EC-Council CTIA Module 4.2 Practice Test 002

By /

This practice test covers Module 4 (Data Collection and Processing) Sub-module 2 (Threat Intelligence Collection Management).

These questions are inspired by the EC-Council CTIA exam and are designed to help you test your knowledge of cyber threat intelligence, threats and frameworks, and other related topics. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CTIA exam.

Note: CTIA is a registered trademark of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CTIA practice tests based on specific modules and sub-modules, click that link

EC-Council CTIA Module 4.2 Practice Test 002
10 questions • Single best answer
Question 1
A cyber threat intelligence program manager at a regional hospital network maps which sources satisfy each requirement. She wants a structured method to track coverage, gaps, and source performance over time. Which tool best supports this effort?
    Question 2
    A threat intelligence team at a cloud service provider is launching a new program. Before gathering any data, the lead wants a document defining what to collect, from where, and how often. What should they create first?
      Question 3
      An intelligence lead at a federal agency must decide which data to gather first. Limited analysts mean collection must align to the questions leadership most needs answered. What primarily guides this prioritization?
        Question 4
        A CTI analyst at a manufacturing firm reviews the collection framework. She finds a requirement with no source mapped to satisfy it. What does this finding indicate?
          Question 5
          An analyst at an MSSP imports threat data arriving as free-form incident write-ups and blog posts. The content lacks a predefined schema or fields. How is this data best categorized?
            Question 6
            A threat hunting team at a bank collects indicators from its own SIEM logs, firewall events, and endpoint telemetry. These all originate from within the organization. What type of source is this?
              Question 7
              A CTI analyst gathers adversary information by directly interacting with a threat actor's infrastructure, accepting some risk of detection. This contrasts with quietly observing public records. Which collection method is being used?
                Question 8
                Before adding a new external feed, an analyst at a healthcare provider assesses its accuracy, timeliness, and track record. This step prevents low-quality data from polluting the program. What is the analyst performing?
                  Question 9
                  A program manager at a critical infrastructure operator translates broad intelligence requirements into specific, actionable items naming the exact data to acquire. These narrower items direct day-to-day gathering. What are these called?
                    Question 10
                    A CTI lead at an MSSP periodically measures whether mapped sources still satisfy requirements and retires underperforming ones. This ongoing activity keeps the program effective. What does this best represent?
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top