EC-Council CTIA Module 4.2 Practice Test 001

This practice test covers Module 4 (Data Collection and Processing) Sub-module 2 (Threat Intelligence Collection Management).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 4.2 Practice Test 001

10 questions • Single best answer

Question 1

A threat intelligence program manager at a global e-commerce company oversees multiple teams collecting from OSINT, technical feeds, and human sources. She notices significant overlap in what each team is gathering. Which collection management activity directly addresses this problem?

A. Collection gap analysis to identify unfulfilled intelligence requirements B. De-confliction of collection activities across teams C. Source vetting to remove low-quality or redundant feeds D. Intelligence requirements re-prioritization using MoSCoW

Question 2

A CTI team at an MSSP receives new intelligence requirements from three enterprise clients simultaneously. The collection manager must allocate limited analyst time and tool licenses across competing priorities. Which collection management concept governs this decision?

A. Collection gap analysis B. Collection tasking and prioritization C. Source normalization and structuring D. Bulk data management

Question 3

An analyst on a government intelligence team identifies that critical intelligence requirements from the previous quarter remain unfulfilled despite active collection activities being underway. What should the collection manager perform to identify and address this shortfall?

A. Data sampling to reduce the volume of low-value collected data B. Collection gap analysis to identify where current activities fail to meet requirements C. Source de-confliction to eliminate duplicate data streams D. Intelligence dissemination review to evaluate the quality of published reports

Question 4

A SOC team supporting a large healthcare provider has established Priority Intelligence Requirements focused on ransomware threats to medical devices. Which statement best defines PIRs in the context of collection management?

A. PIRs are top-level intelligence gaps identified after a completed collection cycle that guide the next planning period B. PIRs are the most critical information needs of the intelligence consumer that drive the prioritization of collection activities C. PIRs are formalized agreements between intelligence producers and consumers defining the scope and timing of reporting D. PIRs are specific technical indicators such as IP addresses and file hashes that collection tools are tasked to monitor

Question 5

A threat intelligence collection manager at a regional bank is formalizing how the team will gather data from open-source, technical, and human intelligence sources over the next quarter. Which document should she produce to govern these activities?

A. Threat intelligence sharing agreement B. Rules of engagement document C. Threat intelligence collection plan D. Intelligence maturity assessment report

Question 6

A CTI team lead at a critical infrastructure company reviews which collection sources have produced the most actionable intelligence over the past 90 days. The findings are used to reallocate collection resources for the next cycle. Which collection management function does this represent?

A. Source vetting and onboarding for new collection assets B. Collection asset performance evaluation C. Threat modeling and intelligence data alignment D. Data normalization and structuring

Question 7

An intelligence analyst working under a collection management framework receives a formal tasking to gather data specifically on a named threat actor targeting the energy sector. What does this tasking represent within the collection management process?

A. A Specific Intelligence Requirement (SIR) being fulfilled through directed collection B. A Priority Intelligence Requirement (PIR) being resolved through passive monitoring C. An ad hoc intelligence collection activity without formal authorization D. A bulk data collection operation designed to populate SIEM correlation rules

Question 8

A CTI collection manager discovers that two separate analyst teams are independently scraping the same threat actor forum, consuming duplicate analyst hours and licensed tool capacity. Which step in the collection management process is designed to prevent this?

A. Source normalization to standardize the data format produced by both teams B. Collection coordination and de-confliction C. Data sampling to reduce the volume of overlapping collected entries D. Bulk data deduplication applied during ingest processing

Question 9

During a quarterly review, a collection manager at a financial ISAC determines that current collection activities are not producing intelligence relevant to newly identified threats against cloud infrastructure. What is the most appropriate corrective action within collection management?

A. Immediately halt all existing collection and replace it with cloud-focused sources B. Update the collection plan to realign collection activities with the revised intelligence requirements C. Publish a dissemination gap report noting the shortfall without modifying the collection plan D. Transfer all cloud threat collection responsibilities to an external managed intelligence vendor

Question 10

A threat intelligence manager at a multinational logistics company is evaluating whether current collection activities adequately meet organizational intelligence requirements. Which combination of activities best represents an effective collection management review?

A. Reviewing SIEM log volumes, updating firewall rulesets, and renegotiating vendor SLAs B. Assessing collection gaps, evaluating source performance, and realigning tasking to priority requirements C. Conducting threat hunting exercises, running tabletop simulations, and reviewing incident response playbooks D. Normalizing data formats, applying STIX schemas to feeds, and validating IoC freshness

EC-Council CTIA Module 4.2 Practice Test 001

Related Posts

Leave a Comment Cancel Reply