal compliance, and software development

Question 4

An enterprise security director at a multinational bank is deciding whether to centralize all CTI analysts in one team or distribute them across regional SOC offices. Which factor most directly determines the optimal team structure?

A. The number of commercial threat intelligence feed subscriptions the bank currently holds B. The preferences of the incumbent threat intelligence manager C. The organization's geographic footprint, risk profile, and available resources D. The total number of OSINT tools deployed across the enterprise

Question 5

A threat intelligence manager at an energy utility must designate which team member will prepare quarterly briefings for the CISO and board. Which CTI role is most appropriate for translating tactical indicators into strategic intelligence products?

A. Malware analyst B. Collection manager C. Senior threat intelligence analyst D. Threat hunter

Question 6

A global retailer's CTI team needs a role that synthesizes intelligence from commercial feeds, dark web forums, OSINT, and internal incident data into a unified threat picture. Which CTI role is designed for this function?

A. Malware analyst B. All-source analyst C. Collection manager D. Incident responder

Question 7

A CTI manager at an MSSP wants to advance her team from reactive indicator-sharing to proactive, adversary-behavior-focused analysis. Which framework should she use to assess and guide this capability maturation?

A. The Threat Hunting Maturity Model (HMM) B. The MITRE ATT&CK Navigator C. The Threat Intelligence Maturity Model D. The Capability Maturity Model Integration (CMMI)

Question 8

A regional insurance company is considering outsourcing its CTI function rather than building an internal team. What is the primary advantage of the outsourced model for an organization with limited internal security resources?

A. Deeper integration of intelligence outputs with the organization's proprietary SIEM use cases B. Greater organizational control over Priority Intelligence Requirements C. Immediate access to experienced analysts and a broad, curated intelligence capability D. Lower long-term total cost of ownership compared to all internal CTI staffing

Question 9

During an active intrusion at a financial services firm, the IR team contacts CTI for context on attacker TTPs, malware families used, and infrastructure attribution. Which CTI team role is best positioned to support this request?

A. Threat intelligence manager B. Collection manager C. OSINT analyst D. Technical threat intelligence analyst

Question 10

A security director at a 600-person company is debating whether to create a dedicated CTI team or assign intelligence tasks as additional duties to existing SOC analysts. What is the primary operational risk of the additional-duties approach?

A. SOC analysts will lack the authorization to access threat intelligence platforms B. Threat intelligence production will be deprioritized when alert volumes and incident workloads increase C. The organization will generate too many raw indicators for analysts to process effectively D. Executive stakeholders will not receive intelligence reports without a dedicated briefing role

EC-Council CTIA Module 3.5 Practice Test 001

Related Posts

Leave a Comment Cancel Reply